Overview

overview

1

Static

static

1

URLScan

urlscan

https://github.com/I...

windows10-2004-x64

1

Analysis

  • max time kernel
    34s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-07-2024 16:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/IceHacks/KrunkerCheatInjector/releases

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/IceHacks/KrunkerCheatInjector/releases"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/IceHacks/KrunkerCheatInjector/releases
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2136
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.0.1465229167\897807453" -parentBuildID 20230214051806 -prefsHandle 1760 -prefMapHandle 1752 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f2e4c58-9f3d-4ba1-9459-6de7f2a8c9de} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 1852 2684a80d358 gpu
        3⤵
          PID:4524
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.1.196275810\362938984" -parentBuildID 20230214051806 -prefsHandle 2476 -prefMapHandle 2472 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3b90e64-305d-40f1-bd26-4787b95614bb} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 2488 26836589f58 socket
          3⤵
            PID:4560
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.2.2087060957\440000444" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3036 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5066440-835c-4078-ae86-f1bee5dd4ad5} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 3048 2684d737b58 tab
            3⤵
              PID:4832
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.3.756338948\1386854503" -childID 2 -isForBrowser -prefsHandle 3964 -prefMapHandle 3960 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcb20e9b-bd92-49af-b4e6-4068f2e486ad} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 3976 2684f3c7658 tab
              3⤵
                PID:1920
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.4.1899301224\407884126" -childID 3 -isForBrowser -prefsHandle 5172 -prefMapHandle 4416 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58176ad1-810a-4662-b318-765f965e9fb7} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 5240 268513c0b58 tab
                3⤵
                  PID:4572
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.5.269942188\1521043463" -childID 4 -isForBrowser -prefsHandle 5192 -prefMapHandle 5204 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38e6cc2d-8a8b-4d35-9fcc-88b8179a60b0} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 5384 26851432f58 tab
                  3⤵
                    PID:4300
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.6.735864705\741672872" -childID 5 -isForBrowser -prefsHandle 5648 -prefMapHandle 5644 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {632eab80-d02b-47ac-a488-a6f624f9cf50} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 5660 2685148c258 tab
                    3⤵
                      PID:1128

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0gx8chzo.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  24KB

                  MD5

                  dc0f20d20215c1ea1f3666c20bed6064

                  SHA1

                  9114850e35dc3357a4eeacb44e5afc66360a04fe

                  SHA256

                  e42a4394b12a2797ec2f67d2f004e62a40f2bf2eabe7e0f1a6a9bc136c304202

                  SHA512

                  ce85297a48810d3bf9439125d2eaf4d98e29d700ebd18f8cb8f3ab15059e4d5240d685a239c49684c61b148b30000c59c2f30e845388804dfa117ff4dd7ce395

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  1966d56b4ab96dfd968f540868f14b67

                  SHA1

                  5d09bec37a15bb8186710dfe673c91d539279103

                  SHA256

                  5cda3bd1f830d441ccac389a3ed7c8bceb84f97336a9f7dbf1ced952a773723a

                  SHA512

                  0e38075386e80bd803e95f0aac70edc6c4245af77bc70921c1e5890b3054dc2cbee5a6716d60846433d8106624d41e844e6a7fdad93a701f3319e5796da320fb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  c1afa532d1777dfb745d2f8037577aab

                  SHA1

                  4f4678c26ecb740ef7457b7cf5167c6b3a5099da

                  SHA256

                  b5055440ecab26a9e066e5f39022ac5f99832f10cd7ad807d9ecbdff482da090

                  SHA512

                  e7bf071098f51e8fdff3d4a661e79b50a326e6bab4db6fded02cc18ca5594185c2a3c9114fc904b802d46efa3000440d9bd5a973c2763ced93615e2c963b36d6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  c460141c4269eb8f1635369ea3d28f50

                  SHA1

                  26eb02f47fb4d4a1c45159ba28600e776d7080c3

                  SHA256

                  b0ed77c1138507421f25ceaf69456354ef7d2187c63fa2e9155bfb853a4f65e8

                  SHA512

                  075d8707d07bfa60f1cb3e59f69d6428da68cabce5e9844e9666e2865846c4d3eef87e1c73631958c8ad62d79709b3e08a9508c9e9fc6cecfd4f3dc0c9e15a72

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  3KB

                  MD5

                  3ba425a42185f790629e99afc6f2f554

                  SHA1

                  7e7e42bd83463a16c13e576ef371d233833ed962

                  SHA256

                  d72b53721bd0148454ea285d2951d21001bbdab5772115f8242582e072178be2

                  SHA512

                  c7336c8eab92aa361063dabc302432a74888ef93df8f211aeb51a7837f324ecf94ae88eb849be398c3f6f9be132c3befb45f6d7fa8d891a85cfec4811ae94b0d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  3KB

                  MD5

                  9de10f6fed52b25c5105bbdea7765a37

                  SHA1

                  15510c9ac21f3cb67acc43e324500b8ba7644743

                  SHA256

                  713b0d77bb7e0a1a7899b049267096650850a2717a731f4a5717373bc6be0c18

                  SHA512

                  7c555cb0b38ce32882f9cc11d4c8abeeaf2fac182863dd1cb22e240ac63f9e69ef6f91f8dc9d513f0773029737c93cd8fdfe0ee7dfbc0ea926d925f60de8eaac

                  Download Submit

                • C:\Users\Admin\Downloads\latest.NP36rd5H.zip.part
                  Filesize

                  184KB

                  MD5

                  37c2bd3ebe663fc6b9a3cec54ee174cc

                  SHA1

                  f5a8e839b1240b16127cc2f024546e1339959aea

                  SHA256

                  9b389758fb55de4bbe42ef1f85a1be7158a87e3d2a71342708bac1dc212f5ec5

                  SHA512

                  9a4bcb7b9ef0fcab7dca4ae46299add9dc6244ff8b57eeb166918e9a29c4e4bae90213bfbbcd0afa22a624894353647842983c096208286c3bb923bd0db198f9

                  Download Submit