Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-11-2024 19:24
General
-
Target
https://is.gd/kQnvMy
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Detected potential entity reuse from brand STEAM.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://is.gd/kQnvMy"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://is.gd/kQnvMy2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6100c4d6-b174-49b2-a6ea-fff0d71634b6} 2280 "\\.\pipe\gecko-crash-server-pipe.2280" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23e17d1c-e98a-47b7-9dc3-5c4f0ef4b9ae} 2280 "\\.\pipe\gecko-crash-server-pipe.2280" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3044 -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3032 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69765c3e-fb3f-4da3-9f79-72b785e17a8a} 2280 "\\.\pipe\gecko-crash-server-pipe.2280" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4080 -childID 2 -isForBrowser -prefsHandle 4072 -prefMapHandle 4068 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07f966c4-1ef2-4576-be8b-2a69a16a84a0} 2280 "\\.\pipe\gecko-crash-server-pipe.2280" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4904 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4896 -prefMapHandle 4888 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e571d892-7641-4101-a36b-09254abd1bb4} 2280 "\\.\pipe\gecko-crash-server-pipe.2280" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5152 -childID 3 -isForBrowser -prefsHandle 5172 -prefMapHandle 5160 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff8fa072-0cea-49b6-aa7f-4386d4e0771c} 2280 "\\.\pipe\gecko-crash-server-pipe.2280" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 4 -isForBrowser -prefsHandle 5380 -prefMapHandle 5304 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59d0f739-ccd0-43d9-b964-506c64e61098} 2280 "\\.\pipe\gecko-crash-server-pipe.2280" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5540 -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5284 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eda09d0a-56d6-434e-86e9-a6ccedcbc7f8} 2280 "\\.\pipe\gecko-crash-server-pipe.2280" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3068 -childID 6 -isForBrowser -prefsHandle 5312 -prefMapHandle 3100 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61efb29f-e300-4136-aa14-fbca6b4c9d03} 2280 "\\.\pipe\gecko-crash-server-pipe.2280" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5efbad9e1c526c2cf76b4a9f162ab0fdc
SHA108cca2b60dff406b3df5ed79e23efe81b161f1b6
SHA256488dbb3a28392a1c91e1731da17b62b74145db55a6b36a64fb60a4d58fd2e15d
SHA51261399bfb68726c23fc47ee7663a31900c3788a4ae749a5c511ca4903fa5e2fa5f22fa62de6741c9163f4376678ea1af517e46c2d029eda84f456c89586c054c4
-
Filesize
118KB
MD55c22112ca6a113a60bacd88609cb9038
SHA1d0f23f0adb61d72ecc8fa288b7a81034f837b7a1
SHA256ace9135a69a12677fade409c2f19a0aad9221ea23b4de16ee15f080ac586bfc0
SHA51284c121fdda25795acc1f6b4b059f41fd239000d16dcc897037ccd7e8bb307f48f545242df16594b5ed4a37f70c3fee5cc45c8e36d7d134ed724271db640bd112
-
Filesize
34KB
MD5ff3810f956e6d564fcea65e0afd89c95
SHA16826b9efbae56a51014b5efb89eac137b4201a8d
SHA2567991932a5eef1cb684d9a4df67cf1d8ab37fed8ca7d10bdcf3eacf4207027f87
SHA51235913098c1037df586c74dceb26fa07929497c0bb285e03d29cacaf20d631ad4ffc7e7c93f94d8b77dd2e2656dc41f986d3b53a2ae23f1a29e503242080e904f
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
6KB
MD57f155aa4c16d1a8d1e06efb1da1f8c4e
SHA141dea19b72136312a36ed730b2e8e9f36ea61a90
SHA2568adafe93fc0a0ad281456b5328413ef23152e4420d2f37b26f318069bdbe01df
