Overview

overview

1

Static

static

1

EZTEAM.html

windows10-1703-x64

1

EZTEAM.html

windows10-2004-x64

1

EZTEAM.html

windows11-21h2-x64

1

Analysis

  • max time kernel
    25s
  • max time network
    30s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-08-2024 19:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EZTEAM.html

  • Size

    171KB

  • MD5

    ff42b81a9acb8072ca7b4a27b7b2b26c

  • SHA1

    fc0b15e0629106c33b0356ac4e493efaeb8ddb06

  • SHA256

    227691220ee14f28eeb9c133a6e6f85aef65b4691b4cd36a33141f9b583a002a

  • SHA512

    68adc56fad8e71908382c2a27a96c434408a7912721fc7f1cd3db0ee11e3841c8764c65e8401888090c06f0d47a1da4c2f1fb22e95c404c95daffd104123d620

  • SSDEEP

    1536:oA71uH9HmFJLTzlF0Lw9APD7sbZ1jJoPyFWUu28vGbTQaRcN/32OBo7KGeeHRskD:l1uH9HmFJLSL+T5HRgQj7

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\EZTEAM.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\EZTEAM.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3948
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1716 -prefMapHandle 1892 -prefsLen 23600 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fad6452-8e08-443f-92f5-26ac5258774a} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" gpu
        3⤵
          PID:4532
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 24520 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97b5177d-a99a-41d4-ad10-6c7f91f3ff44} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" socket
          3⤵
            PID:1468
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3116 -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 3292 -prefsLen 24661 -prefMapSize 244628 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f376330-8b1b-493b-8065-d8368d388f77} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" tab
            3⤵
              PID:124
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3572 -childID 2 -isForBrowser -prefsHandle 2900 -prefMapHandle 2860 -prefsLen 29010 -prefMapSize 244628 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38f39c4d-c86a-400e-814c-e28c310f1ce1} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" tab
              3⤵
                PID:5076
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4136 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4172 -prefMapHandle 4168 -prefsLen 29010 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f08baebb-9e8f-4a3e-be91-512135acbc29} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" utility
                3⤵
                • Checks processor information in registry
                PID:1764
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 3 -isForBrowser -prefsHandle 5416 -prefMapHandle 5396 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0323a4bb-25bc-4b4e-8a45-d2c03d9f8cbb} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" tab
                3⤵
                  PID:4524
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {167490e6-c556-4ebe-a21d-23c578dca7c3} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" tab
                  3⤵
                    PID:4764
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5820 -prefMapHandle 5816 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {793d3c11-856f-4e2a-bf44-c6c082e5c728} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" tab
                    3⤵
                      PID:3200

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\activity-stream.discovery_stream.json
                  Filesize

                  33KB

                  MD5

                  4f2080599bac96d68df2976a38cd60b7

                  SHA1

                  3d0a88ce08f84617abe5ae35177c703695328a5e

                  SHA256

                  cbfbb9b3ba157ac15a01b56a7df30b9a23ce62f5a3ed788d29c3950cdb1710c9

                  SHA512

                  b4100ec31f2ed9508748ad0f97ba30e79ea397786f2dae2c1c912ce155f1a0f43e3d83234cf42664c14add4503b9877ae6239d41fbf8061dc1e1f82447087513

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
                  Filesize

                  13KB

                  MD5

                  ef8e296f2fd8c8fbfc8a33ddda94ad27

                  SHA1

                  dfa48a00398e37cc41ccc25f5749d5d752b23c93

                  SHA256

                  c045426a1d648258e695c14e962ccbf4949da2ac98738f627e143a301e85bbb0

                  SHA512

                  016e14aa25c64c13ce587e4fdcd1690f949b0198556a56ac9c4a368d20e8c8503a8865d9dfbca9cc5c8548396ac7e96bdb8885114a57e30c35066671900b81d4

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  479KB

                  MD5

                  09372174e83dbbf696ee732fd2e875bb

                  SHA1

                  ba360186ba650a769f9303f48b7200fb5eaccee1

                  SHA256

                  c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                  SHA512

                  b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin
                  Filesize

                  7KB

                  MD5

                  d5bbe1c4154014b60f2389e9ec2c379c

                  SHA1

                  fec557d9270ddf07badf7e41d13cf6aaa07436ef

                  SHA256

                  42de1f70df71ae0a1ac1e67f9fd6dbecac30c74dfd973912a28fbe529becc558

                  SHA512

                  5276eefbcee6a48d5d206a4f3fa9417eee1c242ca77dfa9a585212e110d7d5718bd9124acc027879471b76d2d2ac16cbbbb6454d8cffdcabffa72c1afa8deb06

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin
                  Filesize

                  8KB

                  MD5

                  0f3a17a9bf5bca564472677e38a322c3

                  SHA1

                  a35c6a5defb2c28a323c1cda57057e15f32d0526

                  SHA256

                  f07bb1d93bf5ef2fc9964475ac98da6d22778b8af2ebcd033139b9951b753ced

                  SHA512

                  ec2e1d2c2def5c4818ef50edc54c4a37c45b4edda140b92cf4799ec7a0c129a0f6270639065d41a564d51e4bd2cf4864e30f73378af6548af3e616539579ad2d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  1d6e8b15099417198859a0b83c546a58

                  SHA1

                  ce835f06888ccf79d2ed88d944bad2bef663e62a

                  SHA256

                  cf23566f762f12ab69c8fc7f908ce5e67afdf3519e44de530e2b6fe014730295

                  SHA512

                  96928982e8f79e9b50b9b285ba7e64d828332cc9e83441f7d0a67556d099822a3276dcc88ea987d68e9c70df059e1f09b315826856d27e8fc2369c17d3e5847a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  44c439582ee8250aa90b8c39831b3b4e

