Analysis
-
max time kernel
63s -
max time network
65s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
27-11-2024 13:35
General
-
Target
https://xm9pat-socqnu.s3.us-east-1.amazonaws.com/dble.html#YW5pa2Euc2Nocm9lZGVyQGRlLmdlc3RyYS5jb20=
Malware Config
Signatures
-
Detected phishing page
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://xm9pat-socqnu.s3.us-east-1.amazonaws.com/dble.html#YW5pa2Euc2Nocm9lZGVyQGRlLmdlc3RyYS5jb20="1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://xm9pat-socqnu.s3.us-east-1.amazonaws.com/dble.html#YW5pa2Euc2Nocm9lZGVyQGRlLmdlc3RyYS5jb20=2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1940 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c02c4bd-e798-4d62-a614-00e38240ddaa} 212 "\\.\pipe\gecko-crash-server-pipe.212" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2412 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c2139ef-c9e2-449f-ab79-810145c49df1} 212 "\\.\pipe\gecko-crash-server-pipe.212" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -childID 1 -isForBrowser -prefsHandle 3048 -prefMapHandle 2760 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {157d2460-d9dc-49a7-8c6d-357e76a5329b} 212 "\\.\pipe\gecko-crash-server-pipe.212" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3904 -childID 2 -isForBrowser -prefsHandle 3892 -prefMapHandle 3884 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e83ccaf8-7854-4486-9089-03d0c37998f4} 212 "\\.\pipe\gecko-crash-server-pipe.212" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4688 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4704 -prefMapHandle 4700 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfeaf837-7eea-4735-9d34-4e175415c387} 212 "\\.\pipe\gecko-crash-server-pipe.212" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5448 -childID 3 -isForBrowser -prefsHandle 5404 -prefMapHandle 5352 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36289f35-7c62-4f54-a144-082ff360ca12} 212 "\\.\pipe\gecko-crash-server-pipe.212" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 4 -isForBrowser -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a2c5734-ca9a-42b4-b8ec-6538856309b3} 212 "\\.\pipe\gecko-crash-server-pipe.212" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 5 -isForBrowser -prefsHandle 5464 -prefMapHandle 5564 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fc21d01-702f-4a82-ac10-6fdb5a5fd3ef} 212 "\\.\pipe\gecko-crash-server-pipe.212" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6020 -childID 6 -isForBrowser -prefsHandle 5936 -prefMapHandle 5848 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {292ced3e-cc62-46d9-a8b4-ea981f6c18b9} 212 "\\.\pipe\gecko-crash-server-pipe.212" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
25KB
MD5a51946d393a30c3691d4a512fae19f7a
SHA1bf882ea19d81b09120bba68569c0412b7a957b14
SHA256cdb748027666b525d12df7473618bc709653bca373bd7e2007a4421cd25490f0
SHA51214d28f95f07957397d59dc7e3a35df73a6bf7201512cf6a7b5f78f0fba1dd4c15fbd7e73b46df8c692b1d9d0e53d7ff0771e4089a85d2fe238c1b0f438889703
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
6KB
MD5c9aa6689ddfa0f6fc36a5f78d5067e34
SHA172bf2dbcc79fa92ef1f3f704e14e066d9c41bcf4
SHA256a2b06edf3be9743283a428ff020a1c0bf80eb2e11cf1e624cc701a5cf07df07f
