Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
23/07/2024, 13:23
General
-
Target
https://static.doubleclick.net/instream/ad_status.js
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://static.doubleclick.net/instream/ad_status.js"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://static.doubleclick.net/instream/ad_status.js2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1880 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ee71147-ddb1-4228-96f7-4cfde0e251d2} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2432 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49b087c9-4506-4b1b-844c-794fcaba2316} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3028 -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 3280 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ee8c133-2672-4248-85c1-62ef090f936a} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2804 -childID 2 -isForBrowser -prefsHandle 3760 -prefMapHandle 3756 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dd423c0-c9ae-435b-866a-c860da4deffb} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4804 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4784 -prefMapHandle 4780 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55da20ed-d48f-412f-a88a-82d8bfe97622} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4156 -childID 3 -isForBrowser -prefsHandle 5312 -prefMapHandle 5308 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95636bc5-3ce3-4104-a580-f386348671ff} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -childID 4 -isForBrowser -prefsHandle 5452 -prefMapHandle 5456 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b002e14-c5fb-4330-a5da-5f6b1b4a5f04} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5728 -childID 5 -isForBrowser -prefsHandle 5648 -prefMapHandle 5656 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4a9346b-30fb-49bd-87c4-2f7fb79d21ad} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD508cae34d5a0fbbbd192db7eeff5ceeb0
SHA12190b1618ffc24e0c11f066019d587d2ee92ea84
SHA256badea04d5a6dbbbb1a3aca8fcb37c31aaf77e0994dcc49269ec76a136d104bf9
SHA512d5446cc99ac19218f086ccde600638cdab3acde93866d4e2ef0f010a9ef38f1cd041423c4a707ad935eaf7aba6ff2e65eb69c31b14b178a992c29aa808b38854
-
Filesize
13KB
MD5571e34b8dc9b6ce7191b0d63b767024b
SHA17d9814662cbfddb5c4f61fc6e1357a65397e027a
SHA256fda6c7bf7c0f234c2a59480f6531aa94324505c560a8996839635f078129bbf3
SHA5120812f80763fb8d4c60fdbca79ae7adb4d3250a4c7afd89b21425a3332ec374b0bc21efc4bd71f000f3eb690746a26e6f350ce39ddd1da38c74254a9a76b0be33
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
7KB
MD5f7c21d8731dfaf9057116b2107cd5de0
SHA1d2279a8744e1dc30418d1b5556539043f06e2232
SHA2564292c6fda71abb9efdaf76c54c89b4b7148ee409fa7cc46a683161c7b447342c
SHA512d913ad78054c19e276dd40386f3c1015896ceb6b6cc1b73c23f361a044d549aeb1cee9e3a76891a2419036bf6c4d8d57cd658d7e28685ad7870340bf45e7cb3a
-
Filesize
10KB
MD56a7313f11ded6515c91142bf0d12180e
SHA1d7ac49f703baf210b35bdd39fde9eb11eacefeb4
SHA256040206b691edf653c59a178a1e18028f7357d47c24c39dd761ede1032bb4c183
SHA51247e40f877cb3aac248557e8165af092d737b6ac4bbc4e0735401a8af2b82c52a15fa80dbd5fe93ecf39ec53e1d294d944bc9f313121f5b6765d8742a12fe4d14
-
Filesize
5KB
MD57fe1bafac6c398d17b2da36ea0d01a3c
SHA14051a970ccca3f65fabaef6b0ebcbde33985172f
