Analysis
-
max time kernel
125s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
27/09/2024, 16:21
General
-
Target
https://participant.briweb.com/login
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://participant.briweb.com/login"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://participant.briweb.com/login2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {806b5382-a72c-4d0d-b141-ed889cfe60c1} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2240 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6fe95c2-c51e-4123-83df-7db0fe49c3c9} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3120 -childID 1 -isForBrowser -prefsHandle 2608 -prefMapHandle 2980 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36fd59b3-4d03-4257-a288-d2d8819eebf7} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3684 -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc7a7e29-71b1-4c8d-9f89-a031e5c372f1} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4792 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4744 -prefMapHandle 4692 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e056df45-f5fa-494d-9dc3-ab8d8ba2338e} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5280 -childID 3 -isForBrowser -prefsHandle 5272 -prefMapHandle 5156 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e58a506a-1f54-4b40-bd92-63a97093f9ce} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4952 -childID 4 -isForBrowser -prefsHandle 4964 -prefMapHandle 4960 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51d1a116-482a-4c44-b56d-b43abf901058} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 5 -isForBrowser -prefsHandle 5592 -prefMapHandle 5600 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb0db7c8-0368-48c8-93d7-8443421b1b66} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6168 -childID 6 -isForBrowser -prefsHandle 6160 -prefMapHandle 6156 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6effc86a-8bdf-46c3-a66b-f9f807dc4b18} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6168 -parentBuildID 20240401114208 -prefsHandle 6176 -prefMapHandle 6360 -prefsLen 29278 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2aa9042-60f3-46c9-84f0-f89b2401d312} 2036 "\\.\pipe\gecko-crash-server-pipe.2036" rdd3⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3908,i,4356837537417149674,16553092232944545509,262144 --variations-seed-version --mojo-platform-channel-handle=3888 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD5c460716b62456449360b23cf5663f275
SHA106573a83d88286153066bae7062cc9300e567d92
SHA2560ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
6KB
MD565c5e28376e49ba0c5e8118f958afe10
SHA1c44e4d3a0a2b5842f063f39fda38c8421ea02b5b
SHA2561ef5d26e25c24a381da4b49c063a6c96e3bc17528bee8c690829bc8f11d923b0
SHA512e04fad135b50408ab0e52c8d3fcf02ed7e9cda60c705d03d20014ffd5f9c66f1b1c7bdcb6e7892997cf957ee28006266de801c1f02908cc5142ccb09b50e4277
-
Filesize
10KB
MD57771c55bfba1e73d7493fc281917e76c
SHA185257f0dd58aa4303dfc876e2fdbc8c856c75db4
SHA2560cd34d084c022143b411b5573509fffa6cf745f63070001e3e9827d301fab5c3
