Analysis
-
max time kernel
122s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
-
submitted
23/07/2024, 23:35
General
-
Target
https://s4dbo.gj03h8.com/s4dBo/
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://s4dbo.gj03h8.com/s4dBo/"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://s4dbo.gj03h8.com/s4dBo/2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 25749 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb16781e-d8e4-4a1d-9255-23db57872938} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 26669 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a675b971-ebe0-4b19-9661-d4bf686bb4be} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2588 -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 2960 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc71ff19-2688-43d3-b221-5edfcdb8f7d2} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3740 -childID 2 -isForBrowser -prefsHandle 3732 -prefMapHandle 3728 -prefsLen 31159 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c46f22da-f025-4691-9b25-2d8624c4b05b} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4748 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2772 -prefMapHandle 4708 -prefsLen 31159 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a57391d-01d1-4c12-8096-0ba3837e088e} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5500 -childID 3 -isForBrowser -prefsHandle 5492 -prefMapHandle 5440 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baa66ea3-4204-4acb-bfee-7c5ebc50e2d4} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 4 -isForBrowser -prefsHandle 5660 -prefMapHandle 5728 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e1246bd-91fa-4eea-a5a8-b94a06910662} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5840 -childID 5 -isForBrowser -prefsHandle 5848 -prefMapHandle 5852 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9458bbdd-e3fd-4237-b31d-e31d512a6dfa} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5916 -childID 6 -isForBrowser -prefsHandle 5664 -prefMapHandle 5668 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1393f2ae-d982-4105-a1fb-83976bf24b9f} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13.8MB
MD53e53b83305952adef5af36e3eb61eb52
SHA1f928888d186715ee6df9ae40d50650889e8a22c0
SHA256caadc484ee7dc57134d179bfef1ecc148f51c91237c67ec898f5da91574fbfd9
SHA51271c2c8854cc593cfe74514508eb34678769fc69094ae7e442ea067c9844f325a78fd5abc3f94d975ccc76f1526beaadbed9f7e9856858c4b80b878a8d0b17eee
-
Filesize
13KB
MD59d53875b0b375a0d977779d82fba0840
SHA1a1f5e0a0f4a9aa20c1cc83c43fe3c191e74dc3ca
SHA256e6f7d1ea145a8f8397fb945cb2d22d42722ad2ccb5cc44fa2513095d3c5a9b35
SHA512a81235ab76e2d604f6d542e2853b37e5a81d8c446fcad7bcbd1c94b0e230be221145e2918372a0e984bafe193647f21dcfcd1be7a99bea7236c84c5eefda0ccc
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
8KB
MD5b5265be085be9c1257fa9a08bceab598
SHA1c12a42226d2bd7ced1f1502e74c3b3c9c3e3d440
SHA25621ddd172bbf9c50bceebd3634c938a2965b7c231f8b00be011d237409b53775f
SHA5123182ac5e6ba1e0f997480850677d4f0c2f0586038b1bcb34ebefebec74d66403aeeb2f56ff84a6c419635ed325af55aaed699cb190ff5ebb65ad598ee325c258
-
Filesize
11KB
MD543ceedb5682b5f402db09f794b024ba1
SHA19cf80ef818f9804014a83cad780acd263b5598f7
SHA256d21083c574f61bd711294fef981698043ad94eb3df51b1be389b6deda041f915
SHA5128c90746b1e3f1c1d587aeb527efd7d5244e86f1c75248574dd5802d1f443b1310a36622199a794142466e8b0d259329dcbc3fdb5b1161846f20f8b2a15d43634
-
Filesize
6KB
MD51b4db1ecb3b9420f340c9da415931edc
SHA15a52fc265ab03f78d473206ca9c4675aa2beef22
SHA256d2e4b9a303abcebb151251baac9002e57f8cee632c21bc7c6dd8a7ea2dd9cb6a
SHA512415d6763c2f3bd4123fe6b802ee609cff60d5e3332190c8168f4e2a9124f20cd4d3cb8aba1286a1d01db8e9aab04c4127bf62d333beb22c01aeefed210687383
-
Filesize
5KB
MD548aba590831a0be2757dd92ea04cd06c
SHA1ce3d0ab6f937088e54a38d42a069741576ea2f7e
SHA25652615695ec297ace51f731be5e3525d18916ea9b7047eda39da28317a186c3e0
SHA512411b9f7baa5bc29222c5f5630626667b4983a76c1047457eea16a6c0929e72b34e98f6eba65521915d2a622bac6f7428bb197bbc28c400f9691195d618f248e0
