Analysis
-
max time kernel
80s -
max time network
81s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
-
submitted
13-12-2024 18:54
General
-
Target
https://ofori.transdeveloprnent.com/[email protected]
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
Detected potential entity reuse from brand MICROSOFT.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://ofori.transdeveloprnent.com/[email protected]"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://ofori.transdeveloprnent.com/[email protected]2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1660 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f97bb9f2-7821-4d36-b667-c8fba49be3bb} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2456 -parentBuildID 20240401114208 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 24759 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af2da27e-e10a-434d-bb06-1b29405cc697} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3048 -childID 1 -isForBrowser -prefsHandle 1632 -prefMapHandle 2648 -prefsLen 22700 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86327359-3274-4f54-a309-618f641027ab} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4100 -childID 2 -isForBrowser -prefsHandle 4088 -prefMapHandle 4080 -prefsLen 29249 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {882af6fa-c987-4c30-b86c-8ed03bafbe64} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4832 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4828 -prefMapHandle 4816 -prefsLen 29249 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a06176a-24dd-42ca-b6ed-1199d2b808a0} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5256 -childID 3 -isForBrowser -prefsHandle 5248 -prefMapHandle 5244 -prefsLen 27099 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {780a6039-cfbd-40ee-b46a-b43c131a8f18} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 4 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 27099 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e006319e-e569-4e49-980d-09d0f4974e8e} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 5 -isForBrowser -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 27099 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c2bcfc1-436d-4d2d-9678-29078085cc28} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5088 -childID 6 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 27180 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbc55ec1-77df-4374-a751-e253b6346791} 3824 "\\.\pipe\gecko-crash-server-pipe.3824" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD56020ec59e96cedd4de8f722343404f28
SHA18ffaaa02cde6e7cbe145e4a88e061b08ebb947ca
SHA25635b6c2f8439ed1e6294ebf3534a32b91917275cd56b0a524cf263c7940ff639c
SHA5127e679f3f0318803dfbd55a670c4870d788a0b15e9d679f5cf2936dde25fa2787eccac10e45d6f44acc1aaa12e049f5d018fa66e92f41d60ff9dac87980250de4
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
8KB
MD5bdc1e0dc4c78b255b3da2292e04e6ac6
SHA17c8cc7757c43c123c65fae65d73131f3b8414fa6
SHA256836a2a2f6091f6a73bcb6f602c8451821b8f9eb1b0836ea2af3a637984be1878
SHA512647df9cc50fae085c6de6db200603e3642cb14ff78dd393a6213a8baa6faa22b00578982db0665a345f695aa4fedffc8f04f34d6cb3d1f441223ef597853cb73
-
Filesize
11KB
MD580010eda04e9aa4a1ddec265bebb1cbf
SHA1535c12e640f571a429fec25679c07638438215ca
SHA2561e50b8e15e3a871952e2732274e610a964eb13682565b10ed478a30fa56f1121
SHA5127f4e1b22fe10bb38d2fbb4d3cca6cd2683a68b234d96201c2d65c08d65bd1575c5f2984e1ed03e4ba2e983fce1118adba36437a5f802c3dd0c61af0ec70ad2e3
-
Filesize
14KB
MD5d752bc2fb542fbd95b8531bcb2b7a08b
SHA1cd6ce3182267fe6218405172858409d5dd5be887
