Resubmissions
17/03/2025, 02:44
250317-c8ad2s1ky5 117/03/2025, 02:34
250317-c2ncbsxwds 1017/03/2025, 02:29
250317-cyyc5axvct 10Analysis
-
max time kernel
14s -
max time network
14s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
17/03/2025, 02:44
General
-
Target
http://h3a.in/jdtesc
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 18 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 19 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://h3a.in/jdtesc"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://h3a.in/jdtesc2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2016 -prefsLen 27099 -prefMapHandle 2020 -prefMapSize 270279 -ipcHandle 2096 -initialChannelId {659c45e4-2c49-4ab4-bc03-0efd33d5d531} -parentPid 4040 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4040" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2480 -prefsLen 27135 -prefMapHandle 2484 -prefMapSize 270279 -ipcHandle 2496 -initialChannelId {b816f352-5f95-4c7c-b45a-18a41f55dd5f} -parentPid 4040 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4040" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3976 -prefsLen 25164 -prefMapHandle 3980 -prefMapSize 270279 -jsInitHandle 3984 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3992 -initialChannelId {8488d343-6fdc-4fe6-a98a-6979b0ffe0bc} -parentPid 4040 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4040" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4152 -prefsLen 27276 -prefMapHandle 4156 -prefMapSize 270279 -ipcHandle 4120 -initialChannelId {7a2eecd7-829b-495d-bad4-9f23005c0aff} -parentPid 4040 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4040" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 1616 -prefsLen 34775 -prefMapHandle 2872 -prefMapSize 270279 -jsInitHandle 2884 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3104 -initialChannelId {937fa7a6-b94c-4e15-b7d7-6103087aa599} -parentPid 4040 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4040" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5084 -prefsLen 35012 -prefMapHandle 4964 -prefMapSize 270279 -ipcHandle 4968 -initialChannelId {c04e0257-9681-4ec3-b28d-cb3ce9568bf9} -parentPid 4040 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4040" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5288 -prefsLen 32900 -prefMapHandle 5292 -prefMapSize 270279 -jsInitHandle 5296 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5304 -initialChannelId {ecb2a85c-8811-4b43-b944-628f111274f4} -parentPid 4040 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4040" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5480 -prefsLen 32952 -prefMapHandle 5476 -prefMapSize 270279 -jsInitHandle 5472 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5284 -initialChannelId {dc555308-45e9-43dc-b4d1-2fc6ae9e5868} -parentPid 4040 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4040" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5748 -prefsLen 32952 -prefMapHandle 5752 -prefMapSize 270279 -jsInitHandle 5756 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5452 -initialChannelId {6fa88147-3a51-461a-bc36-e6cb9d78e51d} -parentPid 4040 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4040" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab3⤵
- Checks processor information in registry
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD5b028ec7247b9b8efcba43f76e5a7e85a
SHA1ff56452a478c552b89fc12b8023c366fde75e594
SHA256ecba1d3a4167b1ebdf3dfe4b961d6fe57f63d902e61a71da1ae8b90f8a962c27