-
Filesize
16KB
MD5e817d3202de4da3f2dfe062f3ec9b298
SHA1564ea5b6f3714e22cfcc2f03672ed14136fe7c51
SHA256f79e8e38db34d75b56e69bb6a5e74519cee2be47ae350a4349356b21df811345
SHA512e7a37e69db6e5a92004d5727bbc8e319bf4bde3289f3ff1317dbba20feceecb6677eb919a9cb105a61aefc84b93c1accfc244e3d45a58ffc1a83f55c7393e760
-
Filesize
5KB
MD59fb4ddc750a41cea8bf0478808fd9ae9
SHA1f37bb1dce2fa72529bd358eecf274b9a415d6dd0
SHA256696610f9aef6a408f2955bc684456ea183468226ab8dbf01b090d72662ef42c2
SHA5127dd5fe20e25875d4e5ac3452fe8eda3c30286016ab3c815029aeb5b4defd812338a87ce7cea4b1d52974a170a97236081e7af355b444fad43682b42958f20797
-
Filesize
26KB
MD5247a12eec731f43b173de7d9816411f7
SHA12bb6206bcf9085be7e90ca1023b560c3bff77dd6
SHA256d259b842715700e31c2cf43cc7bc2b163e339582093a14209178299e95fddce0
SHA512d7d6e494d1eb607f1ea6b4b6338fd6c8a4eb713f0789f3a596801965bc080c5fb62476867e3bec02962229a71a27c09a9e67c93e24b92390785ca42889f688ec
-
Filesize
671B
MD56fe94ea3d6aa0b36d36375313474cf7d
SHA100b92ad673aae3a981e43ae136fc293bf764705a
SHA2565d980ac2ca5ed2663bcdbe8cee9f4f00a34efc49e61723610b8aaf8578cf93e8
SHA51237af8eceb7ae680dc59909e2c950afd78270f3652b2393c0b70e911925ceedd0091390a9a1c3c847c36bc57ccee2dc4934d7db8f021a04ad09d3ffa68dbc1897
-
Filesize
982B
MD53e183cb002bc3be4ac442d5e0d7d77fe
SHA1755651fb54ed96e9929628b0725356ef470c4ca7
SHA2565267f08ae42a1e360fc9d644b3ee8249f66d3372bded11acc676b9a3e2641f2e
SHA51230d32568f72626ce627cd600439b0f329c52fc629c1f12959f1d5f937dfd44e1c0259bb85ba5e653a09e2cf884f48e0bf93a6a938a7f822c6b8dc1d53c14d993
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
12KB
MD547bd87cf4674fc6033cbd2f8abd28d73
SHA133b3a8d38956ab5b683d250c61a0e141b14d304b
SHA2569c440bfc41978db8b2e939f58a633e3c927685204ff68500ba76ccaac794e378
SHA51246d0789dd759d40809b16b0397c95ccfbbc568a1578ceb644ffc38325793f36fa34d155548b31bad67bd074161e80f747b14837a20a94746e0cbb0b82342075f
-
Filesize
11KB
MD56786df78ce1ff438e22ffaa7b8ee56f8
SHA184ade905d7bf5a74d19606c90524483a9ae6ed8d
SHA2566978c83fff75c7f125928fbe11a96ddded788558c00ccec08d6ef095a782ca45
SHA51223c12fa6f60dea8349dd39572315ad27fb1afe852bf66ba76f34f383158aa9fee6ea71e3845e2c51c6cbdd8b77d98906d9d3f381869ac97f068023eca25b8db9
-
Filesize
5KB
MD51f78c24d324ecdcc924df14c542b8d9e
SHA1953ca4bf9bedccbaac9fb84c380fa47828f5ac9b
SHA2563bc6a7d85b773a42525b31ee5cdb3309e828f4085db5a8c2e510aeea36d16684
SHA512f5ae7d2d133ebbb55bb6600777dd4fd3b6b99f014a9687deb23892a3f8351b90d233ed58f5ce4e34f2681ce969da85108b0004d23b95136c8552d120f03531ce
-
Filesize
48KB
MD59a126bccaa40699f1221c0653788b40d
SHA1badc5ff6eaaac099b1583a6add6b2f65ea2a5ae1
SHA256a98816391776709e3a3d3f45974b34e101bf60423dc19a6a9bd240a0d7c62cf2
SHA512217d9372a78ac0044a31d39e0f4fd4c85634fc71c89a2ed784e5c739f85a7393275de3d33cd3481c81c0cf9c599787c167b095ec363a0443100945e8888893e2
-
Filesize
1.0MB
MD5dbae6c7e4a936688e9388710cff5ea05
SHA1203ff3619f5fb055193f55e5ba247ec5d942402a
SHA2560805c659bb431e9ca56c66a517c3af1b28884604df134595a2b671e3cf833b0a
SHA5120da9634aa3bff73a010a3b41b974cb99970d8a5bddf73ee8d360ecb59a3cbac29974981258aba2cfda631a4344bcfe484de5e3f2cd7fc2c214f390204f72acfe
-
Filesize
1.2MB
MD52ddbdc156bb80e415a08fb185bbcdcac
SHA1f4ccd89fd9a3dc9213a6fed8603bc402f8c75511
SHA256c81408d487e3e011c16ded01a8f26536515a7f49f9bb46eeb05ec30b3e2fdf0c
SHA5121d58a86883c01e06de62a70379d93952ef73d4c36bc6b012f50f61c538f68141336d993b117138a1d2f23ae969c3aa53e9524f928e7d093cfe744d00ef579415
-
Filesize
1.8MB
MD56869cbf0789abfad696eeadf675f110d
SHA107f7f0bbfd5f095421f16f54c6cedc032be24612
SHA2561f31feb856084a11be62ce84e4a1577985109af99d17c1d8626fa89263213841
SHA51256e73f810d319b834bbb0b830c2aec1be3f8fb32452f476ab0732e84efd97ecedbd62a87d5a38c231ec7ef30f6e548fdb04b26d1a4440b728c4e93f5a42a0ac3
-
Filesize
9.5MB
MD5f1713f015b4b9d693e1781f8a1a3434c
SHA138d0363f76599f2514a8e5557c75ebb997addb7e
SHA25626a7cbafb7aea5f4f14a5bf7c7d21d961c52315090ce8fcea27bf6c795fd3d71
SHA5120207f077dfe9d25862cc7ed949eea7257b380d8bdad98a79404157455c41010a8894dfa53bfd381c0a46d0ce639861055183ccedf6c1a1d445c5ab7d4c924543