Analysis
-
max time kernel
257s -
max time network
257s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
29/08/2024, 04:46
General
-
Target
https://m.sexemodel.com/profiles/list_ads/?city_id=247178/page20.html/
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://m.sexemodel.com/profiles/list_ads/?city_id=247178/page20.html/"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://m.sexemodel.com/profiles/list_ads/?city_id=247178/page20.html/2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc8dc030-1194-4af1-8084-facb7fbbf79d} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2464 -prefMapHandle 2460 -prefsLen 24522 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e199fff-ccfe-441f-bf6c-ff6ea55bc5d2} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2904 -childID 1 -isForBrowser -prefsHandle 3312 -prefMapHandle 3268 -prefsLen 22590 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92adc228-9d95-4f0c-af10-4ca5509314a7} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3244 -childID 2 -isForBrowser -prefsHandle 3848 -prefMapHandle 3396 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38f2d565-ce13-4183-b3bc-364d887f7e01} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4428 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4416 -prefMapHandle 4412 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b784cdd2-4b0c-4e88-8272-fcf5d0690fb4} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5240 -childID 3 -isForBrowser -prefsHandle 5276 -prefMapHandle 5272 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24825cee-d82a-4bb5-9f03-0c08f8921026} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5252 -childID 4 -isForBrowser -prefsHandle 5420 -prefMapHandle 5424 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0db2860-a498-4779-97a7-65725a95d619} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 5 -isForBrowser -prefsHandle 5604 -prefMapHandle 5608 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {193d2ef1-8428-44cf-8f24-1d862dcb321b} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6128 -childID 6 -isForBrowser -prefsHandle 6104 -prefMapHandle 6120 -prefsLen 27031 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47d067fc-263e-4626-bfc3-46e2fbbcbc48} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6424 -childID 7 -isForBrowser -prefsHandle 6436 -prefMapHandle 6432 -prefsLen 27174 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fb5585d-4258-4061-bdaf-5c7680357ad4} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6452 -childID 8 -isForBrowser -prefsHandle 6592 -prefMapHandle 6596 -prefsLen 27174 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {677d903d-adc7-4395-8a4e-d59814b214f6} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 9 -isForBrowser -prefsHandle 5712 -prefMapHandle 5544 -prefsLen 27961 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0516fce-8b30-47ca-b8ee-dbfdbac0af8e} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
13KB
MD52c9017b3feef80010c0dc8c303658950
SHA1aeac40f4b95923bc77d5880112da7d9632eea3cc
SHA25693a03ea25c76e602c1183a4a2481de22d5dfe58ef6c771628f981ffd3e68a0bd
SHA5122b77e1639f5c2742646eec922f464dcb993094ce2a96617a635f54c76bd06d89f532f99d0a584e66325dbca2316d4c043da275173e87635e8da36f00b77ed2d2
-
Filesize
8KB
MD56400fdf9ecd101e22e501e47c0bd0c92
SHA1cd8372e924a1a88e24b7d4d9740f65bf2194d264
SHA256b7f7a8be067ff0ef1d1781ff73010774e20728f8b93aafac3d0c1045a089f90e
SHA512db850f3c339410bd4b07f76a41dcaef4f2029f851081a4330bfcee24dda4fc3258aa3fbce485ef399d8434c92414b49333db7bf0f19bf093695326d6963a27e0
-
Filesize
12KB
MD512af65e173129ac6d487649ffd62ee9d
SHA1868e3ebd108d774a8e44ffcdc402c803ae9500af
SHA256c49d51b42f25bc73ce63a7589301864e38998d9401dce26bc31372a7cb4dab2f
SHA51206b55366313522d21bd4f7ecdf25dd24e65055711324975963c536565ef06c5fcf7a1a17e65b6966214bf0957fb3aa5c38b8c13ae31ba4fbd8111f17d93a857c
-
Filesize
5KB
MD5b560a5779f325251809dfba18d5a1a8d
SHA16d69ca03bba713bb469a7c1b1aff4feda1079bd3
SHA256792b107484cb1c531fcec61b3fd695c5d51c76822346e7f4999ad5a322a2eea4
