Analysis
-
max time kernel
292s -
max time network
301s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
23-08-2024 19:45
General
-
Target
https://drive.google.com/file/d/1cA5Re2Pm5y3JUwuoLt3Uom8Y96vj3oUX/view
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/1cA5Re2Pm5y3JUwuoLt3Uom8Y96vj3oUX/view"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/1cA5Re2Pm5y3JUwuoLt3Uom8Y96vj3oUX/view2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85e27891-c0d0-4256-87f5-afeffc6f27dd} 4464 "\\.\pipe\gecko-crash-server-pipe.4464" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc019395-56a6-4375-8ed3-4d9385904448} 4464 "\\.\pipe\gecko-crash-server-pipe.4464" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3068 -childID 1 -isForBrowser -prefsHandle 3272 -prefMapHandle 3304 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff361b70-607e-4bda-a40c-d1b8c99890e4} 4464 "\\.\pipe\gecko-crash-server-pipe.4464" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3084 -childID 2 -isForBrowser -prefsHandle 3736 -prefMapHandle 3732 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12af0881-b010-4419-8862-591c00462315} 4464 "\\.\pipe\gecko-crash-server-pipe.4464" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4776 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4768 -prefMapHandle 4740 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f663cb2-1311-416b-9aac-443da95ebd5b} 4464 "\\.\pipe\gecko-crash-server-pipe.4464" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -childID 3 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5296f6d6-aa07-477d-891c-79f0201d3c66} 4464 "\\.\pipe\gecko-crash-server-pipe.4464" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 4 -isForBrowser -prefsHandle 5460 -prefMapHandle 5464 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07b2a742-9574-4488-9b42-1ea9fb06e655} 4464 "\\.\pipe\gecko-crash-server-pipe.4464" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 5 -isForBrowser -prefsHandle 5628 -prefMapHandle 5632 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cef4114a-1036-4bbd-b1c5-b64370e340d5} 4464 "\\.\pipe\gecko-crash-server-pipe.4464" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5052 -childID 6 -isForBrowser -prefsHandle 6192 -prefMapHandle 6236 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c403e16-6a53-4245-9b7b-5724800407aa} 4464 "\\.\pipe\gecko-crash-server-pipe.4464" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD5c531ff55b252ec753f4ad8f522d09d52
SHA18a15162fc6fa913f35815833f868b703bf878be2
SHA256e14689c6f37b445a561624cfbc3279d4ff7a2985511404fa1116add8d1c1e963
SHA5121d6d8288c8f5498e9c25e9eef636e68fbdb89df5aaf034d864affac845efeb891f492aa81f1d76e80206151ce0d473ef3510cd4066c7c701b8c71b8d197c53c2
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
11KB
MD5c4247ccb472710a0cd2f7b04daa3ffdf
SHA1df33bc6dcb21d0084807476af38f8ae1c4b9fa72
SHA2564736d9010a3e149958a2c3e5deb0c446a735342b9b589e53670696bda0df29e9
SHA512823026226a5b156b2a7354518e88baf7a6d992eac005b22970b51ce09d46f9f8967a653530baedaa7050d6e8f63f1a8b79d2c1369e85126a23e763a28cf01742
-
Filesize
11KB
MD59d0b779610177330c97f1b0153efd009
SHA141dd61528336a571c752d6c7a158a96c4c067a9f
SHA2565a884a072ca1cf711c01640030be522a0db2af8b85342cc8aea32c6aaed4a98e
SHA5124e714f05ec77b4ee4ea7995c36481f1d95e79f05b75c5301cf1c0e5eff4c43ed21ff473146f4d71c17476e5ecd8e5bcbf85c983d2bd82cb9574640ca480d27ae
