Analysis
-
max time kernel
13s -
max time network
14s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
04-09-2024 15:07
General
-
Target
http://minecraft.tools
Malware Config
Signatures
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://minecraft.tools"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://minecraft.tools2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a041b50-0611-45c4-af2b-ffa4a714bdd7} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2432 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {841c804e-2842-4998-85b4-c9b9a3a1ee0e} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 3384 -prefMapHandle 3380 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1340536b-4142-4c20-aef6-91138c75ee55} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3656 -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef95ce9c-fb45-4f04-808c-41a8e431fd55} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4608 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4392 -prefMapHandle 4476 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2c8b6fc-8df0-4bb0-a58c-b745f15f5483} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -childID 3 -isForBrowser -prefsHandle 5228 -prefMapHandle 4444 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0b8923a-80bd-4bca-88a8-3da282f21559} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5192 -childID 4 -isForBrowser -prefsHandle 4492 -prefMapHandle 1584 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42c618b9-dd3d-4713-9cac-d26c6d542522} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 5 -isForBrowser -prefsHandle 5664 -prefMapHandle 5636 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32cc5819-47f2-449b-8c7e-1ab88e62b125} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5956 -childID 6 -isForBrowser -prefsHandle 5940 -prefMapHandle 5832 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92b70743-bf16-4e6d-86e2-b9354d31d56b} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6160 -childID 7 -isForBrowser -prefsHandle 6244 -prefMapHandle 6240 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 884 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1749d0de-9ce0-47dc-b9d7-eb9871f02937} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD52966c6a41dd6c0593950c3ce24ea428f
SHA11b3425969213c81f106e0ffc106744816d9f24e9
SHA256ff3c779b2150ce5830c342281e0cb46dd3fb8ac6ce23952b1146f4363702f5c9
SHA512493f32ac6b852e928d649f9c568b91688424919bbb5f1e50982dc6d866d998b66dc4d624bd5e0576d81ae31487c816b68442ba5e0b01be40090eb186073b775e
-
Filesize
6KB
MD5f43c54848c9ae7c5b8d7f36264566c02
SHA149518bd2b3806aac9ce80d1df71e66f45938b4ed
SHA256b6a88b75a80445bca42140caaf7e3d8d17c13afbdcf6d0fb053841bcd234176f
SHA512b7606ec8e8df4f042e18eba71e8b987e554b0adb8597efef59d91d0c3b4dcc555320443ce837e12d2d160686f873e62bb15d736e657b8e4595f7357e2ab61fea
-
Filesize
8KB
MD54830a4a225d754624ac8f979261d8002
SHA129ec732d866d29498c54a7a1abe06597733ac1d4
SHA256c1516412128d22680a34e62f318cdca9f058650192d3fffd33971c4c574cdcf5
SHA512a6d4e0ef098d6f5c758659f75d2c2dd55fd2926fd58fc3ff7f73890e807de33ffe564db6626418ab39329281726d5e55cfa3a45288bd3902cff26bbb381cf9b4
-
Filesize
6KB
MD54372da76fe65d25711b11d29ded62cfc
SHA1aaf25cf28a91db4e7c68bcd744cd2db340bb660e
SHA2561045d30d45a70e30e3bcb9a89402b18c3597bfa25ada74846143794c92151af2
SHA512b41586b947f921e107cb8420618badf41fd1d93562cd6ef11114c3d315e3cd9028c77cf991de4f952f436d531c9d2693f0c8da81a91babf553a372dfe3c426b6
-
Filesize
5KB
MD5579cef9def029947f5476d743865e27c
SHA10c1812afcc0b1357715d9bf400704b97a4e063c9
SHA2568dc3550fd11c5c668c9f5c9487e986061e215da1b877f4b3b1c6f63132d6fca5
SHA5126fd134a3a83e9ef00249af201b28d1b2430000e0fae2cba3a88e208edbe990a08c587b23486a571d86a57f8dab85e1fc1cc6fc7743133c6b6089e61ac4c1a6eb
-
Filesize
671B
MD5318a14fde1051f4c20c0d63d918a4b05
SHA12c511a2c565d44dc7fbc32867b88ec93c8bc4914
SHA256e95f6dd44f1884805022185b5451b2969661d8e37512547f6de3738c520ed79e
SHA51236d820ecca9dabda9e14042b25cc83826ebf8932a32d66000e1ab3bab510c431c2747e1b3766079f931bb915f60bc220dbf82e50dba088bc2043e7e95d375f34
-
Filesize
28KB
MD58f6453b82175c671bdb10a4dcb3ff719
SHA125ddef7f511c6cce95b269fcf5242159acb2c75f
SHA2569945311134e01fa39b65a6ef13fe7e5839ee38707b225dcddf0410d7281f1389
SHA512a0c5e5a3f3a73138a3dd362f1189d1a42a94c599bd428f1bb78170df4456c54982016da1dbfeed70002eba900c67db234495e9cc5113ffed98f2ced422a4a1bc
-
Filesize
982B
MD55a0ff888d02bacb7fe37ef75bc82030b
SHA1466f30a65df38c25f5bfd9a8afc4179300cb4903
SHA25686322d29c0c1b57f0cced4419a35974568391887dfd45547d143f69ef5602cbb
SHA512497731d6c7c14ebfdfa5dcfad9f56e33c036770fe4f807eaef6c86964edf82fbca55ba88996bdfbd47a5717d4aae866d718e3f2b5eed0165f6a21d1c58257c4f
-
Filesize
11KB
MD562b0e928ea80e0371af919b5319273a0
SHA1fa325a6876176db8062a0c9eea01cf90ac4586cf
SHA25688fe0e80e2242957c95b65b639b3d7cd3fdd2dd6d4ec618283121cb281a99d95
SHA512a2c7433faf0fb6d8a2ca932527bd5675488c30f423b2c08f1c4b05536587ed2c99d021aec58b806362fefe0f18964e908b8240456cfcf151f60ffce54173adac
-
Filesize
11KB
MD5b629d24be0d0799fd8471113c95e2709
SHA15081bff3730dec5645ddc8cbfdb1b6d2c18f025c
SHA256612d581ae07cfae4fbe83ace5a2b51500aad91add698e64cf251bbc8e1b21c05
SHA512f72adaf52969df14e865ab10a30f15e13fde3e8cee315b83ca125941286894d0a8be2a78420770f78fcf416479dddb796c50f972ccf4dd80d44b04ad9598b667
-
Filesize
11KB
MD52696caaeeabbb6f27c8276a0d703117f
SHA15138cd5de665427854c1ffbf1a1bcdd7403c8860
SHA256681a66f287e04d6c5a7ef221bd157e52fa502de555adb2a47649b38948e443a9
SHA512e2207b20737e34d8aa64d3dce8b447df610161f4bb4d61b80df6f49629f395885aea82fea528becb7537caf0781fd2a6be58c40d7a02745dd0b18f00c41221bf
-
Filesize
376KB
MD5338ea86ead3bdc42f13d17d0619b999e
SHA1a4c8ca6f61301241b6b46be310dbcbca0a117d59
SHA256056b4d1953862455ac36ef76bc5269d837dfcf366aa99fced53976807131198c
SHA512aae9f2cb132e27e0673d87661fba902a816892cdaa225645a226cf0f7b15a1f19168c99f133daf096f15dd267a2eb7f248aa3f80adfefc914cce0c495e0982e6