                  SHA1

                  01b94900bcccae07d9799f3c3b23148993bc106f

                  SHA256

                  ca6b964552b4074bf6e323bcd051884711de06c72b10b9899720bd15683aef84

                  SHA512

                  1ddb700425dad042e468e8ca72d9a2c8476a0065f235cae6e265af1907a04d549f23c9c65294f9794ecc6803dcdf67295007addc1185c5429fe23b0693aef6fc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  15KB

                  MD5

                  d7d0f24ffe947f9a16ca01030e9c1bec

                  SHA1

                  d25e749e48494927f6983be2c7f286a479e60b93

                  SHA256

                  3a37b345946a55ca73ba7581e6b778272b8326812c1127e61e9383a05696d215

                  SHA512

                  d128fe534e299426579f35b2984ab09f8e13598612b7962bda50d550689e9c67aae7f59f061fe3737a25269214e25c55c3d6ed8d27d973e4d219f8304115f20a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\2904b40c-5cf6-4f3f-9a17-803396b27a2a
                  Filesize

                  671B

                  MD5

                  37db845c9f65820fb81731d3576e98d6

                  SHA1

                  6a20a7f4d51043f8824d72b4d686cdc959c062b3

                  SHA256

                  22831f2ba8bf30d9a9f40a3da393f7f091b6a47fd3882da53bd7d71b9aba6806

                  SHA512

                  ed2d39080336994c0b1a299e3ee206a79393e35ab40da85fac94476db875abc424ae5dd4132c58389b16fecc4e93dfcd8900b04db509cfc04c35f10e588a5591

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\410bd8a8-0c20-4172-80b2-7732942f0e6e
                  Filesize

                  982B

                  MD5

                  6af31bcc43bff4646edc95709e3f5bc9

                  SHA1

                  12fcab9635855d5fba2ec7fb156673a86b9fbf75

                  SHA256

                  32b091fbc042f1fec46deae33ea08f5b1c5ec3567539695fcce0a357513507d7

                  SHA512

                  ffaa7941fd8b1484766315846ebec66c1227044a58c810cbb1e0567ac27a9bf58db0a42f29b9b19fb5dc74debfdd3e42ddb58393411f17b0366e40a0de1617bc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\e61bf2e5-1001-46a4-9d29-9d5263e42376
                  Filesize

                  25KB

                  MD5

                  51620bd646a8136844c5debe47c0d89c

                  SHA1

                  fc63b473268b55a4e23c689277ca48475649e6b7

                  SHA256

                  17a199c07c95199446387aa754808dabf51bbf4f46649ac039fbf20056a4c5b7

                  SHA512

                  2de8d113653a95aac42abe1b98f582ac9d0fd2c5bdf4224aae6672f7fe2eeee9f020a56103d20218d79873257fa17663af03edfd322965665d3dba7be22a649e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                  Filesize

                  1.1MB

                  MD5

                  842039753bf41fa5e11b3a1383061a87

                  SHA1

                  3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                  SHA256

                  d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                  SHA512

                  d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  2a461e9eb87fd1955cea740a3444ee7a

                  SHA1

                  b10755914c713f5a4677494dbe8a686ed458c3c5

                  SHA256

                  4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                  SHA512

                  34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js
                  Filesize

                  11KB

                  MD5

                  205ab9741221da2fbfe723d836610aff

                  SHA1

                  ea3664a6129d0e1e8ded0ef9f7488a91072b1b71

                  SHA256

                  7b7254aa944e00a227e7863b2be109a29ba85faa3b22453fad9dc0c92ab0c7a3

                  SHA512

                  25d58dc0b27afd1965af9d5146e9848dc42cec595d2ccb1b446cab1ca24747db708e417cf4965adbd1893528d5f50738841beed1dba5143ffbcfe60d649f33c2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js
                  Filesize

                  12KB

                  MD5

                  d6d21504bd4fb2ce0bb5fbe673548580

                  SHA1

                  271afd5bdc8d24bab18735df8d2bba55ef8bc82a

                  SHA256

                  a56fbbf6c83396bd2bc0bd96f4342193b7f97addc69c62c7ab2282d56b95024c

                  SHA512

                  e9178ed795b39d8f9f02283369dfb91207b5464b23393efe78107b536db14de5d781cab25adc261f58aae4de1ab5bea988483c3a433aa44b70eb9cb1e5fe622c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs.js
                  Filesize

                  11KB

                  MD5

                  58eef2e67588358a739004c76a9571d6

                  SHA1

                  e3ccb57f54ef7782da5576707a41f52e7db18077

                  SHA256

                  938ba19fddd4cdd1d22fe6c124fc397df4c7001dc317ec0482845fddf6de5a1f

                  SHA512

                  b06b3b5d83c9266c43e1dbd54264a4d562a6de12c971a6807542a8f89691ff8030ebf4a1e51d51ad90559fa3173a64309ab37466deb555bd87e473ddbb244a5e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  640KB

                  MD5

                  563b45243e5e092910c85f2048a62582

                  SHA1

                  ed4984bf02130282e04a0843e38136651053ecb9

                  SHA256

                  676f0551b616d1cbdef3c50f802ea40cb857e6d7168efd29a066a18e4b87dc52

                  SHA512

                  7be10d80b441271d7d84ba998cdb549875b1425c5bfdc70e7897e6494317da771944ae0609ecb2ad480309166481119effeec81dbee8c8531420b8e3f8a17944

                  Download Submit