Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19-12-2024 14:02
General
-
Target
https://einsteinti.com.br/kkmm/afqytmyo818twhxiknppnc3dshcd7tdtpfjkgedn5dnmprinozg2jedgd83x/am9obi5lbmdlbHNAd21mdGcuY29t$。。。。。。$
Malware Config
Signatures
-
Detected potential entity reuse from brand MICROSOFT.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://einsteinti.com.br/kkmm/afqytmyo818twhxiknppnc3dshcd7tdtpfjkgedn5dnmprinozg2jedgd83x/am9obi5lbmdlbHNAd21mdGcuY29t$。。。。。。$"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://einsteinti.com.br/kkmm/afqytmyo818twhxiknppnc3dshcd7tdtpfjkgedn5dnmprinozg2jedgd83x/am9obi5lbmdlbHNAd21mdGcuY29t$。。。。。。$2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2072 -parentBuildID 20240401114208 -prefsHandle 1976 -prefMapHandle 1968 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a42592b-c3ec-444e-a3ad-aa8e1dae5391} 464 "\\.\pipe\gecko-crash-server-pipe.464" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2496 -parentBuildID 20240401114208 -prefsHandle 2488 -prefMapHandle 2484 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69ce7284-24c1-4ea0-8b5d-a68d21cb6d04} 464 "\\.\pipe\gecko-crash-server-pipe.464" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3036 -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 2828 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ce460b2-c76e-43ed-bcc9-2f558cd04730} 464 "\\.\pipe\gecko-crash-server-pipe.464" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3056 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d14895b-a6d9-41c3-adf2-06e4970f3eab} 464 "\\.\pipe\gecko-crash-server-pipe.464" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4496 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4004 -prefMapHandle 2104 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dfcf522-3f04-4e31-8f1a-b54697ac6551} 464 "\\.\pipe\gecko-crash-server-pipe.464" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 3 -isForBrowser -prefsHandle 5356 -prefMapHandle 5352 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20ab0f74-dc76-405b-8e8d-1c7880aaf94a} 464 "\\.\pipe\gecko-crash-server-pipe.464" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5504 -prefMapHandle 5508 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbf308c5-956e-43fc-addd-32a00ec9c330} 464 "\\.\pipe\gecko-crash-server-pipe.464" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5688 -childID 5 -isForBrowser -prefsHandle 5696 -prefMapHandle 5700 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86ae80fa-d320-43f6-af3b-e74e8c3b95cd} 464 "\\.\pipe\gecko-crash-server-pipe.464" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2772 -childID 6 -isForBrowser -prefsHandle 3044 -prefMapHandle 3024 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {060b0d72-e905-4d7c-892a-24934599a24a} 464 "\\.\pipe\gecko-crash-server-pipe.464" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD5b534a20d8eff97bfd530f09eb8190e17
SHA100090c176981922b3b831556af3ab29d9f37dcef
SHA2562b517cc549bf0c65497d48469403a1fc870b72d0666759457c12cf1c11e94f95
SHA512cd636c4edd3c37f15a6cfc46c4a92ef1d9397aa08af51419480de88710713939a394cb71048dac6878b0aa61896050377df2665064a0e1485e24515fcfd91b1c
-
Filesize
15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
6KB
MD58ee4342f15460b526a01357c1fa2f899
SHA147f843044b1fef164c4fdee73623b5489cfcae6e
SHA25643c87f9d2a4f084fd51b67155a27150e9e12a58aaab8f2460dd0c3a7088bf87e