SHA2568d9abaccb02dbb418dd1f7947f2d046bc295be8835ebb6c7fd37ef825d3aa782
SHA5121af72b552e8422882e5cb781e8a041a8a5bf2264beb1367bfee36c1321bb396431e4384ac33660d3593d3e80dfd0e45102a33d1cc43b7dbb901e35f55a37b7be
-
Filesize
5KB
MD5d30b70ad4f2506979d5258c62156fd20
SHA145a35bc672f11cb444775d9f7b61bc1b1bb76135
SHA256c8e83e05effc1804e1238d839a0e83273dce215740628204bda639d0b007d008
SHA512e64809ecda602f82c3b5de5f23d7fb1092180e3c7634f6dd6ca36ac067a824e89a041a2b85cf73e65dc27451eb5bc6f8e4b2cd87acc345047456f048bbde5089
-
Filesize
6KB
MD5c0599b8d53dac8c5267dfa89d8076143
SHA10dd01e1030532b15f732a97af6f108f2bfd12e64
SHA256113d821db5ccbe82e0e9ea603567b55c90ff8c9cbb25668b6716f60bc1262adf
SHA512d29c16afc3dcff0545bdc0a42ca9cabdf12e934bc4882bd70d57a12904d853fbc9c4be1d9deb6e268fd7e9dae28c2bc5abc0ac0811292b16f949935831d9abe4
-
Filesize
27KB
MD555c19f7578618d5fa3f7fce169dc2772
SHA1aa6996f931074a8aae0e99d943fec1646a502a7a
SHA256bf0095d5c5d74653341f1c6c00c6184b51e72fc41d2f66c79b30f2f30b3e25e4
SHA512f87424c6889bda1287f133614ba7ac28a5923c286f73a1a688222da12a25de0e7e8bb2128e91e51496d9387752b3d56cf18f0e253cff60f3c9303fbaba434c1c
-
Filesize
671B
MD5dfc4d361d31dae04227966114fe62819
SHA1b25d1d911ce9a4a53855f6232099231c07fcd81e
SHA256d1c30a1a70e0291ff688c21a939dfaf15d82a59a1a116e2e99403f8814bb0f00
SHA5123e6c95fc4dd7202d600e27b3e7ec93f1ff4449995a2f331e3c2df213f097cd2a185c301ef07accc27791082fe20ccde81b5392e3a90925b9dc6e02d03ed60e4a
-
Filesize
982B
MD56c32fdc1c006cf39c885042ba14a3e72
SHA10d310ddb3961cc294a2e6327526568d00ae0a8f8
SHA256915b62d314bde4e82a5ebabde846719ce1bdc712e7c86bdd9cfc67a29626cee9
SHA512af9724cf4d3be501cf48f79d788f79b8c82f4add234fe87a05d20af13f831235622f671962b88bb1eb7558d3aa082d9d68d66e5844a2a50247583de3807188ca
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
12KB
MD5bebbbcc033263c1e9b70072cc0fb5c77
SHA1234ba800271cbcb8037d53ee180cad772f33a2fa
SHA256113639ffd17f12c5d3263003871d694c0cc38a574215e5274ddf639ed349a592
SHA512f1498674bb546fa138272b7f3adff53893a2e4914873a720b07dd83b17ce81805d1bb31b5938314d8ce0ea1661ea1767792ebca8ed6f00481a6286da11d6f7dc
-
Filesize
11KB
MD54fd00f1d894dcb2cc1cbdbc6f68708c4
SHA1e853a46a8c2a65eb6a7cc4acbb574320f2bfd78e
SHA2568ec6381758f916bb897ee1d1d6410f1b7ef6057341423753f034f90f916ac4c5
SHA512bae8d1e691ce8ee1d05f366d708f6c505eabc57d5d55ab2e6e63aa9cfdebc5c6aeaa32501a76c98e66ddf6d10e4246ae4eacfda36d05b63d5bc46b903617f8f7
-
Filesize
10KB
MD56163bc39705aa4510d6ec9566e4b3d15
SHA1276384251db9bf1aee9ef99b961e04de1dde6786
SHA2564ad2d0937fe890e75a3199a6c35282b2ce4ba5fced8982a814f23ca1729a171a
SHA512582fafadbb2e4e9014b6053c090d5cc744a6192636f97f96708df254bf8a18f56a61338d238eb0e728cc0d46f04f9d01d524d913ed820014b7d10cc417732413
-
Filesize
10KB
MD55753b29d0e8734ed8edf740c5736f09e
SHA1c67fc59fcbe57a23905e2633c5a8184c9534e060
SHA25695a1f63ca968e4a90c58a99557aecb4ac481e25f3c4d7b0fa4f1149935ea1f73
SHA512938dbafc070909ba965d5e44144f0d74db300b70d00907a8c18b9caba94a1f16d9b5fa15c79c0cb8776da6172994d2adb368f25780a11d2c0f0061cc80fda760
-
Filesize
1KB
MD5a5ffc96ce1bb6cc3eab2ba051efc3c8f
SHA12edd06ff4f97f14b05f9042579d89b1a5b9b60ab
SHA256700b3848b3b8615167d3a71982c9a318560985f5bddd6c31d36dc4523aa158fd
SHA51247293fc2e517d279a5779a41568583db12a57532439a26ca0abadf835606f8f044e67e30ab41b40773033deedb55a63b00b810e870532b6cb63c3851b404bd20
-
Filesize
2KB
MD5f16f3862085de59a40ade4e5619aefc3
SHA19d46e864aac0423be90e7c6e7e6ba3ae7baf85dc
SHA2568160f78ef5ec035c5c93f214ebbef26c864f4a38f5fec20af62bdc59cc0cd3a2
SHA512286ff124c52edcfa82b80a4e70495852120f35e50ed89a79a1b80561014a81b6e3cf9b37f25f81331e0afab7c1547c916b966cf2520982bf30eb84ec8e2f1593