Analysis
-
max time kernel
77s -
max time network
82s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
-
submitted
03/01/2025, 23:32
General
-
Target
https://telegra.ph/Happy-New-Year-01-03-43
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Detected potential entity reuse from brand STEAM.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://telegra.ph/Happy-New-Year-01-03-43"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://telegra.ph/Happy-New-Year-01-03-432⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26e20507-3f17-4cf1-a9ea-4dfc2924658c} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2432 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 24759 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {110cedee-3425-4bc0-b5f1-a2eb2b2b0be5} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2900 -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 3020 -prefsLen 22700 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16808d5e-2b47-4490-8621-70db85df4875} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3632 -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 2772 -prefsLen 29249 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d4b30be-4894-4e01-b4f7-30d0f35adeb1} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4560 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4504 -prefMapHandle 4540 -prefsLen 29249 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a73e17a-37c0-4489-a4df-31dae918cb3d} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 3 -isForBrowser -prefsHandle 5560 -prefMapHandle 5536 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aba0b82-724d-4ea7-83bd-5ff41dd2d2c5} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 4 -isForBrowser -prefsHandle 5692 -prefMapHandle 5696 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11640313-bdc6-4116-a332-1f2cae951a50} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5900 -childID 5 -isForBrowser -prefsHandle 5976 -prefMapHandle 5972 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {559aa945-3e37-49f0-9deb-50b241ed40c4} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5692 -childID 6 -isForBrowser -prefsHandle 3624 -prefMapHandle 6208 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b2cd84d-1965-4da0-a5f1-0e2a4939657d} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD537e3dae6d5063432bf22dffbc63b3526
SHA1c988a2e85de6ef4e14dee61fec66edc4ab134525
SHA2565773a2586e11e87eff0a108cf85c57d8ba4edf6287cd8d27f1502c9f2f997ea4
SHA512821346602e69ed1d8a29572d1fabc38077e6dafcecd3b447f3bf07badf22a4f11689204ad551cf5168ca3ddb7f015e10bd6518112a5606ca6c48e077e0a18516
-
Filesize
118KB
MD5f3a05641873820646ad11b8b1ad9d9ac
SHA1e5a362ce486af7ec0b3ac0dffe3c3018bd58e747
SHA256d8b5bd9d5d1449773cd51d143b1ad07b7933a24ce48894d627541687ff99720b
SHA5120fa80247b91d6ab037c28e8ca1f1be8a90eba26a3e1d629a9db2eccf6d918507304a8cb1eb3ec482daf4c61c79682250f46693ed1011e17346eed1009277ecfc
-
Filesize
34KB
MD51b61f1faaa042d9967985c50b4ef1166
SHA17b135fbf8f7e8846d7c3f78092984126cf90c111
SHA2564bef3e83ab75b63f1b2b51cf08953c6c36aea410513db60b1ee7a9d017a1a914
SHA5123635d1a5cb90116fd38716025f0aef44b77c2fd1d352b45aa1611a1d9a6e08f8bb3c9959939c64c1b1e3fa19f56e59fa20e32fc6c63a6b6e4a77c28b430d580c
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
7KB
MD5d287a2ab6f024aafc04fa0291d0053f4
SHA16f2df5e473f4782787df9232374732e7a2f487da
SHA256da6842de3aa54f29beaff3a93d4c7840d429850d3effbe259db1f80401748dd2
SHA51252a2c77e757f9ff9ade80a5d3b490e4bfbcbdd8e00928e6e2bb8a3fcad2cb37a3a497207001caec74e2013e1fb943515888ac1d84830a339306e4c478202810c
-
Filesize
12KB
MD5ae7d9e5754618a9e0d4a2c8fe5959745
