Analysis
-
max time kernel
152s -
max time network
156s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
05-12-2024 17:11
General
-
Target
https://steamcommunity.com/profiles/7985607655678567856/
Malware Config
Signatures
-
Detected potential entity reuse from brand STEAM.
-
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://steamcommunity.com/profiles/7985607655678567856/"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://steamcommunity.com/profiles/7985607655678567856/2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1efe581-6bc1-4269-896e-46e1cb87a786} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b8b7ccd-99b0-4896-a73c-f05da81058f0} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2816 -childID 1 -isForBrowser -prefsHandle 2600 -prefMapHandle 2608 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b080500d-ebed-41ae-b62f-00655f028f89} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3588 -childID 2 -isForBrowser -prefsHandle 3580 -prefMapHandle 3576 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62d0dcd2-5de1-49ba-a6d7-4b0954a4617b} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4420 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4416 -prefMapHandle 4408 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8e5f2ea-8b6e-4a80-bad4-52e1cac38313} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 3 -isForBrowser -prefsHandle 5492 -prefMapHandle 5484 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae32681d-f6a4-42d7-97e0-95c91fa117a7} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 4 -isForBrowser -prefsHandle 5628 -prefMapHandle 5632 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c3e1686-427c-448d-b037-16610cb88734} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5896 -childID 5 -isForBrowser -prefsHandle 5816 -prefMapHandle 5820 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7f5f8e3-024e-4552-acfb-edc7f50abbb2} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4148 -childID 6 -isForBrowser -prefsHandle 4104 -prefMapHandle 4220 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9a5cd88-e670-4da9-8c56-20ccd018d943} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4144 -parentBuildID 20240401114208 -prefsHandle 6336 -prefMapHandle 6356 -prefsLen 29355 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ca22249-2c59-4137-bdd4-8590e26dd59c} 5152 "\\.\pipe\gecko-crash-server-pipe.5152" rdd3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD5f7bc8c1a9b0b56a47bf59a9204c2cb44
SHA1a319adc5242b498986d926aba3f672315ff6697f
SHA256fd2b1d329cd7b8358c6b5c915469841abf6a1b3dfceb95f04c6d3b6356f6aba8
SHA512c5a6d7edd4872a6da21496215e57f2c38f25654a13919578c929138650a573a2ae407c91033782174b6b130621cd9161323b8135b17baa7b5fa9098982ef25b0
-
Filesize
24KB
MD5424e9220e94d251dc520dbb64db911bc
SHA1ee49058244019270e8eaa91f113d1a667b10ae30
SHA256a22776626ac3b47d1a1e5655cb03f2ec1d4290e22f1a4fb1896c15acb52f4e53
SHA51234ea919125530a29b413d4b9c9983a5c37fc46dd8d1b2f1070760bc130d21b936c6cf3a571283316e3fb44f79cce136a86508809586e3f0f674b30b2f895ece6
-
Filesize
6KB
MD504dca741ec56416c50de457f7dbf32fd
SHA10e26eb3ff62d357520a0720f13be56cd455896d8
SHA2568acf8ad5991dc42cdde70c33610d816289422a126ec4b2e93e9091a263a2cdc4
SHA512b2af94be59486fd462ecdaf2263ef9ac0c72d14f69d6c7c49c222111e1aca34fed0e38ea79b2995212b9d6bf2e42736af2a4a1ba96add64954bbbd0cc7e7938f