SHA512865416cb3119709a20e6386ede179fa2c3343d24c9cee24a262d78425524e5a29838c74cabac9e45c0cdd7488cbbd117b16c9e03c53745839ca7a63e46eec639
-
Filesize
7KB
MD5a456c29f462b91bba6d2719419127d08
SHA1a16852dadb96ae89ac1465acd0bc732fde6fb991
SHA25676125a803b1e08f6de9e95ec104b4a3d4b0400fff51282e65d56561b4f8d5619
SHA5124bc859951bf01f2ebad4ba2cfd9b1ca58c28ea71d2fb7e4fe8653df8cdd776f7ab291696a0b5faf29d9511e6590053f48c04c6437fcbd25c72459a84fd9e4e8e
-
Filesize
11KB
MD5882ba5a44c9b8abe8602172630b89dac
SHA16646f014fcd797a8a8016325840dbfce2f5bcd73
SHA256be447b7ff0a7bfd48d3931862715c239dae3a7ff3418b9735668c5f12d424d2a
SHA5126a2e93e3c146efc4e8d08cc3936b81c9b8018158e375c36e3304301da3b3b500b828decd5e7ae3ef99053c88aa4ce80f5d856ff8adfb6c85411083dc800cae6c
-
Filesize
13KB
MD57486a72c5034a7a3e66e766a3750ae03
SHA1ef80701c5beb334f64087faff9219fbcfcbfd59f
SHA256c2619af1d2b2d7eb677a9e3009afa272c577213ae12601828d25f30d70507e58
SHA51242d1b8db3e69baf750c2d89e3310eb27da84c5aaca3ef58ca20eae7d6dfcf33e88635e14b766f35fc0cd3e0254f4b555780a16c3aff5a6a1749a28e21828c0e9
-
Filesize
5KB
MD5fa9169ec8cb04ec652cf1da5595b4c59
SHA1e2c649f4c29c969d025fbced23fc5b55f20ef2ad
SHA2566ea3202e74bbd4fb85374fac30034428205a65bd3e3135b653304813e6fc9033
SHA5120aea5643283698f8957345c64fa1502ec1b8a95dddb826789c952adeedcb01fe55f2b54a41d1eb0fbfe0546b55ab8e5aa1a740f1b3ff35fac2d61446eda226fc
-
Filesize
6KB
MD57337c80956c7119092824e3a39760f8f
SHA132b2a840916762b824cdc091eb15a833e3293c79
SHA256e12a7aeaa93f645e6de9a3c9cbd2914882e535f193c19d9afea4aed6be624016
SHA5126e6fca39498385b47721b57b388159c264d3a8fef43b8d1fe072541c10ff6071675e825e9b4d7a689a1c803e140a4d80ebf36915d412d8f11ed3465b28055db1
-
Filesize
26KB
MD573ae538b446831bd4a0a9a79b2799d68
SHA14f49210e17490df44f68be8e5d8c9e6b5038b74d
SHA2565ed78d236b8a925a3b64b07aece40e996464a700b9a6c2f7bf8c0e8a928b8fd2
SHA512ac4a5f8f5edc3e9492e7f15779f254512b45136dc27623556d936e7e029ac4c6f6aabf9a5f84922b03415d2a11d62bc97f56d3a77f612766d50232ffd87a4715
-
Filesize
982B
MD510368c83753ccc63c393d3f64c9a48b3
SHA17218d2dc60403f527cd5b86acd3a67599d61f73f
SHA256a9e36e264ac544bdd44d555a73a6408c67f9268c2989382ca99fdda8d9892e4f
SHA512cacdf39bad74beec0afd41607c191e0be097d23c6d0130852789379921d769c57ae95b46bd1108ff761cd44656bff7d247c58be2c621030cce40ed9089c94513
-
Filesize
671B
MD5ef18c84140e87dc80a83d9f4d5d83cfb
SHA15147564467e27bb527ce48daf741b49342cf2ea7
SHA256d27b9d6815c45b8dbeb1f75a9feea7e61f7ed99d88eaababb3bb344c81351b25
SHA5121521effbb040e31648aec8500e23b581a1f0aaf25c9bab00a17987c5368118835f35fc84fd251c9501b9a8d9806867506e682bb810dc184acc8c9590611dd917
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD58115f6835f69c1e96c1f92392d298e34
SHA136e3c47a8b7c2829bbde8893493e7c7540b4f874
SHA256e175b9c45b70c03b2e1992bba6582135fb21daa846a3b93f950ad1484a4ad5cc
SHA512b96c1c32c71ca3e6db7f7e99b600aae109c1db8ac0ecb6ca3d87246bb42246b64761e739d0d9e42ebc22dbca0fba0fd54605c5286b8e3a77c4b9bc00cb84295d
-
Filesize
10KB
MD5888085f8dea9b1929a57ad728b418c0c
SHA1314d11397f538b1f768ddbdbf44342552fb98cd1
SHA2560d74ace19b96a6b60b2f9980b1ee3b553cf123be02ae23521dbfaf9099129294
SHA51252d721e63dd148635c08b0ca9a3d2c42d49bff8f9a9f8e6f8811250055fea062944737eee8567c79e03749576b19d1fd91c8c4685dfc5147edb5669c0cdca200
-
Filesize
10KB
MD550905dd04afad1b12524ee9990565525
SHA1755dbc93e2d4a94607b639ab7490355d8246c28b
SHA256489e6b6e6243ac17a8e53c64b23862f442de73d6b2b6786c038c63a98dd852f9
SHA512c07c5fd38a689158faa647f665f832ce5ef04da76f0d19c48102177df3fc8a57b8f751ebc37f0207b48d6bfa9a69f443a0c9214640acd71a52f0cba48af14247