Analysis
-
max time kernel
14s -
max time network
14s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
29-08-2024 15:44
General
-
Target
https://mediafire.world/data/bhgu-oloki-hyggu-uygbh/
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://mediafire.world/data/bhgu-oloki-hyggu-uygbh/"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://mediafire.world/data/bhgu-oloki-hyggu-uygbh/2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1952 -prefMapHandle 1944 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6f3926c-0407-40d9-8180-c44d2af795a8} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2448 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8e5b42d-56fb-4921-acda-ef6b4125e7d8} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2988 -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3076 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfa65d0a-3643-40ef-a099-22f2bedd0ef8} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2652 -childID 2 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {300f05c9-f7d4-411a-882a-f473efe24a90} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4476 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4504 -prefMapHandle 4496 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4d79140-6742-43e3-896d-efa8d30adf83} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 3 -isForBrowser -prefsHandle 5488 -prefMapHandle 5484 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a9eb3e4-26ef-42d9-b201-84d87df12e20} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 4 -isForBrowser -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd95b778-3746-4b30-8261-ce3903407b21} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 5 -isForBrowser -prefsHandle 5788 -prefMapHandle 5792 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74d3ea01-63e1-414d-9fe7-0db6f498447e} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3136 -childID 6 -isForBrowser -prefsHandle 3108 -prefMapHandle 3124 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f068105c-4791-4cc8-bc0d-aa6229c4982f} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD53047dc06050302fabb70c012778ad5f2
SHA176019a976d6c8035f2518074dc8726c2530a0129
SHA256d4f050231bb23ad4ed0fc862a6a9fa1d562ab9c78a2355eb0280ee31315cab5e
SHA51216a1310ca272b2ed3d22887ce084147061218c16825044aa799b278f91a5ac75110e905668b44d2affe5eb335836bfeb1617ce65de4254d0137fa158329aa83b
-
Filesize
220KB
MD538ab3046783ab688c624f1a0d99f536e
SHA1b90ee69a7768ba7bd72136bd01119ef3d5025645
SHA256246cad32ba4621321fcaef8cdaf7d582cf6adb46f21c4dc581abba18e03ca9b2
SHA512f514f5e9b768c3b6987c0249bb11f62a7b91db7d3c9a7c93c7a1d756de7d7d2888009200ed892184f1ef488629380dec284e035337407729be6aca36bb66c519
-
Filesize
8KB
MD554c9f666e511436b642de9aa2195a4fb
SHA17dff2c75a6e29f8783ec188772a507930cb02f5b
SHA2563bb7652c0f7756df15abbc2571275ded04ecffc9e77dcd96a18e09b174722a78
SHA512bbe3ab9c3443a2949005ec739dad63b02e6ae6aba76429530b8de1c6719128a8316f7f8214ddf32b268d871259cba9a37fcda8040d14446880448bf01e16b175
-
Filesize
5KB
MD5656ae67e767cad7534c8f8649df38c63
SHA12db342b74a2bf806ec18e914d2482c2afc7b171e
SHA2566c6e2738949eebc43b99e5ee8f4aad53eb207932ce26d763a694e02e83a1e951
SHA51282b3c373f4269350b036947ea2a5dd77426c5e9937855eb764b1a946dd833244788d6a97e1a93bff955dd3f4f5a00fff1583267c57e4c7cc156766eb3b0504dc
-
Filesize
982B
MD55bbd97c3a4702af09e9e8eb122424020
SHA18efc1b5879ae3db677f09f73782b5fbfaab76c32
SHA2569d81ee8fb8ccfe516dd7796fe145931d92bec2f9587a5c6bdf8c98c7e833dbfc
SHA512de52cc60910c8c847c1060a6eb0d858fde5c9e31b5209ff7af98f9efab54154409ab120b972be885fd06f3dd9c4e6789e7e8c1e8fd5b707c5e780c3c746a85bc
-
Filesize
26KB
MD50db2ac38d3aab40457960af9e9331b87
SHA11320379ac3aabd41f8a23e3b5c0187d0dc578cd7
SHA2565a286040ca669caaffd74d6ab45bfbe5f04a62ed516e1c2f7dbf60f70b5d2ede
SHA5123bbc80cbb38fafb4d6ce37522161f9f3af1d06d50c82fc8112fec7d079660a1d3e33487a86f4ea26b6b3a99a72124ddd448bf017b9861d6f096e1030066beeb3
-
Filesize
671B
MD5ee689f93708c1188582c642a87e18352
SHA102d8c45a9211081caa50b1bab839344b0090ba5a
SHA2561623131bb7b7cf05488b665d8d8d1be013780cae2fa05fa4e81c209fa00dfd35
SHA512cf47afa92d691f5d2313aeb81aba0d251fe556992d7b8ecbc5ac9ad22406e9dd3940896dbea715dd954e50ce31e254bfe1ca8a57e70f47c28e621b7d8945ea7d