-
Filesize
5KB
MD5ff952f16c17bc5eba2835bfbb4965150
SHA1f1de0fe4c473135f9d74f1de1654dda1771921de
SHA2560521fe1662858f05d08af21143baff4c5fa914a311b1e579fe6077577f77aa1e
SHA512078a7512336971c30a4b302b44f6c292524805d6e28869d92141a57b163247e371ca3e359d798acc27f9e500075377155a753b41fbcd44c6e17aa4ad8278b894
-
Filesize
6KB
MD5ebbbbe9e9929627e765cd1f103e56207
SHA1568922fab5ecf8f8be6a33c0e4142ec964a412ae
SHA256b26e76f6648857ae8fb6c3ac9349fc8e1b86798fd2a23fb49f514b862d380b12
SHA5124bdc1eaaced86008f6e354e43b9e1a131c8209d3df5103b0a7151bdb665035dac9fc4f04ce81755f58c0278e9bc04a99078dfca943a2c7949cbe404174715ee2
-
Filesize
5KB
MD51acac6fd51b1768d0a09fe4cfbd85ed4
SHA132023fad6c16bf187573840a2aa35156d4258ab9
SHA2568e12d910ef9f41bf51115b377d4ad18821a4c46dbbad2a14d7a695bf3c9db99e
SHA512edb38d937f249b1988d11641d3d063e47a286ae6c79d6d7a7b980c89d7a44f112b40ab89199d1d6b8836a23fd84e873b1dfc53b713ba08fd2200abd02f85e5c3
-
Filesize
6KB
MD50f077bd3038d96318cbcc1b4ea395ef5
SHA10afcb20f7551dce46750f68c3a9b190c6f7ddeda
SHA2560e721b1229b067a2461ce37d8a555500d08030ae3b17147e7b06521934cc03dd
SHA512106a8876c243ec3d4b75f495e9072d5050927ed88937a512249d25b6bf895beb330f47dd5aa27f50fd98758351e43d81521bc1cd3e3bd8d9e5e096025148a484
-
Filesize
24KB
MD552fa1a1b13d54b824d5d2cb6e4cfd75c
SHA18169f0eb78d3fba11c4b9831567d03493e2e8b30
SHA256dd7d759b9352d506c0d18a37d07328ee16217df9602cb38157208e7628ff234f
SHA512e19f579a595f54c698ef8d4681e85f89a7d91ebf00281fc3e28ebada60fa02da91546812ac1cd59c8fb66bd1fbbed9deb853a5fd797f6a13b5d139015e738a6b
-
Filesize
671B
MD50735b0cef5c700790aa871635cf08f7a
SHA19f5da908d3eaf09a6438fb50c1339fb9a1968cd5
SHA256f785fa1cefa79a5db7b93da54bda46d4a20d50c3fbdc91650fd3d3191a59b052
SHA51222496af1945023e97d4642685cad27dceffc4f21fc4506c1f5fb537587cf3acc95dcab3e8e3bcd64d9b7af69073c7d0f25f9c5a08b016065d24fab323e9cd1b0
-
Filesize
982B
MD5e65cf2fa6379288e440b1749bf793d14
SHA178b5e9816f3c3e2d387ef5aa02275f984bc23ec6
SHA256226ba7679f5da13cfe5c9bdf720a387746f4cbf7385b3176332ae184f29d96c5
SHA512b8788257bab047380ab61d125581572c3b890fe2f62a84218cd1545a72130f6652ee4fc81904907680d588adbaa2a1395dfafed7a38068e89ed448b4813e0f29
-
Filesize
10KB
MD503da08cc43b946a95972733cac28d3d1
SHA14f35102d1c877de98efc6e7fb9c4f8bbe1883f7d
SHA256295c95ff3b33de5122492e5d403a5dae9b26ff19ab23b5043bc4b883c31fc152
SHA512951599d6e2b08c2df800dc7e3e4dc49da4fc646b7b24450be2d2b3bef3ca0fe8ac9064e557328fe3838b4fb2666b140e077287b4c4af653538710cfae130a00d
-
Filesize
10KB
MD5cab53161a660ab00f0a684f25cc13d4b
SHA1e25d363adc96cccc61f7a0c8572fc616a94cb303
SHA2567d0855e63f531d95df9088a67bd1955c96e7fd30885253fc060d18aa5b63224c
SHA512ecfa55f57aca055c11d2c70e3768d1ec543bee3fc836bc25b5b6e98a85b5f8166f01804c150ca71f1810a06641da14250c87475bc130ded31c33aa95439b551d
-
Filesize
11KB
MD5746595fb4b9f2240d3d5111d9691ca01
SHA125cf014bb77daa0bd3a1ee1f182003cc4a4b2fde
SHA256efe451f7ed9eb8d2b7a10d28ebbf39c0e29c0ca3b1dbd8ba330bffb4b5e050ca
SHA51279c19f9c58c45e9b42acf1000ccc2ef356aac62b539b03b17b23753978445c3885e68c578e994c2dbad7eb3683913b429e3827dbb5f51ccf351e490a87c432f8
-
Filesize
228B
MD566bdbb6de2094027600e5df8fbbf28f4
SHA1ce033f719ebce89ac8e5c6f0c9fed58c52eca985
SHA256df49028535e3efe4ed524570624866cca8152de6b0069ebb25580fce27dccebc
SHA51218782069ef647653df0b91cb13ba13174a09ce2a201e8f4adfb7b145baf6c3a9246ef74bdad0774a3023ec5b8b67aba320641e11dd4b8a195e1c2b448202a660