Analysis
-
max time kernel
5s -
max time network
7s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19-09-2024 18:28
General
-
Target
https://go.i3verticals.com/r/171962/1/1852856739/open/1
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://go.i3verticals.com/r/171962/1/1852856739/open/1"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://go.i3verticals.com/r/171962/1/1852856739/open/12⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a588b836-2125-4468-a497-69724b9311cf} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2336 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a9b6e79-a194-4a62-8b95-e5ac7a3e7da4} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3120 -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 3040 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93b24433-d0fc-4cbb-ad2a-d6d667f544bd} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3548 -childID 2 -isForBrowser -prefsHandle 3412 -prefMapHandle 1332 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7168108-4c41-41f6-9596-7dc10e1fa9b8} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4584 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4580 -prefMapHandle 4540 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eeb5c3ef-58cf-4f7d-8767-d6192bc2b830} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5188 -childID 3 -isForBrowser -prefsHandle 5272 -prefMapHandle 5328 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1430bc2-c5ae-479e-9ada-6fe9cd0b9f1d} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5448 -childID 4 -isForBrowser -prefsHandle 5492 -prefMapHandle 5500 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33d4410e-8e7c-4c7d-b3e1-bc34ad02d870} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5668 -childID 5 -isForBrowser -prefsHandle 5676 -prefMapHandle 5680 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84f5b78f-b6d5-4ff3-8459-704b1547f2da} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD5d5435fcb602356e52ca2826eba177edf
SHA13ce70e0970d3396ca65bccbf293973f64a1c278f
SHA256b752b023ae81379746df3ab02016b0e50f655cfb5d4f8e323210758845eb51a0
SHA512e8f1d48c7b727bd48dcbaecee3801d979403e94103dc7169829428a92c39cc86d726b72cc8ca983e689db2ce2bc9c369590404e05e01fd53673561e40e7f524d
-
Filesize
5KB
MD5ccde4e80de79b1c85f16ba72dbe5ccd6
SHA18f2325e2284eaf2fdebc64da9ec515c6743b9e81
SHA2562e800792ed8303537a35633f924b56f071f940d4f914821a939773ebabb16b05
SHA512fe0714ff8b4c910c9e48b530563a30ab97ce6c1eed86c48272a693de13b8af8945a3d4e4d135e86cc84497362a356b925941f681c6dc1fa584b5f75138012aa6
-
Filesize
5KB
MD58bef2de9d53a944467673b05ca2be7d6
SHA104761a7e3b980ac18b15d099c83d24964de489dd
SHA2564dc9198586aed63d1db1e0551e176a0c6805c11646267a4bc996057a138fc0e6
SHA512f5159dfa32179c277d3f8e963a5c7372feace56cdf22776da728666ffa70f921384f6a49870397c5a1f073fa39d44c7a0e3a915e804ff06acc3274a2af90880f
-
Filesize
6KB
MD54304e59a806319f36c9070bb744e7978
SHA1666b12886b7f684e8b00da233ffaae11f8dca3cc
SHA256422e95e1103f51084dc906fc9bece6129b9f7ba42427a01bc5fd51d3c660e870
SHA5124f1199021be70f002647f87a0f63b48c7038df892601d20c659426c63cd5dbaa1a4e589566b6f788836158dc39d5a0740682eb33a2bd68356a02b52a76da57f2
-
Filesize
27KB
MD5a2e5aaeedca425df36c6dd6f300036b4
SHA18c808bf0e2c2322a2bfb610a27fabbe837f78680
SHA25671814202d4a88cc743d8edb81d4c58d2518bba5c2d9e0666e587e435cac6b521
SHA512cb1dfa69e16b645fad45c249232b295a9672fe58b8c6db7fc4feaca91f3194066fdb35f6c08c5920d7421cdba745490e6a081ecaf0475c72e505a1342ed2efcb
-
Filesize
982B
MD54fbf5f96a5e5f9623d705d28d78a259c
SHA1da7705db98ae9ee9a9b9fd685a96c8f378f3efe4
SHA2561427f98c5aa9a0fd0793ecc54296d044004af3ba57383a5eb6096f1beb52f1e8
SHA51261a299c364dd09485aa833fd1f5bebc59d92fcf5969333503e6526181a57078bd8926958f15a880b269019c5c6ebcffa5a2f3aacfe1d289fb25b470cd2a7102f
-
Filesize
671B
MD5ac5a6574984001a1fb679628f9c3d9bb
SHA117ce390bb83bc1969664161a3160ceafc3996f4d
SHA2564c93922b719b7205ef0ac489474d9a293affbbf169b7930c4347379f2ceea238
SHA5123210af6ee7df74e7db8c005f5c05a01932e1cc9beebaad34a58f5de4bca0357bd93b0f09ad88b60aa1125481c318dbbecb859746c85a35ebdf81cedb8e0f4665
-
Filesize
11KB
MD573b68d9d553d2b09d8db495626b60692
SHA14e7044e180caf8abcd1586ae5c116551481c6f05
SHA2563af1c676dc40fb7708724dfdc2ad8fd8a99b684c7a9542a70a181ffd27851749
SHA51288531e4a580c04775cddeadcfaaa33fa9dcfc36b2c8fe75b16ef2f63a0e14ca2a0f329359fb6c407f659d758689203158b655d6a3b24ae7effd32c07c1fbdeb6