Analysis
-
max time kernel
35s -
max time network
36s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14-08-2024 07:13
General
-
Target
https://drive.google.com/drive/folders/1ZTOYpliKdMplHbFBNYpqym6wLnu8XD26
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/drive/folders/1ZTOYpliKdMplHbFBNYpqym6wLnu8XD26"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/drive/folders/1ZTOYpliKdMplHbFBNYpqym6wLnu8XD262⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81c574ca-dc8d-479d-9890-c4372d249ac9} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2452 -prefMapHandle 2444 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd13925e-2226-4751-a6a8-d097c94b1ed2} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3100 -childID 1 -isForBrowser -prefsHandle 3176 -prefMapHandle 2900 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56924ed6-bec3-4845-b50b-ac6ec251284b} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3648 -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c57da10d-0a1a-4211-ab1d-e8a08c13719b} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4524 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4684 -prefMapHandle 4596 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b6531cf-5c83-4337-998b-273e360155ab} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 3 -isForBrowser -prefsHandle 5324 -prefMapHandle 5320 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d17e856e-5260-4147-bea6-218138e874e1} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 4 -isForBrowser -prefsHandle 5460 -prefMapHandle 5464 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa923ed0-f709-4299-8365-d6cbda289d47} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5540 -childID 5 -isForBrowser -prefsHandle 5632 -prefMapHandle 5636 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1fe098c-88d0-4b0d-928e-f732b08a2874} 4088 "\\.\pipe\gecko-crash-server-pipe.4088" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
7KB
MD5744d832d53e5e46f2c6347ab5ae21e87
SHA15f22e54dcff96e286c81dd2c207f5d54e27a42a2
SHA256c29cb08cafe0c8d84fabad4b75d1010b93ae46ce3a2ac548bdb38bad4b01ef15
SHA5121b4744282dc2d932fe57cb9106c303fd1d4e6053dc8b5fb5d96c2d786c28162a8f3be3cbc1807cd35e02eb54147478dbd14290ef4bf26570a0a4c350b2616683
-
Filesize
30KB
MD56ae065c3dbfb1bd7c2d681780ecff7f5
SHA19af35a4a381052259fcf46e71cd4589be5bfd83b
SHA256e6cb63a9369ac3014209fc0a86571872b2042912abe19c2c8f36f5138fb8d656
SHA512e49085bbfc311d7834b843ca069ae362347621b55868a2700af97bb7b65d124a9d6df83cd401dc5a675e1bed9a13c1e965bfe724e64fc15cd54c14f19763c318
-
Filesize
5KB
MD5be9a01c5b639bfe777c1b3b3a2053036
SHA1644b733cf1d28f4599278bf5cd1d624a2a20e9d8
SHA256152ef3441c96f4e5dfcbfa9327ce75f6f5d05e9acdaabb2f977df9ef63b60ee3
SHA512f0471fb5522155bc49839f83dc7a1cb1e83eab728ef4c101d267e99e9f5e6244e29ac77fb56ccb509f4b7092d5e5285abd5087ff777bcd6cc18d591074e584e6
-
Filesize
982B
MD5a8c44643ad01fda7d4d3a4b884a810bc
SHA170c84a10a0ce47fc2e703d5ce67956e0e14e5509
SHA2563e9a3e6f9587886ba1dc5eb573e9213e6a6b37e7e3839707919cbfd16cb06c5d
SHA5121fa0ef6859ed4351e47d2037f674cea132aba38ae5838e02ddbe83f837481de67ee692e22da2ad68e1431ccbdbebbc89babfe705f36827292e3f02b598948fe4
-
Filesize
671B
MD595955747ea86c6c32700d0d77d015939
SHA1f23a93138dc5a72b6fe97577839c10956626a95f
SHA256d47fbed1875e76514dd8820db48bbc0e6548294e25b51ccae2ce34b3e54d2076
SHA51235420e000c4e36a76191470732492d068cf1243ce4a86999c578a1d7163c0ac8f09ac904c02dc81859998f4e2c617be770618820b70f11254b5a98c162e49630
-
Filesize
26KB
MD54b8f2708a4fdab942a34901c898ec801
SHA1f26e3c997f07df89ad1dcb53447a23f62ada4011
SHA256205c3f9f1aafb1e5c974f21e8525e8092d48ed8ce35210903948619be2e8e8c0
SHA512d552a1b87ed014b651fe32296b18d73be51dc3c4a6237bf6177b950322bd0a1cf7343ea2c82036d5d8f45159b24b7be1d741796fb48d2b54e38cda6d51fff1f8
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD59244a63b8473812cb267fef63285607e
SHA18b7cf7bf17f503c0bffacab06f1681330f771e55
SHA256bd5ffad6c9d3fc9bf37f1a028bba52f62a4fc592228e74a15595ddce4a11a327
SHA5126401d03f88e0497a81ddaad4c2d551691bab81d2638c79eec39c0cadcc83c908bffb934514e4898ac0f5439319592035fd2856595ffb2781e6d5ad54cae0c5b8
-
Filesize
11KB
MD5c4d3fc4a7208bad351f8ae9c0db4fed1
SHA1dd83c4af26bff22849f3c16cfbec84f782d0e59b
SHA256cee933583938ee0e113d936edce59e987e2f425f264b5f7a9082f2e52d5c096f
SHA512c4b754c50b6d82486a16a95bf0174f8bd3b6165a02eb82ca5301f75ec6b1f58d4eaf33733a620c041a1446c9f68bf00218f829e0c50e4926a03e8b9e7fb88713
-
Filesize
11KB
MD56f1413ad5bd1207fd61fc7f291fc409d
SHA1cf5f9244f80c924367a225768a6447190807e2a7
SHA256bbfcc9702ef03b98a386e4103b426f3cd05b772bbb36a0e921bc39dd26301a45
SHA512f560f513d0992db2375d633bba0b2a4a7543c222e88172d4cd5dc1130848dd144f815172585bfb709db499133f340bd7a201db62536a91200271b3b43d4ba56e
-
Filesize
11KB
MD535e72f0200720c7fc2b3111162f7181b
SHA15a03d5f5a9a7cacf5367bead99f581460b34972c
SHA25699a560a668645c09eeb42f94f57de1c36ebce15277e91ac65a7fc9353e577e06
SHA512e375806fb4ca5938efb9e2712c04b0c89d7558e572a39ab1f66c6c6e0a301cd10b2ab44acdbac70376e61ebdf3c2d170ebd432c76045c3cd1e16a66bc6ec80a7
-
Filesize
3KB
MD50d12b75e726aa82d6b371be5f77b537a
SHA1619f852a712c45d02625270ce1cd96a8895e651d
SHA256e7adae7a40ae10a5127f55b491cac43eb3f3a11884744b558d217fe5dfaa4b0e
SHA5126e2655d89e951beaddbdb3ad5233925c140243b8d2d86acf024952e4fd3e0a2eb8104f86e5342a37fbc2a24ddd6ecaeee6c04b4ee4ed5b25841cc97993888054