Analysis
-
max time kernel
106s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
06/12/2024, 16:32
General
-
Target
https://m0g9861wc1.execute-api.us-east-1.amazonaws.com/uyt/#[email protected]
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://m0g9861wc1.execute-api.us-east-1.amazonaws.com/uyt/#[email protected]"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://m0g9861wc1.execute-api.us-east-1.amazonaws.com/uyt/#[email protected]2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f639024d-bd57-4eb3-850f-500b98ac2ba8} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57b5e90f-5a85-4d8c-a557-520513ec43c1} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3232 -childID 1 -isForBrowser -prefsHandle 3228 -prefMapHandle 3340 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c531d2a0-d778-455b-87d1-ccab85873798} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3088 -childID 2 -isForBrowser -prefsHandle 3692 -prefMapHandle 3688 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87e5ee0b-67a4-4e70-bf4e-03c1c5b4ed54} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4848 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b412ea5-9b74-4076-9687-6ae069aea2f4} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5448 -childID 3 -isForBrowser -prefsHandle 5480 -prefMapHandle 5476 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4317fe5b-6093-49ba-b744-bca8c774d882} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 4 -isForBrowser -prefsHandle 4240 -prefMapHandle 3268 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc8edc97-f410-4910-aab6-26c55710a094} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 5 -isForBrowser -prefsHandle 5780 -prefMapHandle 5788 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24ab80ed-f8fb-4eec-845c-5d7f93f4ea33} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2976 -childID 6 -isForBrowser -prefsHandle 5756 -prefMapHandle 5932 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8c4ce95-bfc5-46f5-bc02-8db8a12b80e5} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6140 -childID 7 -isForBrowser -prefsHandle 6152 -prefMapHandle 6156 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbd9c29a-4f2e-4626-9360-3768fb99514e} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6268 -childID 8 -isForBrowser -prefsHandle 6276 -prefMapHandle 6280 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c3c2a11-e13b-4474-a498-472f88401b45} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6588 -parentBuildID 20240401114208 -prefsHandle 6936 -prefMapHandle 6940 -prefsLen 29278 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f8f5726-f8c6-4554-b7fe-e8f74829754f} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6500 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6924 -prefMapHandle 6928 -prefsLen 29278 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70c18fd6-3db7-4854-9927-cd759a56ebf0} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" utility3⤵
- Checks processor information in registry
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x348 0x4241⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5a167169c0e250aba388a9b9e7950603c
SHA12303b126e1b72736db6bd36012248248b5175230
SHA2567811a1897c58a924757ad4730280487f660ce02b9cb1ef77456ad6af6248fce8
SHA5126b71937878379e0191474d4e0464d2798539b641937c827c68a90907a062a283de1c353961737cdf5d4cd90976c04aa09d75ed861fd98d88d28872f61a98bfd3
-
Filesize
15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
Filesize
6KB
MD549a703bf8c26f6ab77974f98de710dfc
SHA1ba2df5a40250652aa52aef68fbf27b4c3ec8c20f
SHA256ca014b41084e20f7810fc22e331a764a4d8a359e339a088eac5e67abb72f46d3
SHA512031be9b5d47d6cda029a13fc7a03c68ad3e6c18cfbe1ee090db5dca5f879dfc979e49f8c1976e4e8fe75df549c67cc18d93991912640d80f1f4147861794fbd2
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
6KB
MD51ed3c4f94601a1aaabce0a4c42629912