SHA512c6d8972a65e440498b4fd1d7d64542e79dd605a9d601bf025de9fe70635bdf6d58febdc5180f273f35a9b6e1dd59321f26a52b89c1b77fc72c72804ea3187452
-
Filesize
29KB
MD57ec8ae37ec967f7b9c75920921bb243a
SHA11256523ad7a558df7a4a22fcacf24ca36fcba46a
SHA2562beb4345333876d0b7f228bf79a54f7056076ba58189e41fb9ae0a41c2931377
SHA512e6e0e0698e7025c7cb0634a7127ac73444655030e6f4bea813f410682ce33102a11ac0c663c6286be1f70ff4cdaf60c67e698cbe69f26e16da5362606019b40f
-
Filesize
29KB
MD58ffa74fac72911cb6dcde4d6cbece001
SHA169ff7fac92a5af5475b0c789e84930514348de4f
SHA2567292c2a99ef814159a76d03a32f8dd32b06301ab4873f0158d148d0cdb58705d
SHA51287793b26abc346c02513c32eb5bb2dccbbc608a067a97cfb3981e95a2fec008a21fc24e2e7018013668dfe352891a6483801017df851791e602cbfd3b3bdc837
-
Filesize
30KB
MD57cb6fd5dfb5d89605c24aecef9e1509c
SHA189c23542e61ed9ff0a937f0797e6cc9da8f7ac4c
SHA256eaeb1ba8b0b91e04670db5d4d11d125bcac3e7a94f6519d6f85711620fadb4d1
SHA5127f788feb7d1481d531271a085b97e5b674b18f7c97543e5278c05f7df38c19c5a0071fc0adae043d7ef76f90611a2890865f4fae6eae02a8cf49bf231707da1f
-
Filesize
1KB
MD56f2f5b5d77ec15aa0ff1b0b768269aab
SHA1891ff62c864354203b20e53e638b2608091bb97d
SHA25621554013f3eb7a4a92c6677d22d6e412ac6646007e12000180eddd808a1fd52a
SHA512fe2614de57d2ebc6325a6101187d6d7d8b148abf16760afa56fa4882667ce11614018731b586a322dcaa8b3c8c2e0a2572dd2074f271cb2701307192bafa86cf
-
Filesize
235B
MD531a7634724c713aa7ee53ec43cabce49
SHA1ceeab028a0d887c99ba515a67fe738b6f2a3f9ae
SHA2569b5825111abb3b11a1879bf9a8a80d1880bfa3fa31347f1a58294a29ac8bb46d
SHA5127278d11e3ef51a701c22e7d3c96214344f251da3e9ebf20571de7117af6883ab6895749e29a208df517acf04e4b0c854f3fe4ca80f4828ddcee709bd2739e167
-
Filesize
235B
MD5c5f8fdcb877abd5d8036c9c35339e1f4
SHA12300e6c620bfebbf940c901b9182de41638ce833
SHA256d35d80c3556d5a10e9c343904be8576d831adfe192db1d51fffb3b2c41003b84
SHA512db5468e50aa641bd3bae25980f08ebadd753f8f831ad64248fee1e35afc1e0f2df8b10f4db7dd9b334eb050f660bfa9994b35247598c77e57884f1ce42b9bfe0
-
Filesize
871B
MD5bb30ddbdbcdb450d04a1f4b76c7df2ff
SHA14231f096d106614375e6493f2babf8d9a3a0ae10
SHA25697fc7aa20d13ac36a8896026db73b9edfd09adabce47644833879b982e9bb56a
SHA512313d513d4bf04150fbefc83b45d87a52d71c39d0412d7a7201d206ea8f70c4238cde074394b46dafc0eb73586593430db389c59261c045895a2d53e47be6d86d
-
Filesize
886B
MD5783b06cc2f2d6dc170866e3a00ef86ff
SHA1019cc7183b800523d0277a41fa8ce55859c2429d
SHA2564642d88abdf6d947adf4dec0d730d1d0c547895283c29914c50e33ea0f77f81c
SHA5122f54a23b9bff5ab07d2092e7dff93754a1ad4a5eb10c02be1492ac40a2cd111ee34570bfb892b7b21322e5b48392c955cbaf9499a1a308b7c6b105dbc20f81f8
-
Filesize
2KB
MD5c53dcbb33d8d5780298776539877b04a
SHA1549c363b62599464783024fe2bd6913a26e408ab
SHA256c7cb60046f9f875168b50140a4baafcd1cdae2e1f2422f2c0fff318edfe73951
SHA512b8a0208c52ea40291ba97ad086d310af99642245bda7a6b1f5da083e18f18682e3d6d50e42f1c6af8cbe3231b0311ff06e499ac41f787dbad1b0fac3c2d83326
-
Filesize
6KB
MD52c543daee54b86d52732ebe322925049
SHA123e64ef50a465c0f7145f907427d409cf0be3f29
SHA25632b1cd48fefc2908b14b0020255cd4f0fe41bfb1726cf9e2347f6589516866a6
SHA512c41e0d29f886b486b3460782815b7bae83eee74613484aea2f4cb5db980c7461cc1298eb532652d4f4779753567ae5ca06b730c2d106434f90a7a9286dac9283
-
Filesize
333KB
MD5edb173dabd3062c273e966f9d40904f8
SHA1fac4cc0069679796f6370b618968b36277c03a28
SHA256ae4df31f361162e78a1244fe6879fc089b7eef4a6b78402f99285fdec73bc950
SHA5128a501fe0332c3fc3dc36119513d8c5e324b4ceff37e34a57bbde478ade6c8f4b5a4fd784a34b2929a67088caf0eedf10d17bda0d7cf8ac8ab9566b9d4f8cb739