Analysis
-
max time kernel
255s -
max time network
255s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
22/08/2024, 11:09
General
-
Target
http://minitials.com
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://minitials.com"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://minitials.com2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a28a9f64-f008-484b-bcad-69643cab4696} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4ed82fd-aaf2-459e-952d-3f7a71ae09b7} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1468 -childID 1 -isForBrowser -prefsHandle 3312 -prefMapHandle 3304 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e83ea343-d7fd-404a-9bc1-d90ca1a17d5f} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3820 -childID 2 -isForBrowser -prefsHandle 3800 -prefMapHandle 3032 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c069c1ef-83e4-4b9f-ba7c-f4372e49762c} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4448 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4592 -prefMapHandle 4588 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93d5c707-af40-4f23-a255-dd8a44a3a442} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 3 -isForBrowser -prefsHandle 5520 -prefMapHandle 5500 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4a428e3-0df0-4f48-8c5b-5fdb24656cad} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3800 -childID 4 -isForBrowser -prefsHandle 5868 -prefMapHandle 3520 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6201ebd6-5633-4c93-a3a2-d9e6664c667d} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3396 -childID 5 -isForBrowser -prefsHandle 6016 -prefMapHandle 6024 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b4a3c07-ba42-4e91-94af-f84f55b073b0} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6140 -childID 6 -isForBrowser -prefsHandle 6000 -prefMapHandle 5984 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {caea550c-fcc2-4f46-a499-ba27ee5053f0} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6320 -childID 7 -isForBrowser -prefsHandle 6328 -prefMapHandle 6332 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f95b78f4-5789-4255-a19b-bf3c06a42b56} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4572 -parentBuildID 20240401114208 -prefsHandle 6632 -prefMapHandle 6588 -prefsLen 29278 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0950502-2241-4d3d-91e2-13069f819808} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2996 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6000 -prefMapHandle 6620 -prefsLen 29278 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1df2ea63-1b8f-4514-8817-f827516d8cff} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" utility3⤵
- Checks processor information in registry
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
7KB
MD5f760de16ac2b788d531ea0a58008538f
SHA1781648d4c17b09b2d95af83af9a7f9a05a34767d
SHA256e4b344350015997f1cc1e5c72b9c52e7cc137593c242d7de9bad9a323f2421af
SHA5128841c3bbd53fe25d175206b1fafb623933bfa5bfc1e607c5cd32bad79ff5318383657c7debc362e5a2c71cedef102f039783e2190d1e6faf13404a5956100c77
-
Filesize
7KB
MD5d1bc4f84c10b582f0c6593a4326f5bc4
SHA13620e3bd711a2b3e092ad0b3934c99a28b683ea5
SHA256eee3e844a4bdd61918600b915200fc2fc24dceefcce0933d62b45228bd74f8b9
SHA5120c1fa48003afa2282b30bf43b17a742b4e59f15a4ebc82ca8b7d4c3d391b9d0e75e6176e34cf40a9dfa9c5eb22659eeba2d46d1861ed8e7f817cc6a36a250f73
-
Filesize
27KB
MD5dc3f761c1211096affd0210264ec030b
SHA1c6426edfb0bdde69ff18bf84723762afc8ecde65
SHA2568ffbdd84bd8202807e07a51535fc771e35c77b9044e6eccac41f59db1de626c1
SHA512ad33b9771c6302aa21832518e011d4ffc76a527d3150a90dde34ab68c7f115ee78e2424f2d35b3f61c5e45c0db27a4346c788ccb5ea31a1dfbc4a5a8d6bc8683
-
Filesize
1015B
MD5d8fa487910321381e19c303cb2579f92
SHA1cdc0a8edfde2b40d3dc12db4565ba38e57308b65
SHA256324baf2d9007b3f41730cb6c4905065f2f163370b1dcbdb06ad93614ea3684bd