-
Filesize
27KB
MD50f208562f51a1dc85126c0b166428d21
SHA17a27bdeaa8f311c3de31edeff9f94518851bbfb1
SHA256bc057f3bc4274d686436084961d00c8889e357c8dd2ba95867e15083dc3990d5
SHA512425152b4f2a960bc4f14e182b086915c35dba81351b67ef73b8cf81932ff8d8559b58b587ba35521763d2e7d63bc68b400fbb419f1f7ef0e28dc613e6d85a7a5
-
Filesize
1005B
MD524f802fc7eaf8653f27388b1f8e607a0
SHA103874de4f4ed11042c5abcd3dcf90719585b8e3e
SHA256167d35e5c231bf6e83c10bb04c917bde8f5d901a3da24a3dfe332b7f299f84c9
SHA5124ff82fc76322773fe239005e1d095708f469edcbd30379e79fbcf91f55caf4e9b2886aa463f2ae3e3c1f40669f4875c71c8470f43ccf5ed639bfb845c54d7532
-
Filesize
5KB
MD5d7c92bb144064ae2bcdfcf630bfc1e77
SHA1ea1bc17638d1477496cd767edc819f880ae7f296
SHA2565ce18d3c461fd33a36276575685dc22ea117811131a62fa041c0b1ceacc75150
SHA512f29423f1ed04a109ded8ebcdccd5b74e93f2d2d87d6a95c713c95ec66993db0c379fa2606a56976fc3a60eb1528b0ad6eeb562e4d4e9e6afa68d8151e33549bb
-
Filesize
37KB
MD51285d271c4879ee5691c321395cd2d86
SHA1923ca18b88b503833522d383b0c589e06ebf7951
SHA25685e27ac2723f044461db59eacf5c80313fee6576f6328884fd109f72a5ee4a0d
SHA512e68ff805e21efe3711bc42e651f6e179150a072fecd62781647781827c2c030a7e11b9daa98dcedb0f5181700bf54047b539e27be6a381cc375690de69cab20c
-
Filesize
982B
MD5718543f2fb2f557728ecca5f2b2316bc
SHA10df72d77c130b090c712bad2b07147cebf805415
SHA25681c7f998cc711f8561ea2183d48d8bcf64d87ffbf09d64cbce85a8dfff2d3c58
SHA512ed3cf5798934ab0bd37ea19943c6e42a48c80189801cf63c7ece68b442dfcdf49cc67187e963b665cc7359669e27a2705d7ebd3a795ce1176559715eb6a6287f
-
Filesize
26KB
MD5a270038526f4273e3746afdb8a9075a0
SHA1c066454543313e1651783840fadfbb5449a68764
SHA256c48e151d741544c729199cdff716eb7fe25d65486546125bb6a7bcbf9d81ea07
SHA512147cb83197aa07d9a879af72f5721f3420b9bbb3d85a8efbe4dec216b2237029f43a3f23186590db907732fb5749bf2e660e819086daec7db19aad434f726461
-
Filesize
671B
MD5fe961b1f2ad1c366c798b61db6be3892
SHA107156302eae62ea62d38ef41be4833130a174d4f
SHA25617f59ef53a2bb9a26e0eba6ad56ed3094dd100a01f0af69b0a602c6cd28dc4f8
SHA5121861e6557e12b2f3ac3a2fca724a6185e85f50dffb388c9cb9125861800855e090ccc1b11dd98f87f286dacf14c87048f0ad69e402b74a888ab4a9a4b9e99072
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
10KB
MD5dc69afa5bbeca93b8292a5e1cf810137
SHA19574c94bf6468e25608148c15ebd2156e43639a9
SHA256f8879af4132fddfdbe091b9fd5ba33d5ebf5d973aa6036e25dfc94dff7d53b29
SHA512b09ab506a7eb7d360282b4053cd987f960816041abbb6885bca18629bc80bda3a6f21fe8f491d8ae3558057bfdb226bbbf2a0fef28d74f6e09de647a36d88362
-
Filesize
11KB
MD5e3f4f5b0ca97c9ed7016ab87200964d5
SHA1970548539cbf3f781d0b79b78e38ded7d93ce140
SHA25644460d4962afc2b1b5efe35c4c13bf055d3c79fe38f022b4151746bcab1ec96c
SHA512f99688b1bfa4e6d6863fe69da49ce15585b840ea3e5d00b28c0227e0dbe3f8269b59a57b29470670c16b027562271f230a14b2dacaac1c454213540ca2359eec
-
Filesize
12KB
MD5a1b796a0ae219afe64648b5d261a5d7b
SHA132d5e0d3b4052d6c2989b82f8f8712dc9a90524b
SHA2564a1d4984982d9e0242532e24443fa2350443b2fdfc84211cce048a5447cbba04
SHA5129ea5720ea0c512c5723317395c4270c058f178c0c6de679edc982c5bf58a5cf7e8bedb05cb6960c160aa4303fdd7946049fd458fd121b046f0463ccd79e0153b
-
Filesize
2KB
MD5784b71efd9d9aa8ad3bc454c0764243c
SHA1429e09ad72dc85f33593b4b44c2010b1e561d68d
SHA2566e74e42b3049a735781a432659cbf60db3dbc29c8bf1671fbaf8b8868e5f50e0
SHA512edda4e3d24b8bfd354950b9ef4b0a6f87f3d1b6cf84830dc219bd0a4a034281d6ecbe752229cb0675c3f2c6f0fc4b001152b9479e45d075fad2ef405c32cfbb3