Analysis
-
max time kernel
31s -
max time network
32s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
17-10-2024 12:49
General
-
Target
https://dillongrubelaw.us17.list-manage.com/track/click?u=2cf5456d750e6e3172c22d04e&id=838ca7d39a&e=363112b073
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://dillongrubelaw.us17.list-manage.com/track/click?u=2cf5456d750e6e3172c22d04e&id=838ca7d39a&e=363112b073"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://dillongrubelaw.us17.list-manage.com/track/click?u=2cf5456d750e6e3172c22d04e&id=838ca7d39a&e=363112b0732⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bc61c5b-5b85-4832-9cee-24a566dd6151} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2260 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92993138-affe-4bef-9904-ee3e482baf1a} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 3160 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1084 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9589e79e-1e58-43ab-8243-fe7874cee99a} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3864 -childID 2 -isForBrowser -prefsHandle 3848 -prefMapHandle 2784 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1084 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55c93870-13d6-4abd-9d06-bb30e5614981} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4668 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 1212 -prefMapHandle 4576 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {658b6d6f-08a3-400a-a76a-c45a82c0aba8} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5288 -prefMapHandle 4756 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1084 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41e26756-5f3f-4daa-8464-487cd1949c92} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 4 -isForBrowser -prefsHandle 5376 -prefMapHandle 5300 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1084 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {721b0e5d-b2c7-4132-be20-7d43195f9cb1} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 5 -isForBrowser -prefsHandle 5616 -prefMapHandle 5620 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1084 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb68d067-0c2c-4f89-b32f-6179be184fe7} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4756 -childID 6 -isForBrowser -prefsHandle 4624 -prefMapHandle 4620 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1084 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25679286-7b0c-41dd-9543-0974832251cc} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3164 -childID 7 -isForBrowser -prefsHandle 3332 -prefMapHandle 3348 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1084 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba99717d-8bd8-4ec4-ba98-6862698cff7d} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD51c86c2f11e496f0749df283c2b41c69a
SHA19b6950e8fddc180e7f9da2028135e7fe547ea141
SHA256507120c4cc2610517581141f02f02933a9ba1c1f4c5eeda8fa362fe03c1cbd3c
SHA51294f1da41d191d9f11c5971b479f52599ebec5c777eca72315cd878e2a3d0714f0d033b0c38cbfc59ed5116d2cb7fc859c79ed20ce1f249ca343e45f6b6b1ad18
-
Filesize
5KB
MD5e6e95baafd20899ec901565f20ecf23a
SHA14b287388734be8422766f7dba3ea9eb12a96f0cd
SHA256fa44ddf633148500750b5baf49ef9ef621149f8229ed1c4f122e81d2649be013
SHA5123f75d259f62c93fffa283534a84aa79d0005351406d9902d69568cc1162abd515d1503c0c3656ee3205b54c4b6c435099f5a5696c1b658eac6168db185c6b526
-
Filesize
6KB
MD58c835d503b6d33c91995d36c070c0810
SHA1e8a02dca2119cdb7ec1a04d83e7f9f3f8b78df32
SHA256a3fac4bf88ba58a25db8a9fed232add9bf55e5e0549f67eed29ac37e5b1593d5
SHA5128d45deb9ea0a63f38926037f1145aad7d78692796d3b30bd0f57cf4948e2fa655581edda7e7779747cbdf0e83a5a495a5c2cd8044667f3ba24a6ab406fd16365
-
Filesize
982B
MD57b15a020ffcc0bd836f1fcc97cd26a4e
SHA1432c2af325d92d12b42037d194d858a33bf5857c
SHA256287df83bc3b05de9fdb87cecca95600a3c671d86ed8a179310a86a642e7cbbbc
SHA512524dd738a6d63c8d38dd9ad7d5889c67cfcf43c4e09d129cbf1616ddc880ef3e46aee22055cf4e54aa2c1434dfdf2f01e6b71002d32a26ecb9f3c22d8410b416
-
Filesize
671B
MD59024e67b19714019f16b295df6afdcc7
SHA179308b7aae11143ee9d3c691a612e96c2759b235
SHA256b98bf788aa288addac9d5c5bdb3b75c503bb0c68311f61cb68aa0bbadcf87a0d
SHA5123e56878f7e4cfbd996d7f85458934bbc9904695caa24c8a887259e6f843800b011eb6b54d8c0398062984e4361e56dc70a29b05b2aee7fb22ffcbcf7fe382254
-
Filesize
25KB
MD5dcd8e3ba9bfb2459ac8d9cfbfb0d42de
SHA1e38ad65db9ea850200b56c1aedcb6ce009c3264c
SHA25616ea38be9dc71de9ef67ff4420052c54dc20691fa420c3072073109b233a4252
SHA512ab075a2a2aa5299bc11f56932d2eb3258a6562a67ca56454bf4982d8289a38f01a854c4f93cedae60c177ee696974f2d442e13767a10d2a36e375d1965449617
-
Filesize
11KB
MD5cce1970ab47eb41b85f61cc02c8a0b47
SHA1e9d6ea1c999bea6efc1cdf35b9c37dfb72836236
SHA2564223b40bf72a2b522f595a539c8a335330b284589a442235215cfac0dc930267
SHA512394310a08d0e013da4239da78ee77a890dec1cf0edc0b73bab3980e6b88b39cec7945b99b1e240fcad1e607391f3043df51d34664f1330e56024636a66b29789