Analysis
-
max time kernel
300s -
max time network
296s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
03/07/2024, 11:35
General
-
Target
https://cachev2-spbmiran-01.cdn.yandex.net/download.cdn.yandex.net/yandex-tag/weboffer/YandexPackLoader.exe?partner=452688&yabrowser=y&yaqsearch=y&yahomepage=y&vid=977&hash=7221a19c3f4f3f71f3fdf8cd89742680&lid=6&.exe
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://cachev2-spbmiran-01.cdn.yandex.net/download.cdn.yandex.net/yandex-tag/weboffer/YandexPackLoader.exe?partner=452688&yabrowser=y&yaqsearch=y&yahomepage=y&vid=977&hash=7221a19c3f4f3f71f3fdf8cd89742680&lid=6&.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://cachev2-spbmiran-01.cdn.yandex.net/download.cdn.yandex.net/yandex-tag/weboffer/YandexPackLoader.exe?partner=452688&yabrowser=y&yaqsearch=y&yahomepage=y&vid=977&hash=7221a19c3f4f3f71f3fdf8cd89742680&lid=6&.exe2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2016.0.802531912\1970222448" -parentBuildID 20221007134813 -prefsHandle 1248 -prefMapHandle 1240 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7e92581-34a3-402b-b23f-ab0ffff50255} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" 1312 ddf3558 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2016.1.2091053502\809862728" -parentBuildID 20221007134813 -prefsHandle 1500 -prefMapHandle 1496 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6947e34d-562f-4c57-8e47-38d0f3c17e8a} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" 1528 44e5958 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2016.2.1175375506\851843132" -childID 1 -isForBrowser -prefsHandle 2100 -prefMapHandle 2096 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 756 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbd79eb4-9c50-4b33-9eac-4d013c10d0f6} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" 2112 1a1b3058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2016.3.1017414338\1313488385" -childID 2 -isForBrowser -prefsHandle 2836 -prefMapHandle 2832 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 756 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6985838-205e-4091-9a94-20b937d9029d} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" 2848 1cdda458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2016.4.2141799000\787949043" -childID 3 -isForBrowser -prefsHandle 3676 -prefMapHandle 3648 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 756 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9afb581a-2929-44bf-a84e-b4e9a3f2cc54} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" 3696 16c9a158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2016.5.1814240905\721092658" -childID 4 -isForBrowser -prefsHandle 3804 -prefMapHandle 3808 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 756 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66f56585-1ba5-43ab-b54d-067c8a996666} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" 3792 1e84c458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2016.6.801500387\1551995921" -childID 5 -isForBrowser -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 756 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14a2695f-6850-472c-a08d-5631485ee601} 2016 "\\.\pipe\gecko-crash-server-pipe.2016" 3716 1e84d058 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
26KB
MD51a09bad30a058427d0548d6c0fafde58
SHA1db7355680787dafb1af95fa468e218ea59037a11
