Analysis
-
max time kernel
85s -
max time network
84s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
30/06/2024, 04:47
General
-
Target
https://github.com/Kade-github/FNFBot
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Kade-github/FNFBot"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Kade-github/FNFBot2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="464.0.1060217447\1752965135" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da185317-dd78-4536-a87f-ef62addf1e85} 464 "\\.\pipe\gecko-crash-server-pipe.464" 1848 17ee0014e58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="464.1.1497672865\1406309756" -parentBuildID 20230214051806 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4966046d-9bd0-46f3-8a2a-558d2ac3e60c} 464 "\\.\pipe\gecko-crash-server-pipe.464" 2392 17ed3289658 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="464.2.337832579\1083216960" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba04ebe6-b23b-4f1e-a350-fedfd5c6f263} 464 "\\.\pipe\gecko-crash-server-pipe.464" 2956 17ee2f50558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="464.3.995252873\1263678601" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a200bfc-ecc3-4374-9f4b-a877e2f83fd1} 464 "\\.\pipe\gecko-crash-server-pipe.464" 3628 17ee5f1c558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="464.4.1328723553\178593173" -childID 3 -isForBrowser -prefsHandle 5020 -prefMapHandle 5072 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9783f7a1-417a-4c7e-bf37-f01f867725f0} 464 "\\.\pipe\gecko-crash-server-pipe.464" 4728 17ee78c3558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="464.5.1388368777\345446361" -childID 4 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1628ef82-c40f-43f8-b30c-a383ddb2f717} 464 "\\.\pipe\gecko-crash-server-pipe.464" 5172 17ee6f0a258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="464.6.1995833376\1335953396" -childID 5 -isForBrowser -prefsHandle 5460 -prefMapHandle 5456 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a1aaf7f-a6de-480d-aeaf-4449a8c4daf2} 464 "\\.\pipe\gecko-crash-server-pipe.464" 5472 17ee6f0cf58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="464.7.1505211477\1507807561" -childID 6 -isForBrowser -prefsHandle 3772 -prefMapHandle 4812 -prefsLen 28034 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18fa34ed-8650-4158-89c9-474720c53aa6} 464 "\\.\pipe\gecko-crash-server-pipe.464" 4876 17ee0012a58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
26KB
MD5ec7f12f05f8c1344cdb344c32e48cfa4
SHA1da37a1da62feb108410401b3de644f8f40fd75aa
SHA2569e23c348b605e8e9ca46906bf9df5103bb165f2240f70c4a9230a98ff6cd1530
SHA5121e3474a97570c3001e3c3751378a50121d31b2f2d1d48b305ba6ca22c1271f915ea56b2e64a99bf3fcf4d1ffe2321cf44d5fd867a1accf75be7edf8b81ef721d
-
Filesize
7KB
MD5e40cd88056477b29eb0f34ba8186c0be
SHA10225a06e5bd7922b348f8078aa7ba1a271e91e47
SHA25668cb563d44b7e470e052c45738ab108461795cc888ba46c4f0a643039d53c01e
SHA5120b6555265ce8c1eaae6b7fff3c53b8bec1faa2c3323f75359711b9c6ca1851f044ce53e8d74da9b38c83cfdd024a35142c3abc466aeca73b4dd51486c09a446c
-
Filesize
7KB
MD5c8e9d977fb1db31eb9853a209a83cb56
SHA12123c6a655375061b15ee14b182f8407b31220a2
SHA2565ba3ddc05f1ea55398dee331ac8e258d33ecefea6cda8a5ae85d687560d058e4
SHA51210df8ce8458fcce996decd98d8f394f23dc40d8246d219de5758beb39ee5c43014ab747dac6508362d2d32cd93c2a3469b93ad8d3461da2e17c17f251838ceb8
-
Filesize
7KB
MD5a3442eb7b6d3ec4814dc9bcf781fa64c
SHA17969fa3315e8d54c4e63749f8af07b4829b852a1
SHA256cfc4053409831b34fec88cf0b0ef94085beba9ce01e6d1fa61454e7fd0b8a750
SHA512c0e43826f0e0f930228dc795f727e767bb03ab3aee417628d5384caa32b2c9a3566ee5693210d1d8b5fd6cf0421e0d92f0fe191622c27ad578dd34bf13932d46
-
Filesize
1017B
MD5e8581d76c1e58c051833bed9d3778e79
SHA14505ac0cae7ddf728b3578e3a9543b41bd996664
SHA256bd4c203d1505e7078622ee9765df7c68f4d80e0e7f46988ed8ba7a4398afbac5
SHA512f54c203c53e0f8279f59d30de43ec48bb9fea780ebcfaa81e57ac7b56a6eeeb32eac86cc0258f47781ffddcd95e939178834df722dfd838056bab0c99ec653c4
-
Filesize
1KB
MD5166d44ac9b6f84d33dbfb6674e1b0fa2
SHA128c0197eb4de4e83e4e09cf904d8d1981b30f252
SHA2560ecefca2be50cc2d0a9c3fd5541af826835bdfcdc07641e31586d850e3dc66aa
SHA512153a3886ccf08b7a8bb98244086542f70cad98b0259ecbc472bf519e649767716c758475148ca5e9d4d1f63d193ad801069f8717831b0adce1d8009f5f56f5e7
-
Filesize
1016B
MD5bcb97151e3a482c3140764ae90b9c77a
SHA12e679a518a368b5d936b8d9c8b7b1a46d62698f9
SHA2565fb3e616199667bafc5f6d4a7e93545bfbdae3ab655e2ea1de88caa01f10cdb5
SHA512b554850d83f9e41ac0500253a2042fc2ba604942338ac50b3a8230f6bc63c1efc7cab9d0ee558e57e1701bd28754a2937159c63beb653d3166b36951e8da9232
-
Filesize
1KB
MD503f3b8781edd77882f67d2ad88cb8fd6
SHA1f9e8b9f751bfe4a1b7cece1bbe140351052691c1
SHA256e954959919730084fa617d7ec67c6984e2f9f83320c241f4f4dfe16b852d4f8a
SHA512371dbba801e7d65213cc3e73342b54950378ba905af3a291c77cc84b17e7095b5811260e014eda0536739d829f050071b8c2197292d91423a89ba2ed818af370
-
Filesize
867B
MD5cbbe6aace8004e8f6c5ec5094c108a83
SHA18819614545fa21d49d23046a7b3d81d43088c4a9
SHA25606c1c90805bf2372214f28ed9f263ebc86842cf734a91308fe501f37204a9016
SHA51232b8758120561afd2b6bccfdb460cbd03fada900eab6ce59962d97969885f45bdad37e54965fd0e72e71069087066fe204b95f213d922bc3c9d38a94b8e936ad