Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://www.rbdprojek...

windows10-2004-x64

1

Resubmissions

01/03/2023, 08:48

230301-kqgpeafa4s 1

01/03/2023, 08:39

230301-kj9rlsfd76 1

Analysis

  • max time kernel
    13s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/03/2023, 08:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.rbdprojekt.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" http://www.rbdprojekt.com
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" http://www.rbdprojekt.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1508
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.0.677245480\646189940" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45c22f07-8695-4ae2-949b-b5e69e01b3ab} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 1940 20f54b1ac58 gpu
        3⤵
          PID:3744
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.1.1398167948\547592287" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6abc580-fc36-4a83-ad0e-2a6cb5e4fa4a} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 2424 20f46b72e58 socket
          3⤵
            PID:1540
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.2.2015169586\1952726387" -childID 1 -isForBrowser -prefsHandle 3180 -prefMapHandle 3144 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efd3122e-b9df-4227-a649-b87ba3cbdc65} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 3192 20f57a1a658 tab
            3⤵
              PID:5044
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.3.1066354318\1695553614" -childID 2 -isForBrowser -prefsHandle 4100 -prefMapHandle 4092 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68bc6cd7-dc9e-4e6b-8e26-5bf0905220f3} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 4112 20f46b6e858 tab
              3⤵
                PID:1492
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.4.1667795559\1683153269" -childID 3 -isForBrowser -prefsHandle 4120 -prefMapHandle 4036 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3e82737-4c6c-4642-a438-c0596529114f} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 4320 20f59242f58 tab
                3⤵
                  PID:2564
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.5.966157493\906510523" -childID 4 -isForBrowser -prefsHandle 2984 -prefMapHandle 2972 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47dfb154-1777-4537-80a8-2b7c5ef5f848} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 3436 20f565bbb58 tab
                  3⤵
                    PID:3364
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.6.2117055601\1450026163" -childID 5 -isForBrowser -prefsHandle 4836 -prefMapHandle 4828 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9278fd33-974b-4874-b849-dadfd0c61818} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 4820 20f5676a658 tab
                    3⤵
                      PID:2920
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.7.2050163071\1256631122" -childID 6 -isForBrowser -prefsHandle 5008 -prefMapHandle 2980 -prefsLen 26924 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62d99466-28a2-4cc4-9576-b6400c878f7c} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 2212 20f59241d58 tab
                      3⤵
                        PID:3360

                  Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          158KB

                          MD5

                          e0909d43db945a4262adc740383e6e0e

                          SHA1

                          f90d8bc641934c25c471157f5eba1bef8204b51b

                          SHA256

                          44c87d5c31dd52a3d57f313fd83850688932f11bda386004f0d724fe189ac4d8

                          SHA512

                          566d2b5e5153f50d37762378b50647a4905ded386144a5801fcdf9c6e1dd81c5be5ae4b29cfd51fbd8d15e6e2f7ee24fbb13a5ab9b38155f80049da3096585f3

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\25218
                          Filesize

                          14KB

                          MD5

                          65c3c567488c50d29124b2b5aed47761

                          SHA1

                          69bde109f0a434c8e14e6d1af60c0cfe37dd17be

                          SHA256

                          b086388044d401888afae31ddf1eaeab3002a574a480b7dba6de71a037d29f10

                          SHA512

                          48afffb7687226cbc95548b764421a1a566442e1e55b2aefd9a76a32888917be09374493f5e74ac9611bac58cddd38f8f63ace08624e0ff697b9dea4992a35a0

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          cfbfa834c6660d5b0a2ce7f8984f9cd6

                          SHA1

                          60b2a66c5a8b602c65c33882269bc6d20f9fe95d

                          SHA256

                          626dd029f443ba732f1980cae13f6fae5b5dd3c86601403a446ff4c7e0534da0

                          SHA512

                          381c14f9c277e515048b31c965130bcdbe267646564cf6fc11ae257fdca64c6bc95b845f8c5ca2d8e8e7aba2f35ff57a52eb3fa610a6282e07efe2527666b009

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          e08db1f59ec9c3df5a6a80ff7414f6fb

                          SHA1

                          98335b19cde4adcd65c18d6103f81d63dd41d3c3

                          SHA256

                          bb327369510b130b60023b42965122e41f8d0e497eccaed96ba286553d000eb0

                          SHA512

                          ecc9ecb202f2a91773cff468561534bb79467395adff86a36f700d9f5146249efb682cff4764cdb5a35c82fd20168782cabf5545719ced16445e60e8f69b5ad4

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          dcb3ba21554f9375d19fd10d9e09a810

                          SHA1

                          8072fd1ea4a19f72a741b18e00e6aebdc474b60c

                          SHA256

                          4bdfaca82764bb9f8d8e07bcd9a64d62224a8a58586f34992ab8b925b85ad5b4

                          SHA512

                          827b092a049992969d61c3c94c15d4051dfad1f36b65ff054a25a87a0b037ddc91fd4473656abfa21ecd6141fe18cf8605b66c5077156ad4333c45a5123aa4ac

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          0c6d2b07be1a6765c711b4fda160f131

                          SHA1

                          60f0b37aa3bb2421b272f8da3768d0a42b5c0a1a

                          SHA256

                          8708ee492fd245294b9b9f7ade3525e1a06ddb41a53c4fcfd7d4e74593a7e726

                          SHA512

                          e2b39d20f6e43fb87d7b58c9bef3486ce4a6ff18490fa2c1eeee1634ff2ba44d7f962d67d2a563e72dcd62454da19232016a8547db93c2f0fa33f0d3c72c9600

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          03cf71cfb002e4612cf2e82bd889a767

                          SHA1

                          50927daef696f9581b58535103e97ace952a78f0

                          SHA256

                          14e166fd6c79e38b0e77f1ae42196ba72a0f7baa7dda23a5b8f85024955c871f

                          SHA512

                          8df7b6625d342169b118b488fa258eb109c1f26f873be2b44fd8a39cb91e745a72a889504a6f28e4a2906a2a2172c93d7082c4621f564f57a1325eef273540df

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          108b97b1ff7efbdb1aecce96d55ff2e5

                          SHA1

                          bb72b2e0c3d859fe5e821632307a32df331b55e1

                          SHA256

                          c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

                          SHA512

                          e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          4fb4490c75f34c6d36919384213e4d4f

                          SHA1

                          915a4ec8a7be04a2d06fdec0ba5d07957ee41d14

                          SHA256

                          09c5769b55fcbd5f4e04e3273a1b1350c7ff510bbfd20bd76f055c3e2300f61f

                          SHA512

                          8bb7e635281786a7b420e01f63fa8221cb0cec4d4c3ffd0f39e46afab46cd88cd02595863eb442ed094528c37230ac7f64f7797df8fc2a3b3e1be8f0b6ce3678

                          Download Submit