Analysis
-
max time kernel
7s -
max time network
9s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-es -
resource tags
-
submitted
07-08-2024 16:44
General
-
Target
https://drive.google.com/file/d/198Ud69g57YEa5jk8zm7k6t4OKnk3ohTm/preview
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/198Ud69g57YEa5jk8zm7k6t4OKnk3ohTm/preview"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/198Ud69g57YEa5jk8zm7k6t4OKnk3ohTm/preview2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9706a3b3-8471-4e85-a24d-df943d97efbd} 3068 "\\.\pipe\gecko-crash-server-pipe.3068" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {691332ea-681f-4523-8393-64fc17063958} 3068 "\\.\pipe\gecko-crash-server-pipe.3068" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2892 -childID 1 -isForBrowser -prefsHandle 2792 -prefMapHandle 2876 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7af897f5-2bf5-4c2a-9586-89b4c2e30b85} 3068 "\\.\pipe\gecko-crash-server-pipe.3068" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3588 -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4596a982-f71a-4d57-9512-bdda4c779273} 3068 "\\.\pipe\gecko-crash-server-pipe.3068" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4496 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4540 -prefMapHandle 4536 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {545fb53e-a35a-43ee-b2d9-ab8e3007586d} 3068 "\\.\pipe\gecko-crash-server-pipe.3068" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -childID 3 -isForBrowser -prefsHandle 5268 -prefMapHandle 5208 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a468a6d-6fb8-44af-bf23-3cd5cdfb4c19} 3068 "\\.\pipe\gecko-crash-server-pipe.3068" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5436 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {849e7de5-9d46-4aa7-a5c9-6cd374db1b49} 3068 "\\.\pipe\gecko-crash-server-pipe.3068" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 5 -isForBrowser -prefsHandle 5696 -prefMapHandle 5692 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4108dfd0-d0dc-4649-99d0-ab686c718326} 3068 "\\.\pipe\gecko-crash-server-pipe.3068" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD5a40251a34e48589387341321188f94df
SHA155dfa874f7e9b75b23d0be5e9d4d2b0047356e76
SHA2562654838dde65b763df14543cfcae6fb90ed6e9909b51f7b184a034c237140a07
SHA512b358c691501c039bde6e4a399632a4dabc768b71cc116498eac123f297560fcecaba3f3424f674d3b09d5fed29c3ad36ce5d307883e1c527a1e7f34772c825af
-
Filesize
10KB
MD50a57c8ee459868539ba1962e17861ef3
SHA1b435f11701b672fc0ee33ca5b793753680f68e51
SHA256fa4df77642a504c4035022ce3c3556161f3bc2f8bea2d2ffad6c5ef861c81b0e
SHA5120d6bab6f927214aa1b97e990760ab2b9f7b00b3c7f94c7f7403b5a8d18b96f0a15a2a134b0cf469891f88997e3b90d6da17125262116cfd72f8ff6b0a1c11dee
-
Filesize
10KB
MD50bb0b87762bef3687bd65640e89d9c1b
SHA192ef9abf77c9a5c76e412bc2ba5ceba8bba33184
SHA25667321ff791b3a6ff0f765553ebc3dc61d21df4c28e6c6c2a71a5596a735c248d
SHA5127042490923a9a50b5ff448cea62a56c890fe089a1683995093f1dfc26eef9c79fca58952e7ab2f9b45c8c51180279cd526c94d54ad0265319f2683fcc03f7e9e
-
Filesize
5KB
MD51633ee7d6f78edc5c44fb8064567c3ac
SHA13c48a68163a51dcceb567708255ce2c88faafcab
SHA256f2c74a7dd70d8021a4d55f0d7b1df4caa6a05c76a52cd3ee991f14dfd363449b
SHA5127135dbd35ec1c6549d20fd89d0fc1c528ca109a8e87f7434b212bdc6d0615bb3ee8909605453704f3b633b0480f73d4664d84fe088d58d7096ca71c870a656cd
-
Filesize
671B
MD5aaa8232c285af23288e57657371df45c
SHA1a738d65c08fa2fb494b5949a90e42f2837936fc5
SHA2563d735be59dd0a04803876a6d305d77fb62ac2278fd65174cf1c778513fe6fd4a
SHA51209113f313ef99ccf07acecff5b626366ad5681653c06d9aae96c0f3533d3127100ad43a047872e3167a1f4c1317020a1d4cfc67e9ccf82de6767a8cebdcace6c
-
Filesize
982B
MD57b348566b4e2474d734c4e74ff926683
SHA1f5546dee1eb4a4290b9f9b778beac476da2a218d
SHA25676185f80998ae7c3f30a76b8a540e59bdfe0a2de651b2440b11af4fe408d31b7
SHA512b9ddfa5f41f3f9681742dfcbf253b7f89a1808b4a878b4bd20b4452de306624939589075e3759868cbae4cebed9d307280ae0318d2846513622d5602a8ab3746
-
Filesize
28KB
MD58defab01680fd4ddc809d8a98a8fda2f
SHA11b50ad9c6e972e72cc773338a85c630d7fee2c6f
SHA25697394788152fc27b6f5baa043a859fe3a1f10a4e79fc39158d1ecf438ae271ff
SHA512b3153ca9e752a32e5bb413d949574fd7cf617febd2adc9498c9a975bfface228b419f440dcbd902b1bd2e30fd2d9a7476af2eda89b40425daee1efc881a88119
-
Filesize
11KB
MD57facad896aa39fa512b1a02871432ffc
SHA1bd4e6f8dec00f9e7c0dcb7aa4efb5b1ee489c5f8
SHA256d4be764fff8112d2b2ae79e924aed8470fb00d5b0d822c56c1d91c21fb227a9e
SHA51275e29eb75366a029ae5e0a87682facd41aed91e608cc1f9d92212912d1384e3b57c55a0b7b93f29fc0070cc1db00dd5c3001bfa12f4654a390b9d7a806e20338