SHA256a881577507adfd031f97acf7e38b8a03dde66a5e25430b1c833cab155f637f8c
SHA5127539928f323c6810e66219b259eff6fbd66eb87b7261f71f53ca6854c588485b5d834aae2247139830f93656a788a3b360f4de2b439dead1161c8d988f5e4202
-
Filesize
15KB
MD5f99d6af0498a3fa8c9399b05dc7915ed
SHA1110b0fcd5f006bbbe716d97ea0e9f9c41828919f
SHA2566c535a10c5c2654c23aab3862f04cd7271aa8ce3af0dfe7e1ca3b311393c7d16
SHA512773257e87545ca01a2258add085fa97f7a69a7b0e610e8df87c01bd8e42bb9552395712dd4287b96486d7f8e2f715b7e64770909a88659f704c2bab17d72806f
-
Filesize
6KB
MD58073db50f852e428bd12308ad485fe18
SHA17773908f9a88c13272cc736532f2d42f031f8bd4
SHA256f2a4667c605a8c4cd6578f746697dae08896e6be5c9dbe8e72a7964c46f78d28
SHA5125328c4556e67b0ddbea76d4bee0877ff876df02621aa79fec03a73d1e6da5d3531bceee4a9097092e7b9f872259328737867922d9461ac99afd61be32ca3200f
-
Filesize
29KB
MD5167c99ba0dd413a468f64b534bd4f484
SHA10b0db99016983b10b25fed17ee3872d9759ca4bb
SHA256895e7c32eb27e5b98d9a163b6c677aa50fb14b35eaa8724c1fd1068ba102f84f
SHA5124e2c33253d186399f1403d9ba95733de1366c9ce1edcd34c3d075629e926f996d376689c8a8f697b2f5d8623000e6b13d727506787603ef391f552bae8a07ce6
-
Filesize
982B
MD59952e6b8a005a397d51fa0090b807fca
SHA19e64cfb87af148092c881c0630fe1633cf66190f
SHA25634604e3c6e1d61762c6901aa34f7ccf4d45b744c628f27631bcb9854ec1266ad
SHA512e9e3c946c6aa9ee225d5f4088d1d571850c8f462676220b7a9fa52e9d27dcb8b92183f356a456fde71d3100072cd866ff29fc82a656e3f29fa28cfcfe5665b12
-
Filesize
671B
MD5e55150f82f34fc491f7c913ac30e5be1
SHA17687f6f98dc678f1cffff6ccbc975a925466614b
SHA2565dbe5396992ff5859951a978213858e984c265787c3c77964e662edb3943a11a
SHA512dba633d4d8a00276e67bcd32aaa5e750bc4c13c2d5c8ef5e4333245f2b84289475e71de9610d4682f287d01ca86f8a1bb0f9b33cdba89a16d0888b6faed2ac06
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
12KB
MD521e4109732a1e10dca72f1e44205e6f4
SHA135c0581b97dbd9cdfdffa8fd4a4bd666ff2e3509
SHA256cb12231c8b04405cdc7577f0ae230a17bf0ee5c8238af173ac8c3ecebcf540c8
SHA5121c90f29ed60b6f404c963ef19830ef4f2ac74d9a17c6b2085f0452d30ff2b9a1af7fdd8707781d3ce498745a2f6953544a99d077599a99bd1156463f4ac42161
-
Filesize
11KB
MD52c55e027e1f457aef2ed3c730e8596c2
SHA1ba8acc4cf1ab32b580e6b35ceedc52fe47ceb8bb
SHA256f61e56f4292eb44ae13c9c1280424f15816a7a621c3502a2a2fd205a97bbefba
SHA5124bbdab1b151d824097a302f6de9a4711d0be2a4d45c0e827f7df2f89591f30ddbcd6e64366ec68587074e2e3f3fa96abdd0058b160f4ca333e6910edd0d77fe3
-
Filesize
8KB
MD5d43db2dca369021cedd2a820b558138b
SHA1ee132ad2fc9e4d550a8995037d063f5afdabdc1c
SHA2561836c1a5b22396a69f05471e28d6a2b177b876bff967dd91109d273d61756067
SHA5121c255c930d6bcace975cf960f89bd27e73c26da15cf165822820f49249ae00fb5269d672c734d9053cbaa5b10e510a95b8d4a8abc6f6c32ece80668e2ea2a5c9
-
Filesize
1.2MB
MD5b6a954d7747619c5eb59ad72d6d1a33d
SHA195776097a884179af62cc64bbbbee586deb4f813
SHA25657d6979f26e09478dd3e2539f94c5a3bfb06a183b41bb128297e0c09ff481146
SHA512058376e38a4bea20ecd94bf6263178b6fd9e163602e562d1a19b460046145a317e6bb898b607fa8c52424a3fd660953a91a5ac8f9eb1e07a1c600ed927156aca
-
Filesize
1.8MB
MD527cf0c683ea7c7cc79fbcef306f20076
SHA113ce81ea3ce4ff0143bc4274027e2f93e69d73f6
SHA25675b1d791fe08c1a22d540400a8d71757ed81e74d8cdf6266912a2d89c18af2a8
SHA512c691b3f45a73994cc674ba19d83f9b5d530e07f40c3d434782f3d7c219ba8f96c40499c17444181c39fd1a5527fb66f1df2ea71e039279bfbcfb94f67a228066