Analysis
-
max time kernel
2s -
max time network
8s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
-
submitted
02-01-2025 16:25
General
-
Target
https://drive.google.com/file/d/13jFuIOngxoRw38JI9em9ZeQu8xm37dJr/view?usp=sharing
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/13jFuIOngxoRw38JI9em9ZeQu8xm37dJr/view?usp=sharing"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/13jFuIOngxoRw38JI9em9ZeQu8xm37dJr/view?usp=sharing2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {327e6761-9c7b-444e-acb6-1f71291a5acc} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2504 -parentBuildID 20240401114208 -prefsHandle 2496 -prefMapHandle 2492 -prefsLen 24759 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6742c6e6-c3f6-47fb-afac-c46fea7771a4} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3324 -childID 1 -isForBrowser -prefsHandle 3276 -prefMapHandle 3360 -prefsLen 22700 -prefMapSize 244658 -jsInitHandle 1208 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {840b0eaa-dfbb-4b65-9a73-0cbb1155ba20} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2728 -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 29249 -prefMapSize 244658 -jsInitHandle 1208 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86709204-9498-4141-a4c6-92532d1885bd} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4396 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4388 -prefMapHandle 4264 -prefsLen 29249 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d66ca0e4-1345-4ba2-891a-ecff0c904d49} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 3 -isForBrowser -prefsHandle 5416 -prefMapHandle 5392 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1208 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6198d856-8193-49c1-98a2-1d43e9203937} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 4 -isForBrowser -prefsHandle 5576 -prefMapHandle 5472 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1208 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d3f38c9-4aab-4f96-8579-d00eff43061d} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5888 -childID 5 -isForBrowser -prefsHandle 5880 -prefMapHandle 5876 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1208 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5bce688-67e7-46c0-8af4-12ed3ff1c8d4} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6204 -childID 6 -isForBrowser -prefsHandle 6260 -prefMapHandle 6256 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1208 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f3d6e58-2b25-49d7-8437-51c3f8e524e3} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD57a0b0140a085266a955ccddaac645503
SHA15ec7b63711d59fde582600073a16839ca204bd31
SHA2562306654f544cf5af2e6bf79c0e0d1a8158e68b3fb834554f554081910567524e
SHA512b9add5f04634e607a7ec012e43e06d849da8f5d413af6c5e6b1cbf57d5c31d5c472439c2aad3542237d2e63c4e90614826959fec1a064b637504f0909893bedc
-
Filesize
10KB
MD517480e553d2161d598eff04689a2046f
SHA1839c28eb53de7666e31b1cae4d106799ee40ca54
SHA2564abe758f1d966b0398020a7d2cfc0ce8b986a373514bcdc0d5da67d110e5ab51
SHA5121bc44135391a2c213f6d74adb492c6f5ee451c278318f4a588cfa40a558bb4284452ffe374e9e4181436e58cf51c9b28326f44876c8f8b285abbdf8d1c31e7bd
-
Filesize
5KB
MD5a804445e5886765e8dcb3a6d3463a531
SHA186a7afe2d2c8d8b33c585fb42102ac870787755f
SHA256208e0930821b25f828d63f9fa015aa7b4a31c9f740a00939a8c96cfe854f28ac
SHA512e3a1235d1ff2e81030487602a93aec917c80c2bc833f5a96f95b0f420a755a92a25a8f7959083b2e04e2f54912a0e090f9053eb92e2012550074e2327f6add25
-
Filesize
982B
MD5f9c5040a8a2a07ee5dbb7225ae183da1
SHA14ecfad6429f38cb1c53d9403e918d111e100b455
SHA256f364a5b9187a4de3dce22cc46bc1dccb87da50ba609387f2407a42ef630c5f30
SHA512f1552febb3043f2a662dda5410dc5cc4223d4e4d6a4b3e2659dad0113a02e1fd741eed011e3f0155131a05bddc94af99dfd11d526d122ca4fa719378821ed8dd
-
Filesize
28KB
MD5689cadf51286e9de1c8d1b81bf5f47fe
SHA189d128587b2803bf076cec5c195820722b289daa
SHA256d902bf050c715ee8914f8f14b4d397daf366fdf0a37332204de995d0705d2520
SHA5124dd8ac5619782fc3e0f35723d68126c8433305c3008b884ee2bf56d42d06e0544cb5f676e6cc989d8aad81522cd28273e5fff3a538b177804a0685674eb2382f
-
Filesize
671B
MD52c6f34e0c9697a4206066e2b5ebdd6d4
SHA10193099baf94adc8070dd1f3d2430ac3c25c2441
SHA256b2f18d6f48d641173dbfa9eb4073780a27e90c93893ea277c6ff50d9760b9a84
SHA5122cef6837168c0433a238949e98b942ab1364c48e00303a21769e14b01d16c4e70afac1f9a052b321f051b21c1134f802c6cc3b59061db7715244a60f9dc83287
-
Filesize
10KB
MD51d9d0dcba832428230875e2eac5c210c
SHA116a6527730adf41c20d72a7b03d9da218254104d
SHA2569c329589d52fa28eb779fcce80eeb51e72bddcd8f88b0f3289ce51ffa747011d
SHA5127f6f6bdf550fca24aa562d503840cf322a54a865df5588c06cb74be581fe3d096e5464f389461ea77c2aff3f252c7cd30a409d9b35de115b09804d7eec97c0de