Analysis
-
max time kernel
57s -
max time network
59s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
-
submitted
21-11-2024 04:32
General
-
Target
https://drive.google.com/file/d/1EntfsyIvY2ZEJwTe-8DJoX4BcqfEyheU/view?usp=sharing_eip&ts=67363048
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/1EntfsyIvY2ZEJwTe-8DJoX4BcqfEyheU/view?usp=sharing_eip&ts=67363048"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/1EntfsyIvY2ZEJwTe-8DJoX4BcqfEyheU/view?usp=sharing_eip&ts=673630482⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1908 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a156c10-61b4-4e58-83a2-58ad5c0db7bd} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2444 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf1fd388-cc15-49a3-97d0-2c4ba8898da4} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3192 -childID 1 -isForBrowser -prefsHandle 3196 -prefMapHandle 3168 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2ebd82d-e88c-4a03-878c-f903fcadebca} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3380 -childID 2 -isForBrowser -prefsHandle 3412 -prefMapHandle 3420 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfa24fec-1e9c-4b4b-bedd-503bb9796945} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4900 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4920 -prefMapHandle 4916 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a95d84d0-5e4f-4d56-be9f-1305aefd959b} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2824 -childID 3 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66dc54ec-bce9-4bad-9632-4d0fa20f117d} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5632 -childID 4 -isForBrowser -prefsHandle 5640 -prefMapHandle 5644 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c794606f-343e-4413-910f-1893605f9e29} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5928 -childID 5 -isForBrowser -prefsHandle 5812 -prefMapHandle 5816 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a62dedb4-9377-4196-a06a-9d9236d35061} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6152 -childID 6 -isForBrowser -prefsHandle 6020 -prefMapHandle 6148 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1af3f2f9-38bf-4e21-80da-df515d890a01} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5272 -childID 7 -isForBrowser -prefsHandle 6132 -prefMapHandle 5276 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d902f36-33e8-41ac-a5ef-6da45c146b7d} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5688 -childID 8 -isForBrowser -prefsHandle 6436 -prefMapHandle 5708 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76851333-8d22-4081-9139-fd5114f63308} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3612 -childID 9 -isForBrowser -prefsHandle 6180 -prefMapHandle 6308 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12878c10-eae2-4bc6-b441-72a52234ec8c} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6440 -childID 10 -isForBrowser -prefsHandle 5272 -prefMapHandle 4516 -prefsLen 27698 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f3691c7-741a-489d-a6fa-195fbe5fc50b} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5756 -childID 11 -isForBrowser -prefsHandle 6496 -prefMapHandle 6500 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f6decfe-476d-474c-ba97-6534a0b2eea3} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD5e610cf4a25888b15f843d158b3f7b8c5
SHA1ec3e6c2ba33c0e9a070049cb9abdc97e2a043f70
SHA2561f552a8fa7ed695bf09d840e36eee51a61adcd690cdb6edba1592dfca23c5ca3
SHA512efe53cb3d2b04620cdc51677343a8c26f2cbacce2595774f468d90aa966fda2ee85b6dbfee7dd6fb3a9fbdcf0e75a4835098bb9b6f6b5ffebd49c9d41ddf3f86
-
Filesize
65KB
MD51cc2893e1505c3e86e15596c0ea34fc4
SHA11782f514f057ae7b57889828d1182c4fd6229afe
SHA25600064c04f642e32c5daecea0e93e508fdf4ed281f1ba694905d105026022b845
SHA5120d6d585988c9541bd7e1d729d79faba923b4290e3b803193c3deb499002f35e88ae595a986c9e2761a98f750b372d80dc66adb83a34a5daa9676bb8cf9f4099f
-
Filesize
56KB
MD568cb0653e93bf3809524ac90226fa07c
SHA1725d9a2ed6f75674d3f4bdd1fe135f85e2a2becc
SHA256dc01379f12423460bb99699d501646ed1134fa7b9ee523929575ab22676b323c
SHA512a6f21649dc6a03889ca7cf3fb909d67224e70cbf343ef9665f97726d8ecbef64d863a3fb82d8ccfb7fa3e60729cd129cf9b41a59bb4d1a8f2d8925c4dfde0509
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
