Analysis
-
max time kernel
121s -
max time network
103s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
14-12-2024 00:32
General
-
Target
https://steam.workshopdetailsskin.com/sharedfiles/filedetails/?id=3238179716212
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://steam.workshopdetailsskin.com/sharedfiles/filedetails/?id=3238179716212"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://steam.workshopdetailsskin.com/sharedfiles/filedetails/?id=32381797162122⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {06de611e-35db-48ba-9b4b-bba58bbafa00} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6da3f9d4-fc71-4f81-b5ba-af0d4dc03249} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2980 -childID 1 -isForBrowser -prefsHandle 1520 -prefMapHandle 2780 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdb0bd98-3c88-489a-8bb9-9d0a0079563d} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4004 -childID 2 -isForBrowser -prefsHandle 3996 -prefMapHandle 3992 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {636b22e1-b846-4ef2-83aa-4e69ee208a9e} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2760 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b00070bf-5d0b-4129-8e86-2465a3b0a550} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 3 -isForBrowser -prefsHandle 5448 -prefMapHandle 5420 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {423e6819-b5bb-43df-a1f3-c3bc0b38d49c} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 4 -isForBrowser -prefsHandle 5604 -prefMapHandle 5608 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e190fae-387a-4712-93e1-34fbef67fcda} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5820 -childID 5 -isForBrowser -prefsHandle 5600 -prefMapHandle 5836 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd0ef061-b61e-4061-993e-20174eacd78b} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD5b211dd10af91a8ce945ed9d3c602e258
SHA1ff455e9b3a38095b676e2d796f0b2a0cdc5d356f
SHA256a4cade7011376066901f203c021336f568ad2daae5749666c2721557569ab19f
SHA51243a5d277abe1cb49a14515072152e74ae83ad824356f245682e7bbe8a4930ec8b8102e8f247bd2350e273f2f3efdf3d0df8660c0724c9731ee4bf5ce51cffbb5
-
Filesize
15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
7KB
MD508643c3665e168646a98fb4799a2951d
SHA13f1eacf9132ac6e7c53ae16941fbfb9d5777c370
SHA256ec83614409a68ee81c1a9e0ed25d48fe383d3fefadbe2d1fd611798f53056926
SHA512e734d7c6379a580cc1d149fccf76215a8a5ea135692b1900319b65defca9cd0383d409e3c23756576cae9bb960ccafee5a720d86e41965be6a04a7ac3737a729
-
Filesize
8KB
MD562ad5392ef58400676c5865b67dc5404
SHA1b0940d1ea8a1a0507a493a454b842f45d09efb88
SHA256d77091994f629b0ba3fdf241cfd9c4d755528353ebba9aaf90bd4e76704d596c
SHA512d2b87957308e04b2ee93bda682f940589d83e964a4e498935037a6426c254642de379de42b77e70ac002cbaebb23fad5cbabdae6cd39f786c72364bd5b0288e1
-
Filesize
11KB
MD5b8b9621adb9100920da82e0ab86bfbf0
SHA1516d1857b79b7cb1276c7114e052f9e70b45ab0e
SHA2563b89f75ef9167a0c77ef10a7a87edb2584f422b971baab6825b036e02d4b2cb8
SHA512ab2f2cfe2f813fbc9a85398f8996309bb498f35c9bab373684a773238fa26db3f3b054e499e808a8a2c37e3cba971f4a16478ffb19b02c3d1ad18793777ac66c
-
Filesize
22KB
MD57bcb2973079b12f28e90f0f8aea56b6f
SHA1a048cc277847093cc74fce66185996a015d7a952
SHA256d4eef1d142215487546183649689d70042f3ba829c427c4b1d8182fef5d05b38
SHA512331baebab7730572fe74f8b75fc0c0fd604a696a7ccba0f391f1c1fae2356adadba74ab37b0371a92e96c9499f2f18f35fc6fa09ae7f3a4ddbddf115d8a271cd
