Analysis
-
max time kernel
95s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19-12-2024 14:45
General
-
Target
https://benefitsportal.borlsfx.com/scsfqqfdw/a7c0f65e/[email protected]
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://benefitsportal.borlsfx.com/scsfqqfdw/a7c0f65e/[email protected]"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://benefitsportal.borlsfx.com/scsfqqfdw/a7c0f65e/[email protected]2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dfa385d-3a85-4980-b82d-c4c2c0a03673} 224 "\\.\pipe\gecko-crash-server-pipe.224" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef567739-b1be-4db7-a880-0af0bc303655} 224 "\\.\pipe\gecko-crash-server-pipe.224" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3132 -childID 1 -isForBrowser -prefsHandle 3144 -prefMapHandle 3044 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d197a6f-98c2-4cc4-b723-2300c981514a} 224 "\\.\pipe\gecko-crash-server-pipe.224" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2972 -childID 2 -isForBrowser -prefsHandle 3924 -prefMapHandle 3920 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f04c5799-f2d8-417f-ae20-d4a06c58f7d4} 224 "\\.\pipe\gecko-crash-server-pipe.224" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4812 -prefMapHandle 4804 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad82baf1-7e02-47e7-b806-ce9f8eb6beab} 224 "\\.\pipe\gecko-crash-server-pipe.224" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 3 -isForBrowser -prefsHandle 5500 -prefMapHandle 5480 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4253d391-29b1-4566-b5fe-4e45883ec38f} 224 "\\.\pipe\gecko-crash-server-pipe.224" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5700 -childID 4 -isForBrowser -prefsHandle 5776 -prefMapHandle 5772 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e1c3e39-5cd4-4e62-b8b4-c4bd5c5f2043} 224 "\\.\pipe\gecko-crash-server-pipe.224" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5908 -childID 5 -isForBrowser -prefsHandle 5916 -prefMapHandle 5924 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90be3671-9039-4d5e-a0d9-3bd7e47387a6} 224 "\\.\pipe\gecko-crash-server-pipe.224" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5748 -childID 6 -isForBrowser -prefsHandle 5976 -prefMapHandle 5980 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccc1993e-9f52-43f9-9098-dfccb352e77d} 224 "\\.\pipe\gecko-crash-server-pipe.224" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD5cea3428f94fd4d92ae8236e9c8b409f4
SHA1d8e0fa498fc7d29c805f8a322694d18aef1e01e7
SHA25647d1d1cd2a6e856f7fe5106327d216b4ad122309ae67cad14b72356abf98bf27
SHA51272b71b1c6cc00e9ea81208c5f9e64ae6911fdebb73ddb69b6e3daa7751b078f1aa9caf43b0fd7b10d53e1418cf7bba0a92b03a8aedb2e640e720f7cc0425dcd4
-
Filesize
15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
6KB
MD5b2238d2ed4aab58d1e76bf97e2e78092
SHA19e7285c9d4277ab5917421174f55e5d91895ec7d
SHA256a9c1226a8d31770460c4ff0ab195f9801d6fdd951f17be314192dbe60943b357
SHA5120e50521fd68baf8a3f5d37308916dfe58edcaf7f2cb2ead061d5a076eb48ab6982417a40f07c010300e66c271cf4b4f1a5b91690aa3d456b97d2c7591aeaf52b
-
Filesize
7KB
MD552f9be9e990f6d1b07da005bec1f18f6
SHA17a92c952fd284e24872573ebf6832daadda97d36
SHA2562f4f7e263c52aaf3ea308095ca5bb0f623b0871d3836e503b9b7ef88ebc7f644
SHA512e5244c0f7d7b0b60b84b50777c4b93c2b6743003206d9294e44327b7117d1a2970bd06146f38aa9c55e9638b2aa1abe365d27cda92cc8281fe501dfc1f350b68
-
Filesize
12KB
MD527fe9e10b20aa360cb31b7044bb118ce
SHA184bb1766e96fcc2f3902926142fd772ddb5d5bf4
SHA2564feed32fa394ed5f8df598a8bd5692f5447ef4bb46dadf8ef160f3487d32630f
SHA51267fda5e349c762ae3d13ee8e6b67e62dc134d62f5e4649309bfe469e6d5041f843557aaa410b99cbb07568ebbab29fa7fc44460b7ca8120672f897327de8d47e
-
Filesize
12KB
MD5436308c2edc5c030a6f76a5a5ed4157a
SHA1ea711eb93b55901c3f17e06037251a9fb4c935b7
SHA256d066896baf1a72153540522eff3dce17e31b2fc2f0e36b884645502bcbf05657
SHA512cd4c5a315120bbd3a47b0296f756641a137c2992a06905a9a600379b4e26ef77bfaee4e9ed320effbfa5af23d5780bdeb429579c87dd277a52bf3942cc22455d
