Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://freeinvite-c...

windows10-2004-x64

1

Analysis

  • max time kernel
    66s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2023, 09:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://freeinvite-chatclub.com/3IlqGrB

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://freeinvite-chatclub.com/3IlqGrB
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3144
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://freeinvite-chatclub.com/3IlqGrB
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3712
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3712.0.1066703679\986327645" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54f0ed53-fae6-4b20-969e-1ad2aec5a9b0} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" 1916 1fdb1482d58 gpu
        3⤵
          PID:3016
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3712.1.1783549066\508972073" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de799e23-4ef7-47fe-b32a-fa836e74ae45} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" 2424 1fda3472258 socket
          3⤵
            PID:5116
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3712.2.863089103\1445986336" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 3220 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1436 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b73fac3-4c21-4940-9d7a-96ff2d6f4417} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" 3348 1fdb0379858 tab
            3⤵
              PID:216
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3712.3.252005625\1610730590" -childID 2 -isForBrowser -prefsHandle 4044 -prefMapHandle 4040 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1436 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32ab0f80-cd69-4ddd-bd04-5626c47af2f2} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" 4056 1fdb57c2758 tab
              3⤵
                PID:4544
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3712.4.733048372\533024021" -childID 3 -isForBrowser -prefsHandle 4604 -prefMapHandle 4616 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1436 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {696d8042-4f64-45d7-9b5f-468467768ca5} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" 4644 1fda3465658 tab
                3⤵
                  PID:2364
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3712.5.130706579\489670543" -childID 4 -isForBrowser -prefsHandle 4584 -prefMapHandle 4456 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1436 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3847e1c-8085-4da0-b9c0-c0f40a02f935} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" 4660 1fdb3bed358 tab
                  3⤵
                    PID:2276
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3712.6.197319031\1756082357" -childID 5 -isForBrowser -prefsHandle 2824 -prefMapHandle 3224 -prefsLen 26924 -prefMapSize 232675 -jsInitHandle 1436 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eac2e1b0-433f-4ff6-8eb6-8cceb991c57a} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" 4804 1fdb3148858 tab
                    3⤵
                      PID:5000
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3712.7.1533341235\22904921" -childID 6 -isForBrowser -prefsHandle 4844 -prefMapHandle 2952 -prefsLen 26941 -prefMapSize 232675 -jsInitHandle 1436 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3b382c0-e383-43a4-ab10-e513951718fd} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" 5028 1fda3430e58 tab
                      3⤵
                        PID:2816

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    152KB

                    MD5

                    76c0ef52175bd7857d127c81be16ec6e

                    SHA1

                    b7208a36e566af9ace8cc25d3cbbc406d071631a

                    SHA256

                    8554d8476d4c4c7571f84c3cc0369ea227f4c97fc26e0f030a52994563690b77

                    SHA512

                    3b06056689640363129be37805a6473b4410078fab05c1aaa22571864f3d9d8096bf244d11184683ee370ef40c67be56f83b2c97df665deaa6c9888f1e98ae9e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    a466a629757139d4d10c7b43549eeb65

                    SHA1

                    47942bbe9fb9f6838dac1d0399557a9803775ab2

                    SHA256

                    40055e1dae75ce1174066103e5abe9b166697ed7bca8f1dc1cbfcb58f8f02179

                    SHA512

                    c3ecb7e274f6ada4e61b894a4f7c53068b837f74f34ca33db93851b8fd2bb4a491f2a082f72c5d8b84c57a93ead6cf93934a36d23a1feef2f65851455830b45c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    daa2e67aa17694ba67e226026b9264e5

                    SHA1

                    a4cf4920a3752eb69e1bf458adbfb8f699b04229

                    SHA256

                    809a05a442c87f81acbb4aa582123d090bb12e680e975878895b64eae07f7ddb

                    SHA512

                    00230691731296597ed9df60f70a8c01b1a654177547da630e24411cfb516e39bcd89e634f98e07c97e3ce419ec8737631387f78bf6919e3c56cabda485eddde

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    3f521c7e9ebe76d7e90456183ec7cebe

                    SHA1

                    88cd794666c7a86ed87593b2dd0be571167b72a2

                    SHA256

                    49addadae13b69f67b10d09bbc40e7dff0e356cfc0478d5f9f14451a84154714

                    SHA512

                    18d848ab8a350385f103d927bb1788a1b3610e35f72bfaf723e40b84829d47e769980f4bc42f343df48bc52851415aa9ed11de6d94f7eb1745eaff0b67efd8e1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    d46e07116ffdf143bce66f2d6889cbc8

                    SHA1

                    7b19a6d12d94ea666a00a0a2f3283395ed962bef

                    SHA256

                    ca058e36b33a5abf17f58b9b08a88e3a367067a3ca9321e9e2755df97eebe5d1

                    SHA512

                    1132683792a83add67af16b3938246b284c62df255a59814bf57c5c6b9b90da9e2aad2fe74aae2831b0d0bca9525c6b75697ec5e593305ad0c4a893692a37312

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    1984b45f201f1fd79d2154406648433b

                    SHA1

                    42f082dc6d4d43333688690bf4dfa7c7f8b618ab

                    SHA256

                    000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9

                    SHA512

                    e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    e1ab80b8ba1c81398279f90078e10d9c

                    SHA1

                    2eb7b49fa5060fae61f9ff3bbe81ffc19d36f508

                    SHA256

                    56e82eb0ab6fff7eb4491d1f47dad219b3bb2a6b385a83a089c35baa20faf84b

                    SHA512

                    200f18f7a23569f27ce0e575f021d21dff7c5f300dd92dcc773998e06423a625b0cb9ded0a1cebcc115b6cec610d382bcac3607ee56a7ca9b683841849a17a5f

                    Download Submit