SHA5121313f78e9851f1ead0d9b72262f2b2eea2c5435ff17f107658f5c443b3bce307e7a1a1c48366e4e5b387ab17369d997dc642c42a7551d14fe061764503ad116f
-
Filesize
8KB
MD54cc2c626034f11d3ab0b98c473de36cb
SHA13970fdfe89488309959cf5f0953c5b5351d7e2b4
SHA2563c32fab20fc048a29e7ea1a6cb01ae69389b0bd77cd8f32df7a45ffa9dc5e08a
SHA512c714c7add9b5f82f79976420ad54db9e17d2c3a475ee56df125f450aca30aa57bdbb2960f5f41838b4b6af03012bf8ea606f94e3b395ea7b91a5e4112281b9b0
-
Filesize
5KB
MD5055ea422f5756bb5c5a7c578dc6c318e
SHA10f71624dea5161452df8af2d102fba8620bdc25c
SHA256311709e5222bde3a4d6ae3e4bd8f87595517319820092d175a35bf20b8e6a207
SHA512342985c1e99e6ae8315686efc2133673d772fa4b2974f195bff608c5ad73c251800fe638046506d2df79401c5325695458599a8b6cc332e64580a4d58b277e87
-
Filesize
33KB
MD525700538eb7345e20f3315f894bf0822
SHA1df9f1289e52b2f7175144cc8a80b16c51507d90a
SHA256fe2c7c2a4d77b438a6dbf88357d60e775f5568cac8d13af5e676a1d45f9b6ede
SHA512d25bdfc11b190647fdc04cf11543ba35fc813d5e24300b529359d3c1e0694c994f063335072ad10c4f2ee580e9f609694851d19876c5bd21dd5da0969d95ad0f
-
Filesize
33KB
MD5d0a19c6db234d01b367f6827fe142081
SHA1d7ef451cde65933f8fcdf874fd73d069713c89d6
SHA2562e753f0203926db43ca4be17591740dec51274fbbd14ea042767c93cea2413f0
SHA512f2956b0823d342fa83ebef7f9e9dac917a969850e17fbefb7bdc7ba7a81777a5f105991a7fc3e68ef3b5b2bdffbddc3eb19b12c1547916d53097b637a21b5a3c
-
Filesize
27KB
MD5663c42a0f224a7f62be7dde175ced600
SHA1bbd35867b75115d4a4fa9620b0d44e5068eaca4c
SHA256d7be23291ce0803a5348aeefb9992466000bc35e23e54c7d6b7b2809f76c7c49
SHA512abf557651094d4a2c6f68e2d04e2cf11350dda9aefac4401d32103998762ef8527c58298e983a2615eb566a45ddfd197c913adeafa5d6e36c0fccf4fc183713c
-
Filesize
671B
MD5b9b1cf5db71e386ea9d8cd91c98002b8
SHA1a4091b1965fca79cbcb77bd8f51473da14094e85
SHA2565295a81c8930e8bf2db493247ab2434cbbcc2249ccbbe1b2a8e4f5906c588c8b
SHA512dc7a8c2ef3422b49e1ffabbd89077630f5d20367c838605089f2159422ec5b75e1472ee07f31009e1bf220c7def8cc5ec9bb77bf83ff42c8d402678e8ffa0cc3
-
Filesize
982B
MD505543f89cea33f6bcb7275f58ab9d3f3
SHA1feee5f68596f54656bea82b83dbea06f8041da2f
SHA25691779d6ed3f903a06e9e8d2a72be1e3054bbd65293c942a3e3f87e6abb4530d8
SHA5126b673974005e496480aba36c911a899f389c8bd15b5a49713271a209c527ef5d6b03246d204147ac0b73f5ec182e71307bec0f0fd2a9850dc89ef0109bd0af70
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
10KB
MD5e88946fd66f4fef3535406f463b24d33
SHA1f725c51279db21d6379c05b7e15eca2d52224960
SHA25673a7ac94ea5ba04be1e976103fd06a63e505039b96c55cb9de2fc9969c84cec5
SHA5126ebb9ea52af8ba2d7f0d9f280aa5fefa051962c193f68e471fbbbc4d66ba773f6000960ecc805085d1b45e5bba36a83bfa60e055a75bbb0656538492e832d645
-
Filesize
10KB
MD5adc10b65207040a869e592d67cd3316a
SHA1d7e55dcfe83b3f2263af1034e145cb0f6d66f013
SHA2561ef55c6f783e1633c66d29b357644bc2e05c8dae732825aa0ce964b48d3ee2b2
SHA5127bf2bd39befc232636af2413c8799fc39e31a9f8eb2a83664ef9363b517bbb070b98e3c9ab4239979a81005b4b0df839f7583875187a1e4ed04db217def6f37b
-
Filesize
2KB
MD5ab1e2008ddc4ac195613330dec24617b
SHA1b2dfc75702c43c0d85fd631b113647982ec7ee06
SHA25604db90c59f0d775813ddfd67b832af2b86b37beede1a725fa63426a2d9f2cf8d
SHA51241de05d4b4dc6c77cc96b0202c4501a07e75802e8a4d8edb79167315f7be8c7619d8c9bd842e36a8c498ecb9d066257bba918db505dcd09b1890b275304fdcb8
-
Filesize
4KB
MD5e809d7d14d483261e325729a4353fed5
SHA13248a36280aaed464ee1ca54ae0acee03faf27d8
SHA256961bfaa783c53b986c60ee20755e73d76695c54bcee4e472544aacd647b86c82
SHA51273446fc39b2cdc4f049b505f6fc2ad81d77c8ac3d1c0ad8d50506f2f6dc21a9801791c44b87f9cfba96e9fc1ca0479f602aaf611395a017362e98c0b085e0771