Analysis
-
max time kernel
7s -
max time network
8s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
20/08/2024, 13:14
General
-
Target
https://u29212263.ct.sendgrid.net/wf/open?upn=u001.9vVW-2FuYLlQl-2BotTXSr8e855JyO0sLaCkAlJ3NiqbBbsy3pRtu0bO-2BgSwivhA6EapAuYOGTZxE6qxCpa3hVxkXhxPOGcTa-2F6nhTffvPeKaVYr0uFDdvz0UPRmFSVKiRuSFcah7rNqr-2BFdqY5QYZiezgs19xAclccIA39DJYe63Ipe7gw-2BAn2lYA-2FwOyIewfRkGaDTPn4JbFC2DJ8NhJ6WrncPDtfQAl00ZhCEUwgWG2Q-3D
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://u29212263.ct.sendgrid.net/wf/open?upn=u001.9vVW-2FuYLlQl-2BotTXSr8e855JyO0sLaCkAlJ3NiqbBbsy3pRtu0bO-2BgSwivhA6EapAuYOGTZxE6qxCpa3hVxkXhxPOGcTa-2F6nhTffvPeKaVYr0uFDdvz0UPRmFSVKiRuSFcah7rNqr-2BFdqY5QYZiezgs19xAclccIA39DJYe63Ipe7gw-2BAn2lYA-2FwOyIewfRkGaDTPn4JbFC2DJ8NhJ6WrncPDtfQAl00ZhCEUwgWG2Q-3D"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://u29212263.ct.sendgrid.net/wf/open?upn=u001.9vVW-2FuYLlQl-2BotTXSr8e855JyO0sLaCkAlJ3NiqbBbsy3pRtu0bO-2BgSwivhA6EapAuYOGTZxE6qxCpa3hVxkXhxPOGcTa-2F6nhTffvPeKaVYr0uFDdvz0UPRmFSVKiRuSFcah7rNqr-2BFdqY5QYZiezgs19xAclccIA39DJYe63Ipe7gw-2BAn2lYA-2FwOyIewfRkGaDTPn4JbFC2DJ8NhJ6WrncPDtfQAl00ZhCEUwgWG2Q-3D2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2036 -parentBuildID 20240401114208 -prefsHandle 1952 -prefMapHandle 1944 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e6c3e7b-e4b4-479f-b88e-bf441ce43915} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2480 -parentBuildID 20240401114208 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c23734a3-0286-4855-9145-527a149e3032} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 3224 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bb3dbcc-310c-471e-bbc6-73ebbda1089e} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3676 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 2772 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e61e301-b43c-46ab-ba24-985d18b6fc4d} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4404 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4392 -prefMapHandle 2800 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1341513-4635-4c21-b706-6373eabbf684} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5200 -childID 3 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe36342b-c7e2-4505-8c81-51c787878091} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 4 -isForBrowser -prefsHandle 5360 -prefMapHandle 5272 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c842acf0-a498-4469-b201-d28b9a630267} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 5 -isForBrowser -prefsHandle 5588 -prefMapHandle 5596 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecb9faa3-9f23-43d0-a204-5ad6a2e03a74} 2496 "\\.\pipe\gecko-crash-server-pipe.2496" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
30KB
MD58ee0056bbbb06175e7bbf339b5af6bc0
SHA1054de86cf288e7679ed4db32802bfd28144add13
SHA2569217795def6e9467aac23536831604788fce72d3464431915653fdcff92b3539
SHA51279a38ecd08543be40f7e1ab305a963a3f51a1e46321ea07601f993ab4b068aa9b8af47b146c3188807771548c5402e32b4a9d951e61628532f2055b35622a8bd
-
Filesize
6KB
MD501a220a8c54fb6bfb1eb970391e6038a
SHA197857dc8ab93150b585a11e6230f63d319e96de2
SHA256f7683bd2fba07744c15b9889733b56a5e4bb419122f9b97f67d9aa519e48f7d5
SHA5124939122764021f0610d98968501efafa9408d81aa2cd2c229998b9a0dc3dba048270290bcd5d1a609627d010c3f8344f836a634ff12410939967752f57c817dc
-
Filesize
5KB
MD56853ad816f29480d97b8c62b2f8e3a22
SHA12b73aa10e4b81d7106e85e4c13062783bd3a64a1
SHA256cc8ac5370940b31d257fca1eb4d139c8557a64c421503711693e40b961b605fa
SHA512dd3421c5a5939a8671321d09498cd4118db8c9488a3ea68958bb9e43f11ae727e6ce7a75e78a1a64914974e3b7e9644a59489d817ecb6b324917870408d3d3a3
-
Filesize
982B
MD5fa8a879ea86b3115e8dd16c2e78e5418
SHA1a0782b35a7dee6c974b7b348ffdd9bd143b38c3e
SHA25636d05cf17004e84333c35c61e182f458d24662fbc7b021e26fb3a89a54bee3b8
SHA512eb73b49deff5ac90fca9e78a18b0385f52b4673090c30f3367828bce0a1e784bb1818a9022322f8649dffc3ec4a3c70b44981dcc48979ec7eafa8a715275cb75
-
Filesize
671B
MD526275467fb8530420afeed75f6166432
SHA1a388a13f7edde8d1af0787551a2ab06af692b94d
SHA2561b7af04903536bcbc19aae2ed532d5464f3c0b53ddbe5c5df6846c934123379f
SHA512d02d122cbaffd6e42ba0d1ad62cf518eb3e7c45aa00310618ec0285fd7ac28d2f5ad863eb3f2dbd2951e47e7e3fbba36d97d70bab0604f314df309bf3e2ad332
-
Filesize
27KB
MD53d9cb9608c354abecf24612539430caa
SHA1fa8d646489c14c64bb6b24c24cfdf7a2ef543da6
SHA256d38a4d74e3577444faca36ec9415d4af453fc54697fc86680d1ffca510956bd0
SHA512b31078972fc0db84b54ca03b072cb5644ca6e23a1024109b86204d5377551be572c1376315f6e456599225cff8d5eabc2de80c03fdf8bec9266acf4fab360010
-
Filesize
11KB
MD5ebc176f3def62e8c83ccf1539f627a20
SHA142e5875aee86c9a6c06dd27e8f7cea57666b1f38
SHA2568cafce22734c0b75ec614c5941b6c3cb596004085b15498e22952c0e7f3958a4
SHA51253f51d61da2806988d869b0a3cf7861264f4c277fd4fff015c3883e4d886d09f71a69124cb95b2af74c03a5d9ec6cf333924f020b3188aa0bde56de9633ee218