SHA512bdd5b01e976717ba2f29e5d18c46d37b97c635ac281eac6e08e1d31f5e53c60f90066e8899c0297b5c276d08ccafbc85322ab3facba0d7c88e758257b031677e
-
Filesize
6KB
MD5e5ca3d42032563a0032e3213d95f0f3e
SHA1f95bda3cc1736e09cfe426568bae9009dd88616c
SHA256c76551518379c14e59c013fb879df5d7176c4d7875488cf919b766de160edc11
SHA5123c02918bba60902d7767446f774bd851dd9e550adb6660fbbd3209f8310976af077c43d6f36423d09ffe2898e3bac816493e02b446e90a0e952a3d243d918a73
-
Filesize
5KB
MD5e6fb9ad6385697e5158ac5885002692e
SHA182e7f630489061ab983bf6154ee2676f83f191b8
SHA256665ed361b8efb7b17d698c0bcd83e0fd33f96b1da15b8591d11f5fb5d5155d9d
SHA512aa04297914f639207bac439828bee8199bd653667e07421030fcd2e33df65ab6fec3c9a6bc7681aabc0007e1abd31588327fee37e2cb6f40fa3c683fbdc71820
-
Filesize
30KB
MD5e4ea1ece3eef4465a11b1cf5f1a1417a
SHA1325411cdad4badb10bc1844a14252e1c78a58457
SHA2561fe1b82af9e992fb5082e7c87654bc794974877eed18a86f2f79b43b4eaaaf2a
SHA51248df59fa7fa044aa3352eaa2cb793f9fd5ff807c0d7385125ced6ed37ec47b3f180ebe9bbffdf110d5b046d62980b9e84c8430a331fd594ec10bf12f8c09d6f6
-
Filesize
671B
MD59c7dd091d7fa1dd709e0b99957870e4e
SHA19547f034795af0dc731f698a4255964c24ba4fd4
SHA256c2bca9be8d940842fa09cebb367d65693ddb8df02a30375ce09919ed9e08fced
SHA5124250734952e38f9a8c92b0e2fce0d1175ba931c4541307f3e81790eb362683fc479e227769fb56b06f8f8299edd83799c66f3e86bb32433fc99dd67518e81681
-
Filesize
26KB
MD59d69fd86539721674ccff8217c363d83
SHA122456a71f3e3d015ae9355b481f4c6216270ed52
SHA2562b5b141fe54fc0cf292cb3fa98126707722269bfc316895d53f2f8efc4149ef8
SHA5120a40c65c4f1ff7e75570781e3eb36dd58845f5ae6087ce59f8d97d5a11b3244bede7ac177df68186decf461ecad09b875ad999938fd21d3a78c8e4e00acb37d8
-
Filesize
982B
MD559257ec7f2148a56cfcca87143565846
SHA154fd09cddf2e62fca13842f5c03b3c0bc0514def
SHA2560ea3a2f69b4b6ecc8f7259a8ab10e0ae3723ae76887ac27f8bf21d9d1c5534f7
SHA512c6f1b2cccf9db00adc9e074d9788fb746b601f3a2c109da80607fbcc1c79549599db859a0dc37daec712aa8c170245b1fb2f7138354634b35fe76d7f08415f1b
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
12KB
MD5d2329a8b3f8fbb08be0e7ac35b880e9e
SHA18d23bedb9caa870b1d5306e963a8d2bae73e38de
SHA25647b6cc49ee0604f2bf371d8d259394c533838ef871cd097650e8bf7b751be4a2
SHA51283a31402e6873be2210880bcb2ada35a5a5eee4632a7fcdd468ec4ad1607c0f16b309b979b6bd15c67301cfab31957f8ce047ec61f13610b1b923873fc528f7d
-
Filesize
12KB
MD5a77a82ec675b88a8c2765dd555efe019
SHA1242706085861c714f6504b3e4f27c2465feb964e
SHA256b4ddc47918908d245ecad386a1d46eb236148d0563cf08cf8bef9837ce4fb533
SHA512e49c133ad345d3b910fbb2bca854954adc439494e5962e5e61bf88fd7acbc9f6184c5ee62d0a092a4c1c17f8c7c602d42224f43325e3bfc5fdef2acf1ef40fc9
-
Filesize
7KB
MD5bb5c24fc1cfa9479942f866f8c822507
SHA1b365a2597db059e67f479abbd7ad656d5d3fd4bf
SHA2566d513e0bca5df6ceb5d4aa008d5f2232d6291a2c41dccddd319f9b14046cd92b
SHA5120b3065ce982f351400b4e7c7347570dac2a95354457e4c0932f7ce3c785ea9bc674907ede1a0d5027c2f049185e79f5d9b69703b2130bef35bae9efd7280560e
-
Filesize
7KB
MD52065323b0ccf4056257dc5adb487371f
SHA14aa4cc4d28065a8eef05db99301ee1ca4dc0b03b
SHA25660a88ca3313e9045a1fab58224c8d898e9a39bcb82c720ac1afde5de798e191f
SHA5120f957f34b25e336486a7797557ee9fc8ff7ccfb502273490e9ec00d05727adeb9e56faac0a2f6f9c3e10f58c8a20dc937e3facb2555530ac1571a831e31e8a1c
-
Filesize
7KB
MD59aeb5fa9e11f74af00175a47c190c0e2
SHA17512d597278257d8596c77afea343bd972efc8c7
SHA256c4aae74492a864487ae444fa8ac8a44790b462a9ff3b08180bce4abf1eb29d7b
SHA5122df95b18011252c300c3c891b575acf451bb10a29bbd3731274be35c3c1dcb1dac153e1a0708f2d0b4fb210118981cce79f6b7a8a286c552d37160befd891104
-
Filesize
7KB
MD575bddbe0d85322f53b73577b54323fb0
SHA1a1c41de810b6e766e28fb9a5a61e86bb82155c78
SHA256236308217513a430274839abce3629a3a52b97ec13ff945b12ab4fd3f4099007
SHA5123d1107452a76a9e5480f8ee44f3dbeae572d64f95a78144803e789b813c2a69b312b5f7e825218275fa01ae4246323d787402a57ee54a81b59ae2ddeb2516c31