Analysis
-
max time kernel
9s -
max time network
11s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
01-10-2024 21:30
General
-
Target
https://community.atlassian.com/?utm_source=alert-email&utm_medium=email&utm_campaign=flipr-inactivity-notification
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://community.atlassian.com/?utm_source=alert-email&utm_medium=email&utm_campaign=flipr-inactivity-notification"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://community.atlassian.com/?utm_source=alert-email&utm_medium=email&utm_campaign=flipr-inactivity-notification2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36dccc61-dcec-4e3e-ae71-4ce16ae94164} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edf61c7d-77a9-4b5e-bf46-8cc3f7d0b795} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3040 -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3028 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46b72340-6223-4ce3-9127-fbbaba2c4c28} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3924 -childID 2 -isForBrowser -prefsHandle 3908 -prefMapHandle 3900 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4fe635e-7c1b-41c2-98d4-b8378b8df36e} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4756 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2796 -prefMapHandle 2800 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75ba6dd8-aa07-4744-85f1-5ee74aff3e78} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5240 -childID 3 -isForBrowser -prefsHandle 5284 -prefMapHandle 5280 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c6a1da5-93f6-433f-8b76-17902c8c00ee} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 4 -isForBrowser -prefsHandle 5424 -prefMapHandle 5428 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aaaca6b6-ea55-4ba1-9f9b-d4c625847cd2} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 5 -isForBrowser -prefsHandle 5608 -prefMapHandle 5612 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {283085b2-1e5d-4b70-8f26-e06c9a1ce6ac} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -childID 6 -isForBrowser -prefsHandle 5364 -prefMapHandle 5368 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 940 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38aaa3c4-b727-417d-bf11-77e263a3d126} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5d786f4c8aedb22b3cdd335adcf9cb5f5
SHA1784dc864a06dab7dced9d2a4eba680b513c23587
SHA256830020a1c05681d38e4f18c015421503da526902507c7c201bca7c09bd0b9d11
SHA5126888ccb474222e4e972af88db1dc2cad2b9807a7b59e34e617ccaf309df196c053c510482ed1f4fccba0ec87cb111fc80a70efb1debef10a51fd897148d6b877
-
Filesize
6KB
MD5f6426422653ef7d7f706de696d91cdd0
SHA1483bf48103b77dcb684c0196db64ad003170c595
SHA256975e6c127b4ba891a2ecc3104fcaafdbc2ebe8590b37b6e2ce7332bab38aa910
SHA512379aa3e78e52c8e6eea6377e5312efdb56a3de5e9c6a9496044e2d53da7f1ef1d04f0390539b5a8e7c1636e7480b3185b93794b076733d3d46cf20cc1664bab8
-
Filesize
8KB
MD57e34b3b96ad3bc9beb304750d8752ba6
SHA17650412b69fb44a9fd6b9010850b3843d3693b01
SHA256cf0264cb0fe50ae982a76aea6e8e49a570696a7fe22cf9706a108bf1121bbf5f
SHA51210955854d34bac85e602ebca3e86c08205190a23105259d1fe09e56d844be7a8738445d5a53448a7d76da9c5ea8c07ce37f8f5b005e5999cc579e7c5cd0e8370
-
Filesize
5KB
MD5a764d9e1aba6a6030646a5d5900e1a9d
SHA1bcad093ba8379da1c2918b0610851bee5bf255e7
SHA256b2807330db55d4ae4d5a9d620daa129194ac1fbe26f401b58869d02f0024f540
SHA51203bcf1b8e31ada72118807a3271c7e941540c3d7e96ccca96abc51a1ce5bc091309370c71ea8f68d17e1882c5c8e7eddaa15f030b2e0bf767f135ec5cdf18a9f
-
Filesize
6KB
MD520d58e91a376776230b4d103aca88878
SHA1f2598303f44c777f82b2871a2c978405e564fa23
SHA2567ac0f3cdc1520d066cb31f18ca80593c1896214d025eee58d2d899580f8eb68c
SHA512acd9a6386ca8074a8d7a910c7c38167d819f7a6291858eea6baa3201ec010cd741f7d6d74ad05fd7ee4888ccc767be1844f185cd266c22d7778745a4b1a4785d
-
Filesize
671B
MD5ec8e34f082a14f05b854ba3a4f0ffbd6
SHA1f664cb0e1b59ce77e87ba85ea76849a911fb8e99
SHA256b7f5e5860b53aa0936b209b45b4b495b4b0a5063e4d9fd419716da900ba85a22
SHA512141d0bae6af70b64be71681b1d7720dcdec6b44b876b4aadba8e1733aae9efd5e2264003c6035e4c82871d6da7a9927e88b8d93165bf4d958890b774e3817685
-
Filesize
26KB
MD52f3379e745e07db5f290308a84e5bd77
SHA1356ef37d392a188e3e06c71f0a9424a082240bed
SHA25679827ec82d9c92a72aa69dd84ade36e24a26113cb1baee6a80d6fafc99631012
SHA512a1ec6df6736869da7ffe0573ed8e7ebe47b94343fca306c46eb32d3ade623e1a38f5f38ffa65e080964c976db943aa0d1ee92b18abe6ad32bbfe4b2d56162c5b
-
Filesize
982B
MD58a264504d8ed32f1a1305fda99172ebe
SHA152be5776eebb9c43d9cf9195001f7591c8998b81
SHA256d94155c5037196c94eb3f042870cdbe7f94d659eb94b5447e13396e102f8083e
SHA5127bd175ec512c154da1bcdea60d2ec0f9ea748ed9eaddde20c6196062e3b4b95f92fc7cd0576fb5856a332478da231f225944502a634952d3be9728ab35321102
-
Filesize
11KB
MD530729792c424dda46a1ecb1c7bb14496
SHA1902cc9e274bc78c356e28773f6d1998fcaa58c51
SHA256d72216c520d837c4232bebc7d3309712d9cafe12d3775faf89f30f6c6919f485
SHA5120c762b8126e2be1072c145630c892549288be69779f5aecf767efa6e462168ee36fc8cf4360dfa5ec7535e4f643608b17b20b553cff1e17bdc5dec773fc189bf
-
Filesize
11KB
MD5eb70562247f0c97052f6769a6181f9ff
SHA1c4d6eec16d911d669ca5bdeeb020e9a9a1ca8b19
SHA256864045424547d468aec370c56c5da36bd5076e934688edeea56ac89dfc515173
SHA5125a584c278c37a805c2a20bad5f26987e8c888e708d7dc00753a3103c3b4e5d2cb73d7b1b50c6d65ee73c221ad1e41c65135938d0c040263efef18cf12a3934de