SHA13215e0c20261d11f20b85b12b9542c8199dd8625
SHA2566a3a87b258b62c84782db921bb91d66413f41f30f1693f788de83be7a65b26ea
SHA51202a1d92cbf90281a3594c63c858e1c9411d13dc101957fb9aab9c80510e2b6eeae2d0699d8d3453dcdd400a7814d044ad89980440b1409467b07a5de8659d96e
-
Filesize
6KB
MD553e999af8fdc96e6c996d0c2bdf66b26
SHA1ac35e72c01a7bf2a50e7ff7f62a8bdfa77bfe77d
SHA2569c3d02a049b0b2054b84d367f5ea81f2af0c4bcea6fab00168e85f9462dd7b29
SHA5126b0764715651fc26900cffe2b253f84d8d668a11a2376bb76fbc584519f449032b8407d15528a327497534d3a46a0011f13e995094d73d48a4132f7198b513ef
-
Filesize
13KB
MD5800bb2f168bcccf9da38f60edc222b68
SHA1cb45b364626665baf8dd8c5293b58fab98be5db9
SHA2567637e04e602df767d644343dfed507a26cabb79d79ed04eb7d996cc505b46c0f
SHA5125112f2db968dddd5f301cb68cfa8059afe87d8b0ae147746a1da13ce4876bcce99d936c7137d17903ddb5d2ad07fe998a516823be19c2ef5404fb32da242071c
-
Filesize
5KB
MD50049d844740c8b4a370e8eeb7bd23f02
SHA18e1739b08fcce501fe31730eb9670db04421c284
SHA25631d69edbe5f0dfbc2cf90c659abd24299107ab1fba5918357684bca67ab091a7
SHA5125e433bc291693ce992ac8ee86f85b7810f80ea934b07697f22cfc495109434828eb24b1a874ce25eb5d4762dcff128b20295c16bd7b6c24cc6e6786d88f90da4
-
Filesize
6KB
MD501e6f854b6562d66a34027af802be2d0
SHA1f1ae28de8f37584355c30da09699cdce0ad89ae9
SHA256f261448be262c09d0f2c5da5beb19aeac670d18952dcf344168f491a531ea86d
SHA512447973a4c96e471bc78ed078e5fe8dfa9b58809b969fc52fcf53a1fd93f7b9ce42e88473dc51b1551aded8c13407480c32f6381f99fa01935f3daf5550c0a0c3
-
Filesize
41KB
MD5f1c7ebc31d9d25632afaa5dcfa7db46a
SHA1bfafc990769801bb562fbbd73cd74901ce3e423b
SHA256449cdc234b30668301c2e080e5fb7be4a221d9725ff55aded317892aa006d6dc
SHA512ed29ef1ce9f26c7332e6665920b9f445c0248cb56da9b92495ec9fe99b0aa529003ff8b0047d8c67b1c67f2909edde56a1c2fd9cf505bd02907f6c62205b53f8
-
Filesize
26KB
MD51bef8edbcaf6138e650c208c75114c71
SHA133be3123abd7b34a7e2d3101a1c81e6c2d6f1071
SHA256c30e7cd582397a211f261b2ff539f97e3caa59ced298427e9a5c1c6bf6483a02
SHA5125ce86f44f3baf32521e8fef55e46a18906dc5c28f52ed18c06c734427923690ed9e62d8a61b54f946cf5de2dfdbb248198e79e48fcdce00960f98b162a47fa36
-
Filesize
982B
MD5891a2398fe2a8559615ec826b1f12b13
SHA198a36dfb06f3ddb411343c241b94d01114f02b1e
SHA2563a5f48aa75fb0f0046a85b7178b06f95680d334c9739206d66a305087a9f57a0
SHA512440912523ef87115827779e3936dad8cd9059f281e8140410eace0efcd93a96fecaf5c6a0f484d3d07ae70b66c8f55c12b75f907a55295d3c0593383f34325ec
-
Filesize
671B
MD5f7b9ac0a43f02678b43cf444dd0da9c4
SHA1b84a93f45690bf5d6d68ba72ace9cfccb0deff0e
SHA256f457b90c8fcbb375bcbde121b23e7592ceab1cb4fdecf02491499b4af2225107
SHA512491ec19aae2c5d75b7cce6c9a6bab89020a8a6b77e9a4803d38a4deac2fe00afac0fb3d6aa9f1a41e2533b1b24fc5fad6088ecea705708d8eccc4543c2c3572c
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
10KB
MD5135a57cabdb9695cd9a0718e5645c55e
SHA1d737f5437b0db0d021196bf6f19961ab1cc761d0
SHA256fd935fbd72c0e94c17226e8e8d3a9175f4267d9505595cd71688af57460a89e0
SHA51219c4afcad3f704ba14c7f0f02f2ecd42f58cb9cf5f5b6ad3d85708b5d1a6eed3370ec2779eba7a272e776453e949413e29b64da6a3745cda49e7f483065c81d0
-
Filesize
11KB
MD521b7aed29167236d8e23ded487e150e2
SHA1197b62898e1d7955b3d6cd074aa60fc9510a8abb
SHA256049e2dbe7e0fc7bb959db07051ea302232e93500b02fd149c184b46c8906b873
SHA512940cd1da7a3ae5d4f34deb5f12d9a81fa553d65e11b4b0a885028256c395cdccad70f75ae272e24de9ab16f741e8d5736b71f30cc7510712f85bf268822b3a7a
-
Filesize
3KB
MD55c77c8a29b56c35c31b8a1ad2ff0a2d1
SHA15dd29f9f83c5fb3431d40e19dc73dc4c2ba6c33c
SHA2562d91e3add67113efbd52a418fde86c4bd22bb770db325d804a5d77d3765e0aa4
SHA51295c26eafddb2dcbd0deebf4f55ad530b27e3f7be68aa1606b549886f0d1bd95607e811bda9a4e2d805ff886cf5d38b5597ddf6e8172989c2a04d5a4264e982ed
-
Filesize
4KB
MD5e721b1e1725dd75842cf8798e8578ca7
SHA1f4b6d70f7720654f1fbe20dda5e4ec5209da298c
SHA256a49d354f0b1affce26f93700708d89af3f95758ee920f47d490e81ff8bc2c285
SHA51296ed87ad7b71cd72f7430690545e4c769fd4e96a3246b800012243e92a70aee69b6405c083be273cb1a8159719439462fb1e024ead209b8be63136a959bf3348