SHA5124c2875f7095a531f3d73fa3689d7637d242b9dec054d6db46eb5dd387cecef60544bb47b9c68d1b6de701bedf3a2eb7f5882907e0a046ef80d97175599f497f0
-
Filesize
5KB
MD55a3cd30474273e2718424762987ced86
SHA17d50203c5feb50abdb2aea8da820483fe34fbf6c
SHA2567e65356152ea4909c28f8de5efccda9542f00ab03c13c9eaed4733ab387ba07f
SHA51295d583c1b6c089d5dae443e7a9a40f49da8cc47fa1df879c93c74841c8aca727930705ab0d7bc296a2177df91219b0e502bb71541dc6a0e1cd0142e94e6338f2
-
Filesize
982B
MD5769d517bac4604dd5f9bbc22d57017e3
SHA1e95a3ad337afa7a39be777cf045bf789c31da96f
SHA2564fddb335e5c18dbfc244988ce06418b9ae2624b68fd08a55e89b165f3feebd21
SHA512cb4720b056ca65be9d5193910be8d4c6a7c89eb808e15a43fe8046117732a41c84242dd0f1bf0d4a7bff0420d86ffa5a7dcdb579b97bfe78c04572c3672278e8
-
Filesize
27KB
MD5c38d3637afa397034eca78027ee2a31e
SHA1c2e3f56fc8f206f2a7bae238e195d342d02d8c57
SHA2566dec9c0b7aab7762bfb8d896944b4c44626060bcc1ba00abb7513e86e7b67ba7
SHA51241330f2d076f811531a031147c6a46e4cee131feb222bcc4edd0446950ec12e755bd335f4f8d182058a99887e7f08a9d047c34fc14c0d2fc783341fd56a3adaa
-
Filesize
671B
MD54ab0924cc5268df8a0a09fa9c101aa6c
SHA14f9202dde1338d818bf440bb645de19bab212164
SHA256809edd9b8ac731aec55c8eea1a7a080902ca4d06e0505545de7e1ea01d519707
SHA512150244a88d7bf0fcd048714b74cf3723726924d4308e30b1019973f9ca4eb75ab0135acb30550df94e4a1a658672691f8a3876af4f58da7e5a81889b9f0881be
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD5214a25aff2383a00f8639580039144ec
SHA1c1e1850b4dad5f2ae4ea1b0e2720aaa5dbfa71bc
SHA256de3d228356a6bb50d6e0d29394f751fc8201e05d742499e9ff924803e0a94033
SHA512862d10462b9c7b848d0d43e897212df7863b6cc4b3fc24af93e566d389f44b7ca1d13521a2f8c25461f9990f88f6851cadd6cde3b76daa9748377d7a52e7d1c0
-
Filesize
11KB
MD5a38f89c9435807c542cb914c428c8885
SHA1688bc765b18a976eb86d69741387ff9bcb487398
SHA2560fdb299dc46c09ae0b297a0ac5600bed64b15061e7ddadc9a8ce67513d376b8e
SHA51299cf059b5c7875434463207455ef4eb06eda159f83b19230ddc74b0a87ebde3e67c65b97568d4ca419ad568aa742befc8a0d6bb5951231af5742471c35e8fe43
-
Filesize
12KB
MD5465fc3047e3d7cffdea7278088154c14
SHA1cc0bd40ff2e2f19c3b80883a094c121f38cf03e2
SHA256166ffe1acb939860707fe52973c4160af6c9ba80e5b2afa9e8c11c22975e93f5
SHA512553c058fd72d7bd597ff507eaa41ab4aa6c2e2136fbf6dfe08363245af172fd93af971202089d912900847e9d7cd88880de8c23b58e51d7176076966bfae522e
-
Filesize
11KB
MD5789336cee727f52a8fbb0e0eb667c11c
SHA187cfe36dd53a5a9b5e58d74cd9e05b900fcd69fb
SHA256ae43466ed16ef6af6630020d40d375b42ea21f1181433cccf539f98862cc586d
SHA512011665502e10a2128266c97a225102f0cb88af08bc724d71decba8f7f1e73a33382ca4e69fcca0b25d19017c6f119963d2fda6e12a796923ffdf195c4c2ef7a9
-
Filesize
2KB
MD5443b0320da86ea9afdc1cddf7381adb5
SHA1ad1d7b2ab9e50558a9d49025d8fa71ec085e3384
SHA256be5eb96634f5607f5311a23712c4c8b2457f84ee5e048c2e2bc42390c430150b
SHA5124e90b286f18714a9f9305c3e382d96eb0ae5cffdba6343c7ea36809c41837f087794330cc72713a80c038fac11f15d763cf5d68e6bda6f9e91e6831ec996a003
-
Filesize
376KB
MD5b57688a1f43f9e27ecd46ed86968efda
SHA137e64cb68107e245cb1489f972bb8de99bfbaf50
SHA256e33fe35196fe5895faa14403ae1491fb292b0fd2ad1cd0bb5c3cdf9f8def9ffe
SHA51265502d67e50ccc209d03ed38fae7705efc3b23c6e7af6d7cafd0b023753f5864a78a30dd31e462438b60006fa6d01ef407368c0003774e7554e99723a6dbb37a