Analysis
-
max time kernel
7s -
max time network
8s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
23-08-2024 20:07
General
-
Target
https://atlas-trk.prd.msg.ss-inf.net/q/XmZg4pTEyDvpPN1XIPQe5A~~/AAAAAQA~/RgRoq2VzPlcLYXRsYXNzaWFudXNCCma7c-DIZqBVCepSGGFzaGxleS5tdWthc2FAZG90LndpLmdvdlgEAAAAAA~~
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://atlas-trk.prd.msg.ss-inf.net/q/XmZg4pTEyDvpPN1XIPQe5A~~/AAAAAQA~/RgRoq2VzPlcLYXRsYXNzaWFudXNCCma7c-DIZqBVCepSGGFzaGxleS5tdWthc2FAZG90LndpLmdvdlgEAAAAAA~~"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://atlas-trk.prd.msg.ss-inf.net/q/XmZg4pTEyDvpPN1XIPQe5A~~/AAAAAQA~/RgRoq2VzPlcLYXRsYXNzaWFudXNCCma7c-DIZqBVCepSGGFzaGxleS5tdWthc2FAZG90LndpLmdvdlgEAAAAAA~~2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1948 -prefMapHandle 1940 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1244b9c-0091-457c-a5bc-c66510fa8125} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2488 -parentBuildID 20240401114208 -prefsHandle 2472 -prefMapHandle 2468 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81663039-415b-461a-8321-912d82b8986a} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3376 -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 3428 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b21e03c8-eaa3-406f-97d5-6dcc3ba9c4c0} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3932 -childID 2 -isForBrowser -prefsHandle 3956 -prefMapHandle 3952 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9c08431-b2d5-4ccb-a200-f3c3b4539b01} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4800 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4792 -prefMapHandle 4788 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8c7ea1b-d49c-4d53-b0d9-669ed1e03dfb} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 3 -isForBrowser -prefsHandle 5296 -prefMapHandle 5316 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04e5d778-72a7-4e32-8b13-008bdf52251d} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 4 -isForBrowser -prefsHandle 5504 -prefMapHandle 5448 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4143baa-f825-49a5-9137-f22c61b49a8b} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5676 -childID 5 -isForBrowser -prefsHandle 5752 -prefMapHandle 5748 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e435f3b0-77a1-4260-bdea-5f894e3e9259} 4212 "\\.\pipe\gecko-crash-server-pipe.4212" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35KB
MD529b67bba543f2e5646b8011dd38aa274
SHA1bfbb98ca45213e49b07ff2649788e8a94c37c985
SHA256d37296536c5dc6fd651d57b1487c383b3bd5a439a0190a0c408b0fb090735be6
SHA5129d61bd07862598109aa95f17d2b28661ae00e974ad1915466aaee74c2abf03a29c429d1930a17905a99e5e6a3c878ee5dda188f79d603840263c30e753899e3f
-
Filesize
5KB
MD599955453b2844f430778ae48a95e0c75
SHA1460cc132c35b436214e6967505309c51fe897b2b
SHA2564c15c366b3dbce93d75602c3f889e7133669dc863425b3d0c016d0e294cdddb9
SHA51268b907d2aac90733c70598ae1518e749af35d7a17e0c650c73f80e04d9ccfb013a609ec117c50b6b4cb301916e2f66011291731d07389a67480a757ebb861c29
-
Filesize
982B
MD56750b8a8fe25a7af873bc8c92c6aaec4
SHA19914a0d59eb9a8aed330239f87215f61c2754fb2
SHA256869035eeafd7b6ab1ef49893a800b8d0b4d57a3fbc6b1116272f8bc540789f18
SHA51290fee34d091490097166dbcaeff9185049e424bd3d87720ff544a055de1295d370e026feafb7f21319edd53302b526e55f1971e80e4184062f81cc3a3c4b7a6e
-
Filesize
27KB
MD5aa31e4cf913fd93f166e608ec9464554
SHA11f836b2be25d8acdf14f054bcddf23fcee836a7a
SHA256143cd13b1721f8557aa14e5f4ce481fa06919c5530dbc8ec99a5e23b9c5b7e0f
SHA51284f11b94068d2dee9e5b80ad93866ed9054ad6e05fdc6dadd43e777d5d250557af7966689415bb1218f3c31f09b73f70107ce4dda404839ffb47753baeedefe5
-
Filesize
671B
MD5df3e44280676e800565c635810046b94
SHA11b9401c9d926f96ae6a956a3c86849b0068732a0
SHA256274e8f828023f2e959b17e8c79cad660a3e269373884e09b67f59ff9a41dd8e3
SHA5124912825dd9a2e1afcadfc6f2ff49277633a0651e74101f2ac0ed51a283721ce9cf3d251bf7e0b05087931ba4ce5e9371a21d7e3defe697dd36bd124f6a7fcba8
-
Filesize
11KB
MD51c501f375af5145117d71376e3ba4091
SHA1e685b433d7247d45f4f72a3d4c3ef30a2c311c65
SHA2566a1a98baea2db64ef651c22f12dcc11ed835c196514642316b17e7b7b4883ac5
SHA5127140e5369edb89623f5971c135f91a4b578323d935143fb3459f1d3759c6c3b247a21cda6864f24198b43ae22f02fad5f50ded935a3afd0fbbcbe1802cc1df61