Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://barketice.org

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-03-2023 11:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://barketice.org

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" http://barketice.org
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" http://barketice.org
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4280
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.0.996214903\1568112913" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {145329cf-a755-47e6-b6e5-9a6bf8b99ef0} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 1900 2885f3a8858 gpu
        3⤵
          PID:4108
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.1.1482586956\1135815946" -parentBuildID 20221007134813 -prefsHandle 2396 -prefMapHandle 2364 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d95b61f8-178f-4043-9318-0b81c8204d66} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 2408 28851271058 socket
          3⤵
            PID:4472
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.2.908154774\1764650738" -childID 1 -isForBrowser -prefsHandle 3392 -prefMapHandle 3388 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c40918e5-9e4c-480b-b9cf-148654ce206e} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 3400 28861c0c158 tab
            3⤵
              PID:3612
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.3.1954246126\1120686389" -childID 2 -isForBrowser -prefsHandle 4144 -prefMapHandle 4140 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d38fe1d-0102-4a23-98e4-28528f10eb99} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 4156 28863af8e58 tab
              3⤵
                PID:4104
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.4.1793110447\1801161224" -childID 3 -isForBrowser -prefsHandle 4736 -prefMapHandle 4664 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2f27bdb-9787-4b35-8d68-727602a59d32} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 4756 28851260a58 tab
                3⤵
                  PID:1160
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.5.990829100\153225667" -childID 4 -isForBrowser -prefsHandle 4592 -prefMapHandle 4744 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {036b6a6f-7d2c-45c5-a2d9-9d91994c514d} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 4776 28860ea8b58 tab
                  3⤵
                    PID:3792
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.6.2051610774\283290966" -childID 5 -isForBrowser -prefsHandle 4936 -prefMapHandle 4924 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f45199db-7a5a-41ba-b3c7-26fe55cb4a1f} 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 3944 28863af6458 tab
                    3⤵
                      PID:3220
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                  • Modifies registry class
                  • Suspicious use of SetWindowsHookEx
                  PID:4424

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  150KB

                  MD5

                  583c481e34e1923278a64afb07d8e4f0

                  SHA1

                  ba19b2df5fbeec2b2a36810612f5ed8656eec92a

                  SHA256

                  56e8c2299a879c2ed5f3bd80a7971b7ce84a9d8713ea8c8e116f1e14bc1cb142

                  SHA512

                  1c9e61b77d6136eb646cac135274703e68089f1c58779d7b22443f52d446110fc27bf25510aa362d26a23cf38c8ee30a82a32135caecd4054725439c33787cc5

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\16681
                  Filesize

                  17KB

                  MD5

                  5799ca59fe0820078fbbd4461c13da55

                  SHA1

                  98d45191912011efa00c6943ed8c3e284bc16c7b

                  SHA256

                  1fa9c38072b2c5a1092c37eefd0f148cfad452ecff44043147eeb0774fa6e608

                  SHA512

                  061a5bddf1ef6ec1dad67ce646246927d28abea9ccf71052ff9395210cf8058d1ff68931973b4a23cf7f396fce215c0b565f61a7c79635a4276682a341ecf959

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  e4534a3fd0dfdf1850b9f6e7759ab637

                  SHA1

                  c67d949652eb2f868873bc915c4c3f470b643530

                  SHA256

                  d5a8a06b62b96dd1989d7850430b754df30ddc29da4bfb3ba7f79335ede074f8

                  SHA512

                  f42eb840576c9133c038bcf517d9b07e91b9d33fc39639abea8fb03523dd4d4769ba3f7242f4245dad32095ab988dd9787eb48bc4799dd512c4cc1bef8081ecf

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  7a7fbb728deb8d8e8955d5983a4dd2d9

                  SHA1

                  42318b2127635e3ba23da673eb5011ddad882a99

                  SHA256

                  1000735e118924d9fa3047207dc1f825c883b8b14e75660f0f3884d32de54aaf

                  SHA512

                  f0ff92a190b193d5a95dcb0a17a0f63c1359e7d40c66098cf7515806286216ae28b5961224482fd800a3cc9497d80044fd906e1ddb8d341d628346c11bf739ff

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  bf3d1cdefc2faad65e7ed552be946531

                  SHA1

                  e8164ce9d4356da70c89a763c18825c0ba06170e

                  SHA256

                  5eff66b5b8dd75a9c4265e23a0fab035dbf5e940912bff4525e818b786f6c27c

                  SHA512

                  6b59941ddd54ad5f1cf4479547c0561cb1cd989f8ecdaa8a85d9e7b1424c7000d2f255493fcf90b7c7324dc7ef37b1fc4a021b31fdb4baee7e3191f8ea5ae6a9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  1aadec1d897c7bde251282883821dcc8

                  SHA1

                  fadb7252002ac128d2dda5047ccb4787562ff43c

                  SHA256

                  fb690a226cefd612ba0256fd080d622cadb9a83d94f82a91cbb9ddfcb16776bf

                  SHA512

                  d76f2730d067c9c70b89329d6673cd596e8a043dc163d3276a0f7189bbad0a404bb37133a6b2bc383e46af7487edccf8c688f42977c23ce8304085671a284948

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  feb8a52858c8167a58f36caa1b37f116

                  SHA1

                  7ae7f9d2721ae3c579f9e18e4fea679e8c848158

                  SHA256

                  adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

                  SHA512

                  109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  cd0e23dda9e70329e6a360020fc35636

                  SHA1

                  fe87bf052c5b77b01fa337ba506e880e1b41e063

                  SHA256

                  3f95463b6e5a4235d2442b86fa573aad062ca374af99ae5a319f032ce5137a71

                  SHA512

                  3f72c2cc14a63f5bc3d6f79c45197b0117cb47982589faffed60fea6bf6d48b0273a059e0001147acec2bdf2b1c748e88dfa6728da280b543d2e512ba9836ec2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  e0d18955e29426b6a5b3a9b192e383bf

                  SHA1

                  72b798473f0f95a24762b845c097072fdb9d79a8

                  SHA256

                  ee03cbb6cd7eb8767b4fc222564f99543f66c2687650d6e268af4aee94eb548f

                  SHA512

                  1b764545ee84b4ec90c25d9cd4ec5b67c29f4b5a48b6d3078c886cee54a06b909555a7bca81d03a8e1df00c226668769978e9ca341f095053f8be23e6066ead3

                  Download Submit

                • memory/4424-3433-0x0000023C757C0000-0x0000023C757E0000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/4424-3438-0x0000023C75780000-0x0000023C757A0000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/4424-3440-0x0000023C75B90000-0x0000023C75BB0000-memory.dmp

                  Filesize

                  128KB

                  Download