10KB
MD548857e3d45869bb27006ea159622e5c0
SHA1ae323af8b382068255255d3c769a9c76768f2c87
SHA256a789021b7c021a1777857d9819a333102adbfa6f876803afafb1144bf3477ca9
SHA5129dc4d8dae0c91cebbdbf9b52b878632e29e8e41f742d4c33a14c037989131136a7ecb6f98c5f1fcadf41a9243ebbdb5a1104478d548e6a9ab0040fccb5f26193
-
Filesize
13KB
MD50bc2c180837812a69c8d8a85cb0cb1f0
SHA1820fb8c36fd1a2e231b07791cc2fd621dce39871
SHA256d63e797867912bd681f19a892674d2d44e0114f17791f7ad0a2acdb1ddcc3500
SHA5124b60b5719459da3fa21ca244058642b3b87ee5d5be837055582ec2f19ac4b553b6608ce4e41fb24a65238613cbb29de27f9a2aa30932b3b00af04559e89f661b
-
Filesize
28KB
MD51faf5ebd320f83b9cc2982f494e724a6
SHA15f4838d2b4a6c926d845e2efb2cc862b6a95ad7e
SHA256829bdc9de6274fb8acfd048d461f6955da2c1bbc938b1c0fe58e174f42ccc870
SHA51298b5a96be6be228a31b41ad0774cd6f30825ab402bb8d791140b34b7ee14a8a2a7989210a0fa46e622e27fab9628841d41108824534f4413264d11439d7d4ffe
-
Filesize
6KB
MD5d18cf87b70a573f6ebf62b4aca5465ce
SHA1e3f7d1b46468f20891873b419d0ce5ee62b05bf9
SHA256ae208d930f9c593bceabf413606d2d1e36b4dc9d68906078216592b5d80364b9
SHA512dbd44462d73c18c1197027a46a72979e2b41b11b11bd5de4b80919becd6162505e8f04f53d7033e1872c224118955fa11efe4520f82bf3a5d97bab8284a06c3c
-
Filesize
5KB
MD517f885df86fce689f440b7d1bff18e74
SHA19bb9a82cb64510bbb8cc71c5498f19d9bad31bd5
SHA2567551f616c174b5126d11dc21d39e34ba025a8c295886baf77031ff39617a5040
SHA51294996b04ffe119433586cb8f6c1b36164c67607820acc6647f150ef9fff8d7c9e6309e9cb19aa6a4249a3204d9d1d50c36030012a1db9822096d2d809f88dc65
-
Filesize
671B
MD52f65384e30a6c5290a01cba8a7585190
SHA18342c7538a9d4c9e1ab08f9500df3a5948c1243c
SHA256a93d6c80dc8f9f9bd599e232c9ff887c634011b1d3fe12e8e1a665d2a17191f6
SHA512b73750ed6d81ef11599c5afe6a4766c02340bb44efb02abcd53ee6516647a73b135752c47719716f864100519969e5ff002636a21ef03fcd4770468813c0646b
-
Filesize
982B
MD56f26f7b09536eaab362e0f88d41dc428
SHA119d5b74e9a6b7a4f3205bcbb1c664b0e1ca52a34
SHA25639df398d2b5f9ba995cd135326d8cceaf20f7b224eb14f6b3c13c07a25f02955
SHA51214506295b0382369bdbfa39b24d16c1fff47c02c41f69a881ff6e5cb37b9a750ac8da506f3eac626ed0fa9e777e4f1d3d5fe9b04a551dc3b215aa8ad6ddc0762
-
Filesize
26KB
MD5a5fed00b74320e34e43d9643933b65ee
SHA125390af7ae4554511e689366456692b36e9f7451
SHA256313d9d7725c0759f69a21dddb8778108e19cba131b9525acdf8069fd74cf816b
SHA512a348793fbc1ca756f6b2c0aef6b213300b6570866849cce8e25878eb2829c4045a867572f9e88d6479e018ea0286d8f18313c956f8d578b10fa69f1433f1758e
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
10KB
MD51b04ad47de79b4784a7f25f38f35648a
SHA1d2efd01678ba3cdc7b06de35959cb9ef8ff622a3
SHA2565182a7cfc522a1e93c1b6088acc68147d37797c20120811c8ab44b8309532a2a
SHA5125d64b9c723e57add0e6e0865906f15777648d97dab55e931d2f546c94ccf47a007da0d0be59b9983c4ec9c3976902a704653a1e61202991821297f6ca54a2212
-
Filesize
11KB
MD588f88a8126a5d5c277485419328a6fb5
SHA1e2dfaaaa8ee5f12ad5238947147c8b80c1cc74a4
SHA2569d81e3dd2dc142e2e91e33af460514cc55070da37762d104ea61b6005e768336
SHA5125f8a66e050fe558ad08bf2f31fa294fe6baf24195e3741dcccf4b02bc1c68aea6ce6bb3f7cdd841cc0981827e0802cb56b86a4c441cf00aa2339657e78c02188
-
Filesize
10KB
MD5bb1cfa95dc395602fd5a085cb5bf07a5
SHA129593e6de58e8a9f8972a11d5426877cf19e04ca
SHA256dd3c1eb141347989f38438b8f8d6d35d1f2c925e4cb8c057752aa721107f45d0
SHA51278f99e80f085691a1e2353288c6f242088f4c795166c974d5a9df511f988e504ec0775f5bad2558d7088113d27e3da67c3a46def9f475c827ebffa86d59032e1
-
Filesize
11KB
MD59932e46d9269a1dbe9bee2324a6f1acd
SHA1e5c21f8c8e4615894ef14189e236754aaf57fb91
SHA2564a21ca837bea8981d75e5fa79360007f4c7ac4243baefab24f39cc4488988097
SHA5126b06ebf454c23fff1a65a1272cc7e40e208cc783a19f7111f327cd051c027536e0f2f8e80e23591c34c7db809ebc163614522470424754d34d599ffd91fd5f0f
-
Filesize
4KB
MD5122aa960a48c5a7d7263f0a3c16b530c
SHA199a5123c382b19ddd2a1b65e63955d14bd7b6392
SHA256e21f122b230e67c22cb129da0b509d2fdb02e9520e5683654cde96eb2dbdab68
SHA5121427ccbc0823ded9ab228108ce85a7578b91ec1b03b12df30ace382de96686a2f60c2fc19fc417cf32eade2a0922fcee846d7632625af0c0fe5b816b9c042f4f
-
Filesize
4KB
MD5a585176c8b59fe6ec3a22192bfa9202f
SHA12a347717b2f2a47e1324a0052525e813cb0a895b
SHA256176b68ab22ae8cc1f37aaf63a4c7cc238951b780388a95842b3468af0fa05df4
SHA5124e45044570fea27fe39e011eda46cef87fa9cc282bbfb02ccf59c20a9859ee8792adf6c4fc4d60bcbb5209eb8031d07bea2afaa9738dbe18d59729bc77513378