-
Filesize
22KB
MD5d44eaef4433aa5f6b079709de755be94
SHA183f18d8443ece35930fcb6cabc3108344782586e
SHA25657bbe7bf15d5ca9afcd8f001758e947d09803d03fbc5ab367f25bcb55aa94012
SHA5125d873d0810b911ae58d0a6561eabf01addbe91c889df687219bfd05ce13a53b125536bfa503279d1770bf7d170d2ecebcd0d6b910353cb951adfe3ee7d63d1cb
-
Filesize
23KB
MD5422446f1db0b4d3441072dcbf5160375
SHA1479267c13bf5641389c74af8c389da56d28edf6d
SHA256bd74df85a848a22460858f008d66c151da6c4753e3d077e31deca818fc849d91
SHA512f8ba2b6f7d3ee010fb1ce48a570aa61e1a7df1caa716e756d92531b3e590c8d0342ae107bafe2d13f0fd7c07dcd845042047ab6b264da6985c3e00721e8467e3
-
Filesize
25KB
MD5d8589ca6828f56819eeac3278175cd7f
SHA106cef3e46a2c495fcc1af7b2a1378d27b7d8a6ef
SHA256c7a34302a05ecdbc40ec58ecca18ae5170c63957d1ce4a0168e14590e6afebdd
SHA5120ac54c9668e07a5d7c66cfaaf13e343ff890f3205da9d18632951f98f29371efd66eca8c2d5d73c9ce2173fa9eb4e2b60587f8196fa5fc049f2720c568a7133a
-
Filesize
982B
MD571ba379fa06e06337fae4b56bbe2be21
SHA1a389f54837f365e78ff23df839f64835eabcd53f
SHA256a5b5d74914a0756946bfb60982727c0d7eb8f5be189751d1db4ae7711ba8d294
SHA512f3d6bd6494002b5ac4038008d6df76d5259cc5704d019e4fa487befb70c9f8c9e84eb39a2784987fa375c663d42cc2aa7e24491533773052736847a963113d96
-
Filesize
659B
MD5fce75a09edfabdb0b64aca6c73bc76e5
SHA1aaa30cbef40f36ce86e6ffcd1d2b46cfe1a8baf9
SHA256481ae6f01393cae9f83dbbb283460fb0867c365d782751d47db29bbbe3a7fb2b
SHA512fe286d1920f6baead298e28514c3c3e882876fe55d5d30a04da2c7fdb43dd645525d2e5f1219b870bc8ebfc5cff5b6e529f677f1c4df8f36c212f637976f9350
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD5b7face312748d4cc927aaeab6f220c23
SHA164afcd32670deb1d3e787bf103a87cd4679e579c
SHA256237e9b91c360e99b8fc8fb3180c7ff3628293b95f42afefca88efd6f4e1c4419
SHA5129a4eae98bf6c9166e4f6810e48f0c856ca680e83d38976ff6f38e4f402202a5d78e61a81e694132aca3c97905579a0e21a2381adcaf6f0435e2825c785175be5
-
Filesize
11KB
MD56556b2dfbd1a86adaf7c9cd43f8cc622
SHA139da6dc3b9b838c671b514e82adfda3c80fda247
SHA2566b4fe576e2088468d46eee52c072d7d09f0fa1a2a1480ec1ce265cb8b0e7c257
SHA512f47ccfd4ee9157c4348040eb15a9c1b556353bbba80d59043556f4d783a3eabec3104b2fdf9fd72758570fff290a5ee12473855e4dc57680e4d25c3a9d4fa305
-
Filesize
10KB
MD5184e943ccd3ea5fc9a9703eb9b90a979
SHA109862c5e32d39f323f8e4dbb1aa2d0da0181d954
SHA256b85c5d2a4af8a8b1340f7716e649fec987edae64dfb8cf0f3e684293797a4e7a
SHA51208d3be246e20a343d7e97e4b8796d31de2134069b13314eb74b27b0052f2ccdadda65fd4a8de573cb1dfe2a1cd889da6682c20420b099e28bfd324b3e89638fa
-
Filesize
40KB
MD5edc660258a31d1c38821f2c90dcd511e
SHA11e502ecade2caab70dd7393f1caee3e77fad0162
SHA256a07c8014f00aef96e629cd03a268cc9208008c3f091ec6f9d30588d67618242d
SHA5125c79606b444e95dff0c8e45fec7df7d3a8f988c846da3e24b24b5ea22ff709e0fd07dd2f91b499c97004c6f865b09b7a9c9473446e9da732defee26e57d7fa44
-
Filesize
40KB
MD51eaca489c1211405d3b6a77f5810b351
SHA1861f4dfa06a8e95850248c46f9e1f10a56004186
SHA25623f5e5fec72000dc19d5599d55ece9dc5b84af35c2898870b8921f0eb72c0ee0
SHA512dfe6b5b5ecb9282a9975a885e1952a9d516d202d208cffda4a25e209325441ab0930d6d3d9d3a98fce88dc2ac39c618b2aa38484cd1819816ae8de900f849a70
-
Filesize
40KB
MD55782f04b7fc1acc5d3e6f08530cd9b9d
SHA14921fd8b5375f015c8d14ed9da740d3062547d18
SHA256fa1a5d8115e03e3c9ebab18f114add700ed431f76997c7b8c88e3c083750a424
SHA512747003f1eaf9e053cb104f892a2c8e466417e2c96f1ad4d4ee60b86a0b5020e3ca9d72012138a4ebbf5944a8d98165f9b5136310b4a4df318b11566bffa5f2a9