SHA1c19b053364a1acf9f5c94a11231946acdc23e7b7
SHA2562f230f998e069e9f5b25fbdd1e90c22a46cc41dfca78e05a43979ddd6f5b8296
SHA512aa4cfcbae13582af826e68f66ea89cc0cb770ba5d4139a9834ec0499124a1e589a41409cddb2bec54e25e1e8f02c9510ff8ca9c8948f9749b990a5224de7720a
-
Filesize
5KB
MD5d53808be0899c59844ce1aeb41662e70
SHA1ae81493ff745fa7c5a654620df5c521ef2e15584
SHA256dcf7a0df70449887c5e54d0099e02c2fcd1933b659e28bdbd6045617e64704ee
SHA5126e07fec1be797c42a84336cd218bebc85b08d93f2eb389f524ae1288d27aefeebce8cd813f7b08fa5b1e6f18ef3722aa656e8e86e991f94e71af2e38788ae6ed
-
Filesize
7KB
MD5cf5ae65bc036185278735cb9776c41ab
SHA151686d631cbdcfe5ffc1f790f949047d8d34756f
SHA256985a85f59d15a02ff4d3de0e92e669b5baafae2a7d1e44bef6c98d6f7f57ff2e
SHA51265def91858f7680f6e837798235db0fc107b603281468ba11eca64e044dd018031c7842075ad12de7207b603ce5e2c9a3d03015401382d48132a88b7ea0e26ad
-
Filesize
27KB
MD5bc2838569bce1f6e99a33765c4bab62f
SHA1a40a7b0eda65cefa2f5236df91c30fdbd237c7aa
SHA2569e3bbb534e5d62b098685fe1b1ea3b6a0ec44f0079b3471f9f342bd654c7a2d5
SHA5128191a4c050f2fb6b5dd3cfe14322504657a052ae25617ad045fcbf395910dc1e20641615cd9186368c221efaeb45d0ac983f0da232b74a806a6036d96ab7cffe
-
Filesize
671B
MD514a9ec2b62dbd6e23d83ccdd21ee1d10
SHA1bad60acffda0ff97420e0c7501b5e983ed0077b2
SHA2567f246478f428f74d98e1aaf865a002f5323a5ffbc9761ca07e16dbe7679f6863
SHA512cad88e6cbd4a833ef48baaee38961388da59844f23270a84bb68e5e178e6979023e912b2d605a37bc119b263dda292cd202869d6fa3f1a428bd46c43a82ac4c0
-
Filesize
982B
MD55a989540bc4309e7bec04b97c0775227
SHA1bc690bd4d01ba33d6945cf0f3f80b199ca72ac1d
SHA2564f93c3a7833f1df3262fe213a42963f4a1e2fbb36d134f929fd11a3019d028af
SHA51249a64eab07e1c5bf7896bde3a46694f1380193592a405c51be7d0c6db9674ba707ed461bd30d6a9b4dcdceac0d498028686bd2231269ba254dc9e9847f5397f4
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD548dab2b4a933d42614bfb34bc1781c33
SHA121699b0077dacfc39140e5e2dce229b39f33f4f2
SHA2562c5b9fdc334d3fce0fe79e5ef1ed5db4505deaa1c451879e34abc2c6eedbe994
SHA512b1ee69ecadd523af7abb172fda8f3f62760fb88490852b34b729b002d7a1ed6101f5bb1c8ecde4903223a5bef67591f771b89fa2adf34b911c80e90226dadb3f
-
Filesize
10KB
MD5ea70f9dce12afbd3d2ce856442b22fc9
SHA153ea3068171d9398ea7270348dfb45575114eec8
SHA256132bce750c86bce5853499268c6c6ac5610752ad2a2ac599600d0418afcd9b40
SHA512e7770c67331d8f54a3dd901857d4aafd723cb55f53062e0166d8878175ba2b613e82786b2b70fefbe9e0c1bd7861cf96cd95d9fcf449a0e1a26978905c5e40ba
-
Filesize
10KB
MD51a8ab8d57d4bdb2f1db3a0a678ed7899
SHA1637cfd605868e28b35a86df3aeaecf7f91dde586
SHA256be26f1b97b6500f005b61569c7596892724a9eafdce1a35eb4062f1e36762739
SHA51234bb737789500b9865035a582582dcd4f07b23e3d58ca4e28c2037fb6f2a4be99038c2d073c876dead3fd382335ded78e93a8fb19c8e97f4cb379e5f2e8d8aa9
-
Filesize
1KB
MD5a5e89286dcd7e7793938dd8fb309e4f2
SHA17d2fb0fcb53508619d7c1dc7aee270d1be7900da
SHA25653ca131e5d26d69b6f4ab539fc778564341f60904d4cb25be8d7a33e7dd5da9f
SHA5124779ee3072292ee6812f5782d71e8b1236e9be357e15adc8b6d681e136d8ed8757dfa3ea6b26d35ff13aa608cfbf3df6ef11da474c80ffc51d2a5a3f08023c3a
-
Filesize
12B
MD5c14b5c57472b92f120f0c4772de266f0
SHA127df6989d0aca394f4392a5948f224b02c264027
SHA256937b09e309d2ca54bf86dae0877dd2d032e028970dd78ab72f5d3eb42516ec41
SHA512d7f541cbc5ead372ea401d81daff177519e3f01bdef0d01783662180a932ef45444ae29af408563b33b0655ac40b8b8e1f5be2129986469053281f608518a763
-
Filesize
616KB
MD50b8ceb72734d85ab057d0971905fc135
SHA1635591328a49575053ef994265a9d6bcf717ed5f
SHA2568c062c5b3282f7207ce0f27336b63a6f3c3df03cb6f4826f9b1c09cd9954f762
SHA512373b4223ed667adf11775177c229d6e4e4b8f73ef244a8ba46a22f3ba39174e881f809bbbb534f449feec487b62f77ed75a8cb2c9d6beac6c48af126685639e2