-
Filesize
15KB
MD5bbc9449f16f99495a9feb037f47cfc7c
SHA1faf6a2599544b3ccc4d90017132895bae4717fdc
SHA25677ada8ba1dd4313f17ea397ec54fc9b2e5c12681a762ac50f6640e7090d67eec
SHA512cd89a350e5bafc5bec7a73ab7940770631d5e18c3cffdb2b306fa8bee6b19d7c8021808633e85ae7b57a6087bbcf235f5368b4408bddfdaf7e7239d4dc54be2f
-
Filesize
17KB
MD58c651513bdfcdf97b08cc2138a3cd064
SHA10dd19ef61f801f1ed783b12f24af838582e37e81
SHA2561737dc522702c47d7c89bec7b4b66849ba33d40a9ee3ebdd64d54892d5e35f68
SHA51283409a9574afd32ac2f2f7be18cddec622c439fab49a8f736cdaf186d415cb0c170b3f20cf17ba7cb8571bdc8899d5263e78ae7b9998226a376a7f270d6d7248
-
Filesize
6KB
MD564d57fb2e0befec22f5db3ef2906ab09
SHA11b684ee8d2220c65cab9fd56a80b43edb6d6f838
SHA2566ab5932d5f9154015a98f65f88b019f3128e4c3a540c6d197384e518cc87510c
SHA5129e9d9e6aaf3d8e45729126f5962f72b8510d6a9b5587a19e62dd38cdb17900d1e4ec1b0fff08874e00a1dfbbe97cadafcb40d5a1ec2ffe415f9e313f4bc6e1d9
-
Filesize
33KB
MD57b5319b6ee85c94e9dd2941098f11df4
SHA1e579ee09ad7a5eaafc957bab9bd2449f5a50a059
SHA256e7721385417b340a18f0e00d79915605f4232057ebd24ddc5e7609a1084b3eb8
SHA512a118b4c06de978fc4e8833d34125fc3aabbeda8f74a683223c17928e8ca8d2a6ee053f39d1ed5c4cb5036fbfaa7025ec6a3b90d54dcf77e2a2f24608e92f6003
-
Filesize
5KB
MD5b06971d950ac91cff75064528e2717d6
SHA151258fb31a17a3601b2a21c091cbd24b5659b119
SHA256da889cd6ef80aa067e72f34486eaa24b85c9fbda73ed95658056afc5d6e42267
SHA51221239c42536cfe05c9ae62ddf9ea02c9625d885171b4391dc9685b99b204c9bdd0f4dc9973e8739926038fdfc33eb830d2cc60eb96c535e7aecbf5a02ca1d002
-
Filesize
28KB
MD551a688611d22e4082b2490a91bb7b811
SHA16f08d91b55a563093b399836ed1f4ed059bcb4d6
SHA2562641601325516389e7a1caf99b98d7b9d982d90ede61c1ba4a19796ee0c045c7
SHA51273ebff881b36a2bd5571218f290685ac34f53c83ce27abca099c4989d60f07db2112d3519499c560bd2b56b95ea2488e1cbda80e96c0555819b5c35e06fc87e4
-
Filesize
671B
MD5699b788d674c439d4c6e4ab530a680d9
SHA109f3d03b852105067225935237ae5628d2ae71c3
SHA256bf9ca473b223a991e5e6dd1fcbc37694e37bb13f79cbd93f932928faa5208333
SHA512a4a78be379385bd15952fef2d5a2e6d2268650fd66ab1545408fb4ee21553e7367eaa7343bb3a529bb4a1c04a3209e3100cdd423839be2b0e36ba8a22630e7b4
-
Filesize
982B
MD59de841f2c8148dd20aef175c1fbfef01
SHA1d90f40504707ee76ea176cfdbf2e51a27e6d0f7f
SHA256a86c114f1966439537193af9312e9c26ee287ea78b19eb8f3c899e9d12e3184d
SHA512b1d2141116b3491f9162b9023c1887438194c67807f42c621b3ae1c504d60eb5bc41c9a9713141ea32c7cdd26eccabf71f6363cdeafcfb5203fd7e0d6c07982b
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
10KB
MD5c45bf5b04250c24d804048d69c8e4935
SHA13429414b09493bca3b928f49b4ff45f4c212e7a0
SHA25652976f9147e498738df21f5901eb2f1fe6c4c1cbf538bc69ed1d0fb1ced36f69
SHA512099a299736580bfa6ec6a497941f374421fbafa1c425b91ef1ff6eeba05ab6adc00914a36f3cdb17ef40d2c4b7fc45d90711c1666259104428e33524984bdab4
-
Filesize
11KB
MD55fd8db45ff713149d3698abe6f1d5f77
SHA1f6c9bb9d80932bb102972057629b20535a33f0e7
SHA256d9077c922789ea17547f789588fed9ff3b50b61a2da4a1dc718a854e29fb9387
SHA512a872bdb84e215292286db1b9a663a598af6f0cef905abbfd60af4bc98ddca13a3ff7200f203838df600815686b4f59df57981751fa3a1595f3be49e7e3ddb51d
-
Filesize
10KB
MD5e6d2077d7ecdfb3c4a81b90a3467cb5d
SHA11674b787f6f2540d3d0e55a6e8cc5c38889f633d
SHA256b6e93ce4e2d7c134ce57ed7a400b156ceb9a6fa4187f61fe0fbc8ad43cc1fde5
SHA512160feea7f04d10f22e6d4d618520c79313f05d549b1414590b2aff31d9a911a6a36769666295a300e09db407318f2de7870c900f145bfaa771306b476040c06b
-
Filesize
2KB
MD5f7a70c539a57d1f1fbaec1eda56d141a
SHA1f6d0574712f6f71cff025aab5563f117b38bfdbd
SHA25613dd4540d56458cd8a55d43865d233a2fa2b08540a0a5586298b39e630925f7e
SHA512afb2b439b7e9a3371a2d8403d33a1615c53e97a662589455bbf71aee07923fc45e338def5f779225d1c649a146161b7ddd6b99d7318c623b9a75f4aa9cef3f72
-
Filesize
2KB
MD56216f47573fb484540b5323063645d9a
SHA1dfa8fb65ad458ea25da8bf9601aeae9e4472ef69
SHA256387f581283e90d25968ae4eaa6a38f3e7eda8395184b917a9412921d234ccca6
SHA51211114b9afc2679215f18260f5933a4cb450468e7652030e99954c5c86bead2192896eb889d8ab2ea81dcc5ea6195fec816c12fc1fb54a42f12d282f472a64768