SHA2566b60a4820f9ce275a919a0c0e1a0ba092020100f747041f4197913b47e3fef7c
SHA512354b83dc448d752a98c4a7c71cfdef90ed4e7a8421e7f2adc8576069f224f6d53641f08bb5baa3eaf490faa28198f0ce2c65e9f0b51489fc9d12e70c7a94044b
-
Filesize
5KB
MD556e9b4bbd5b3d7f65bf2ccc1263c19b7
SHA170f4adef1036d6e81a93a7d0132808f43cfaa0b4
SHA25674dcbb421e8f523782dffa1150f51ad44b08e6febe555e216eda61f3fb7649d2
SHA51209bda81031a02e7c3e1504342ec289e25a2184df6f1d1c0afdc4a6e0ba1f756135b3ab40ea497c23652c6b81bc4b323e84f61a2e807e76ef511ac94afb1234f3
-
Filesize
204B
MD572c95709e1a3b27919e13d28bbe8e8a2
SHA100892decbee63d627057730bfc0c6a4f13099ee4
SHA2569cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182
-
Filesize
2KB
MD5a5f80c4ee8895bb0c773aec261e22ef1
SHA102e9d7d44015ac0e8bc170a58c90bfd437c789ea
SHA25685c7584dd03335430de922481422607d3b7ab389b30e3227710447a20e9ea70f
SHA51287aa48b74c6fc8fe227d941bdc5d8951855286ab098b3e17ff57331092e1a7b59e844b2376f224ec8178786673afe5de9ea8ec6acbd67e374ce038b404ae0e5f
-
Filesize
11KB
MD5154b63955446b5a2cd5d45024a05d9a4
SHA10b4019326f5d5e18ed59ef1be36dbb4346ba9fef
SHA2563f255b08e07522694d192128e9d8d49394d868c6ceb4c580c6077feb7b31fcc2
SHA512301264c87fd10d8ad4a34d14ba83de49810041f497d345a2ceda781126a0b488427a9d5409e4597c23390b78b795ba275ed2fd988ce5dd3e8e42447548021fb0
-
Filesize
745B
MD5b3993ae7a1defef97063c111f3e33d24
SHA1de2f6636f9c1cf33dd5d64d35a75299573f8a6ef
SHA256e650be62bebe6f49ffb5b1361c34070dc3b732140589c40f12c4762be0bcfa36
SHA512c33c0d6ffae78ae6cfcd41fa4aec6e36a3d198873294cd0dc4297ee77825b4ffbc458863fc3ecc835d518f883e3ada962bfd64ed4290df0a733672c457bf1b86
-
Filesize
7KB
MD53d743da46b8c2c58b455261fd45422fa
SHA1af7bcbd5e38462001acf996ddfc377b4f5e7ca59
SHA2564b9580c63999dc171c7d593591043cc3437ca48b06f7c5d0e6e38d91c6bb90bd
SHA512af3d68a94b0c53d1b566be4388cd98961250bd798d27a68d13d16a6e06a81bf2fe491a8f3f75fc96d98f7bd33909969680c067ee7288454099e25aeaa7318b18
-
Filesize
7KB
MD5038832fdc4ce7f3b498def3baa140aec
SHA162a170f142edd9d19fa79f914a316fa2c86528e2
SHA256b7ca89581a5c9f358c9130cd6a1d6fb00a850cbe99779c3f15ffad66515f6d20
SHA51237652e243f1564affec8e9cf7df01abac156b1ff2e03a7ab2d5ca575462d90bbfd054c95c54bb71f5e1eb1c298ada5dc29c4b68e54d557f4da46ba5618558fb6
-
Filesize
6KB
MD56cef3b1c5cb1b0655c95ae9c27c8c609
SHA155f6b4ba857333d239247db628b24a79874a2aca
SHA256c5eabddf782b0598c98e05d0296911498e0a840829f4c7a6d39ec3582075e1bd
SHA5123ad301aa867b9cf4b07a54f3cd5e7dc065d4352d8946e11064428887449f51da2f5c0c737c8c73083cf415de178db09812d2c114818d5e5ea0a9b8efcff5da1c
-
Filesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
Filesize
931B
MD513c912760720343c844332ebb3be3ed4
SHA1c058ac548794b85e30da92091bbbef51fa154b87
SHA256014dbc306d04f5ca00b630aee75dfe2c0e94f36ba8868b116de0e651c76d7109
SHA512195f3150192f313f3613228941ced0dd1860a0e18519c42ff268d6fb182eb65ddd657540dc479d3f7489151af6a0a59c93f6f46c3186f11640c87f6382fbf3e1
-
Filesize
1KB
MD5a9ec47780c007715ebe9c1e87f20e8ea
SHA1679b96aaaaf6bc9de9fbd349b0e017118a066614
SHA25604f32d4902e819cf98873a992096f2969793e7be72a78d9d95af06337e1f8e1c
SHA5124ad6dd997791b947586b9edfb1b0323dc445abf250d81449b15924999aa2311788decb7df008da25335eb3542a699684416ccae94b80039fb2c20606adf33a70
-
Filesize
4KB
MD587bd8dcfebc0d8f4d12871d7d18c1c12
SHA174dfac9de379e5afd07606dad53ae93886f47cbc
SHA256540152312158e9ec29c6716e260f85a7f52ba8ab10e27d1ce0bacf27a2e86ca7
SHA51200ef1376e771dc35aa7c463a1ef5a2b75f68cf90bc601e1b706f47c4170891eeb830f36c161910f9624886021866d5e66858b35a89877d9d29bacba69d5364a5