SHA512fff2fb10656e2a78990a98b56b1cb0ac65ebf96273c25c2bf386aec9021f7d87390f8bd736f3da3c717c92a51f0ae7896aecf3411d5ae2502eca819bf48e885a
-
Filesize
6KB
MD56f470fd9b4a92efa9c2e9417133b9e44
SHA17919857e8bd46a792c165cd47b39100cc5dc25da
SHA2562cab6c926df697d86e331a315b1c56c93ada011efe46653ea16265304301b698
SHA512da5376b40bdf85ac5d8d7cea81d18089cbcebfdef79b153e40ac38d157d7738ca1480af91a292f08f6b1eb2fc0121f91f3e3166ed304e9c6dcc38f14a53bb6da
-
Filesize
5KB
MD55484628c5bbaaf1b25a797192fdb3fc6
SHA1099a6c8897adf9b4c69871e7d043e1a762a8dae9
SHA256fd3c8d3646eedbf8939617f85909e026e51d90ace4bd2e1c18994a8e1c48ff77
SHA512a7145a3b668c5174562711fa08763320c2566e5561f246a2f09e4dc15bc2108194f325b9be77148534514905a01265edf3f4ecc0a9772deeb2f75e043f89ca25
-
Filesize
982B
MD531df516dd85a259483f3d341c58ec29e
SHA1ec1980547d7173e9f358eb8071168aac19e28b8e
SHA2564eeb59f1265985280d823a9505f737067480e6a773e2cf783d2c76fd5d9f020d
SHA5127eaf857e3322b63e68b63b91e52d2d75e866fc7d2539bad17b04c6940e1281236b26ba8f22e96471e9158a3ecca9c97943b923dc7569639b1ad64cbc5a874531
-
Filesize
26KB
MD581cc832b6d99de467e08f09ddb14274c
SHA1c164486b229bfe45bd9a9da4e4936a62a0304139
SHA256f2e7f4a3ac4a0335946731ceabf3abcab87cab7a3849158d0c62cb9eff981c70
SHA5127b2f8cb41a35a2834981b61480ba6600aa7ff1a8ee689b1c0b6e69545a6746d79303f3c74a4a9f3b7e75f0914550b2e2108865bb2ab7e172afe203eb49ff2ebb
-
Filesize
671B
MD55b9d2d5ac08317b53244b921eb78eeff
SHA11979a5de59005ab56de0957330243fedf102bdc5
SHA256b1fa1a78354a134f76180b088e85bae588f650295582df1854805d2599d95826
SHA512a825b4b7257bd592f060cc70fc9011e34dee21940b1043a84b46bf4c3754e47c86467f660b5e7168acdeb0d75d0b973c1e63e32b2f81e74be0c6fbbca712ee8c
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD513ced7648b82a0fc03ee4c9a61d50111
SHA10f8fd57b4f93dfeab74149b41dc97cb5dd2dff5c
SHA25607fb61a4257524654c6192d4640c677e5d8e812c0f4118af218df94352c5bce8
SHA5120952199b4d9c127899dea386b5adac8cd078a2ca22a8601d6b843adb79d59bab1bf3ccf65211bd1c76c5e5b3267a9996b2cc11595e915e37470b7fa76814dacb
-
Filesize
12KB
MD54086fc40c8e10d6ed20e179b54e40e7b
SHA13389be7d8ac76f8fd55a6207aa33d7c8c41fd2ea
SHA256c57e3f1ead9ed59299e303bbb6edcc0dd5be1868534c6a5720ed0069a86c0454
SHA512e7dc224ba7e0a4c0639a7d38166da17b11b40ec4090264230d8f991bf4fef8084956600623a2518e8255f6a2d3d6c50b6931f1ad48f56cbcb2ed7887a5a5d9e7
-
Filesize
11KB
MD563da3c6a9779aa80824641a898b0aeaf
SHA1e30d339b6ae8a3683503e827d3501c8331e4ca10
SHA2560df8bd86bee7b7e1f69cfdcd32ff719f1146410eecbdf35473625af0f7037b59
SHA512ef347ed19b71b984addc40cce87b6772054ec84191a19aab28fcb2dc779e45359e74d060f574f6ba8345e880d17d7cc94e579784c203e33c0d79c8100ecb04f3
-
Filesize
10KB
MD56021036bee955362c2a3cf603bc7a78f
SHA1edbc7c05319a63d48a90ec5069d5c9d6e729d952
SHA2568aaf7a44e0b155ad42651030bd98b7b859f4ada0a7c7a146d4923c6da55a17fe
SHA512b3c04627570bd5a0b9e81139fd1c97e2aece4ab98955ac819cd5e26c2382450b641f48b95129b1a0dc5f6306f6d10b874683f5942dfabf1306b3acf33d8afea0
-
Filesize
4KB
MD553627eb841ba99af055fe4ed54004194
SHA116d032e17bb44e04386d4a79eee6db047d7428df
SHA2563863f2296c514393acc128b5bd11a77a6d131775699527d6ace827fb5b354cbc
SHA512b2795b4cead989e2a7bdd8a697c57870c6444a44cc56192c8beb163d3c9625fe8d9afc1c95fa779bbc8fe06190d507757f429401f80e540e4a4b630fb7c812c2
-
Filesize
5KB
MD52ecb3d43bdb37ded24a605e7c783ff8a
SHA174c0de561ebc2086772924b7951bcb0c1df0d0dc
SHA25609bb55a6414c7b2ac4062be31a1e75b4055ac150153cc3fb704f0da3740af058
SHA512af56e2dfaddc5809b0771ef331985fc7c0186d74abf05e0ea1ca4251e53cc32cd1bdcd05cdd4bbd31d14e5fc46f156218ea400503b5a6cc101c669c901ccb4f3
-
Filesize
5KB
MD51a5e8cb350a86fd5716034a3e6b261b9
SHA129f1ec7999787516792ccd680e6455bf3a363a9e
SHA256bfca14d6545742ad1aea258d70cedd29bd2e940dce5e90eb452d474349f89072
SHA512604de9af189ba2bca1a5c8d4aa16f1288b1564d225116b2a1d5d0d467a6e0ca31e2079df4877eff501cdbc1e55ff9d6bff1de7dbcfdc4f521f3869de61bca24f
-
Filesize
5KB
MD587ff7ad7c3cac635949d8da914f54837
SHA1bd76740245bd6aa63f3e46796d26d8e71e017824
SHA256fd5868b391ea11a31606dbcf2a85e98ff1d6a8d407eafc7c4b459fee32ca958a
SHA5122d5e649d82c4c959f4fd5948c0ca630b730b587bed0938684053fa8a370af5c2517c2830b790b50bc0e46e035db458b97058f46ee59132863555bf1da5997911