Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.amazon.c...

windows7-x64

1

https://www.amazon.c...

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2023, 00:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.amazon.com.au/gp/r.html?C=12A33WSA94F8A&K=Z1HLO6YYZTMD&M=urn:rtn:msg:202303121154213982e8b63b294333bd55956e2250p0fe&R=2VXELGJ5LTWW9&T=C&U=https%3A%2F%2Fwww.amazon.com.au%2Fref%3Dpe_19115062_429591322_TE_logo&H=X4ZHCAZNU2A3DAOGLKVEPSDSJSSA&ref_=pe_19115062_429591322_TE_logo

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.amazon.com.au/gp/r.html?C=12A33WSA94F8A&K=Z1HLO6YYZTMD&M=urn:rtn:msg:202303121154213982e8b63b294333bd55956e2250p0fe&R=2VXELGJ5LTWW9&T=C&U=https%3A%2F%2Fwww.amazon.com.au%2Fref%3Dpe_19115062_429591322_TE_logo&H=X4ZHCAZNU2A3DAOGLKVEPSDSJSSA&ref_=pe_19115062_429591322_TE_logo
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.amazon.com.au/gp/r.html?C=12A33WSA94F8A&K=Z1HLO6YYZTMD&M=urn:rtn:msg:202303121154213982e8b63b294333bd55956e2250p0fe&R=2VXELGJ5LTWW9&T=C&U=https%3A%2F%2Fwww.amazon.com.au%2Fref%3Dpe_19115062_429591322_TE_logo&H=X4ZHCAZNU2A3DAOGLKVEPSDSJSSA&ref_=pe_19115062_429591322_TE_logo
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:824
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.0.245308185\211620182" -parentBuildID 20221007134813 -prefsHandle 1184 -prefMapHandle 1176 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85fb7170-8179-41f3-9793-43e8808c3df9} 824 "\\.\pipe\gecko-crash-server-pipe.824" 1272 f217158 gpu
        3⤵
          PID:1680
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.1.138708923\1505951354" -parentBuildID 20221007134813 -prefsHandle 1464 -prefMapHandle 1460 -prefsLen 21751 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18d8f176-92e4-49d5-9e29-952cbed3ddfa} 824 "\\.\pipe\gecko-crash-server-pipe.824" 1476 e75c58 socket
          3⤵
            PID:2036
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.2.1132702495\868541557" -childID 1 -isForBrowser -prefsHandle 2228 -prefMapHandle 2224 -prefsLen 21834 -prefMapSize 232675 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b201adfb-d62e-4da9-81b6-1a950c6bc30c} 824 "\\.\pipe\gecko-crash-server-pipe.824" 1896 1a29c558 tab
            3⤵
              PID:1620
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.3.1665518547\1499263079" -childID 2 -isForBrowser -prefsHandle 2728 -prefMapHandle 2724 -prefsLen 26564 -prefMapSize 232675 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7be0543c-46ff-4588-a8e9-063b153122f3} 824 "\\.\pipe\gecko-crash-server-pipe.824" 2740 1b747b58 tab
              3⤵
                PID:1140
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.4.838602363\1226482433" -childID 3 -isForBrowser -prefsHandle 3464 -prefMapHandle 3468 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {898b90f3-6e5a-4b18-b4b9-105009c5999a} 824 "\\.\pipe\gecko-crash-server-pipe.824" 3248 1d46c458 tab
                3⤵
                  PID:2280
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.5.504605020\165325935" -childID 4 -isForBrowser -prefsHandle 3580 -prefMapHandle 3584 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe729b2e-d7ef-4259-8d8d-39ef02290c4e} 824 "\\.\pipe\gecko-crash-server-pipe.824" 3568 1d46e858 tab
                  3⤵
                    PID:2288
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.6.1174845261\338790873" -childID 5 -isForBrowser -prefsHandle 3744 -prefMapHandle 3748 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ec9093e-936b-421c-8f64-aa4eb59bde89} 824 "\\.\pipe\gecko-crash-server-pipe.824" 3732 1d46d658 tab
                    3⤵
                      PID:2304

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\841yyxv3.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  148KB

                  MD5

                  ed0185198805f8ca8678c6e915e2ab0b

                  SHA1

                  b3a9824a4f490ba3f8bc9465e761609adb9508f0

                  SHA256

                  bae61212492d009e454fcd8c81153c8996662d171ac719fff38bb4707cf11f5f

                  SHA512

                  2b44441c1383ebf3164f968b5847c2c11f0e88c2cafcc06b73afa01bf0b04a37f643a7daf95f883e582f9ae387e86d85fddeae5f66515dd8b14ca8684d18179c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\841yyxv3.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  af5e0d0f83969aaeb4fa6e78d6f95a24

                  SHA1

                  2bd8d80e93e21ac00bcd76ace582b012c30a7e66

                  SHA256

                  ea920c40489f3fe7fc1e02d86070da051c38ac5ef6950a15955116f7bf2e0891

                  SHA512

                  7124e5e077ff990e53c23f8b4c87ccb485ea2f7e28b1e465846aa2f1b4190fc1ccd905a8a2d10b7c7373f0bb5e4a4f0b37da769e5fb877099b61201fbed50b52

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\841yyxv3.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  937B

                  MD5

                  eb9d1cbbc336f05cfd61ddabf5194647

                  SHA1

                  c7e9d0f821c32f2747a473b8362e216f679e4cbb

                  SHA256

                  a1f41f7acfba27e724cfdd354e9c6b0dea6ab8266812f71ce52d558ac355afa6

                  SHA512

                  acc3f24e0170d7955c5e7465fc1c434d551b0fbdede38a80f4e706b973716aa8db8b702d9e0289a3f5082fb6024d0862b59ae0ccfad8b5f12191a20308451d8a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\841yyxv3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  2a48c93f6e80d3db2dbb31544e1772ee

                  SHA1

                  9bece495f40849902266b2074287b1390c66563f

                  SHA256

                  84148e2e5162bb191feb358bad138ed7eeac5d059ce8bf29ade690359218416e

                  SHA512

                  1dff93d2b80db14e1acf5b43524598554dc3a75fd73e668c550a62d66dd59b3eeb657d06a1f8344765bdf6dab230c83fe894a0f9e416ea2c7392ec254833c009

                  Download Submit