SHA5120a105c7bb3d3f2bf03ec4928eb5ca3e119dc6eaa314f0aab67948c1474185957f3beb339896470a7b03ed6cafe802ee26f58f9f89e93aba8f81b0f40597bc31a
-
Filesize
10KB
MD5221afe332102e538f3e5921274c08013
SHA1a1fbd78450bb4cbd2c6aa12f902ea1ab5883dfd5
SHA2560fc02110bf1ecbcd41158fd48fd9850cab583ab53d0c54e37b18234d7d6e2cb6
SHA5126a6628073743369c748b2526719d36a81eebb9a25ca1c67f707a3dec839de37c322c805758b2cd448ca047f4ef8833bdca72a21fffcb6d5217bb407a4b4396a5
-
Filesize
5KB
MD5dd36d8e59b98c2d3ccc137d120503171
SHA11d0d25060a3ce9b185de2833c3e5c9f1d580328d
SHA256023b5e445b993416bf5e08de25dcff51ffd934f7e43f69b187f25cb21c25c389
SHA512822a3213ea74ab80464b561aae2599d9dee1e7d63c584c8a00ecfe7a69b5b90247f3ac0cc610ff349bd33710568b9d3ef1bf7bf0f4b205978f55e2f17306b026
-
Filesize
6KB
MD5db8b34ec0f47402dd8ad27b87788026e
SHA1bf3743cf90f9d6fe6229a3da64477c74648cbc61
SHA2567df20f074bf602f35d7ca41254e86971096fde7d7ae7fc4f22b909a852514d5f
SHA512a5da717df29c0043c4f3bb6706b2b97c9b47e4adda8166462d901cce95583454e5d93d2b44c08a2317c31006737948237030daf7aeb00546f50278de4c8a575f
-
Filesize
982B
MD516fe0c59b715f7035ff6238a2331eaaa
SHA133700d631156e938c0f8d0844e901548010ac775
SHA256601757caba1cee552114c28c1d34306c0650a21075aad463bcf95788df1ef870
SHA512595690db46af09959434e82ec3379b24ffeb0f2a36c7c1a3aa868a94f5dc11b3c0bac787fae062730ba16eff7aff64497dfd3506800f2ec5219b37657baad32c
-
Filesize
671B
MD5822b718616f5e0bab59f97c1f5bdc3b9
SHA1a440e011de0e31c15b37a642f02a7930f6c35720
SHA256ce67bec94419d19d881b10c284c19edcb75099ca7285d8c69b76539ea71303b7
SHA51282fb2f3ee19de2311d3c1c287dbca344f393138ac976bedaba2b84363e3d70dbfcd99f2f516b914be2f0d8db1ca01cb616e0bf38ab97baefb899f7d41f2932fe
-
Filesize
26KB
MD59c0ccc5a70a304b86cf4f43b38086854
SHA1274d9c12bdaea7c63eddc64ba37ad99b5b76c090
SHA25641f3b16e97235cb49e5c79d3dbbb7a00dd53313f44c445ab9fd0005db2482eae
SHA512ce2ce4650b713d9744c58d1d55b1d28a186eb84944a280ba0d1b2ce52667aeb9132ea91a3a3bbbdd06687b38303647bdde4213d70ea1001155e5a726e58baa1c
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
10KB
MD56408a1cc36d3e2fc48b22fb2d6279e82
SHA1cce0c96cc4aa525ee337ccb035502dbc6207b785
SHA256354db92e8a58e5303a3270c135b2d58853747b1bfd722a7581f3451e10f1f024
SHA512f9c9e692217f30a5fddcef0c4fcfa5194461e8ffb465bf7fdb614528c610a1321cf7cf97f71f4937aafb84868213c7b2a0a7757f9693c717cce535009580fdd2
-
Filesize
11KB
MD5ba446af2e4563874d05ff5910575676d
SHA1e5c39db8498d25f230a326b36a11c994448c72ef
SHA256691988281294c96385df1bc7114aec3be859053c37b768db4440f5835a226bba
SHA512e7eea7e2602c86755113b0335263c18bb5d46a0a134e09c3545ffd9c7fbfffa9678e7f527d0137df7ac28eec3b4579163b5a9133dc340fad50ab77a6a321a363
-
Filesize
2KB
MD531459be4f83602b8956ceddad84fc8d2
SHA146d97581d17dfd1f86141a15d63e25c68ab4581f
SHA25638b12ca388c3786a04fe1277833eba0024310692ea90050920f55089644df5ca
SHA5124d1cb559a6f6e1b511cff11acf4e268202bd6db246d5eb9eef9d02e9fb78fbf182d4e6798004cb36b86522102a5125b72246782bb9f8a8ca888dd807195ea035
-
Filesize
584KB
MD5be79daca224bff0d355ba675a8dfc88f
SHA1021ada2bcfc7a7b9b5183f2f03524406492b4ed7
SHA256a7a9b79d4d187a13da6923912f77c20d2ce1f30bd667899039efb18c61a7e353
SHA5126c29ebbb2b7863c89fc13a72608fed4efb6a92d5a905293acc58b1ff533f490b2b967f47ad88435f5ef67a2509651680e9d213f4bd823e9f32f35b3c70e40511