Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://work.ink/19k...

windows10-1703-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17/03/2023, 04:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://work.ink/19k/kittenassist

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://work.ink/19k/kittenassist
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3532
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://work.ink/19k/kittenassist
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3548
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.0.1550709960\1929645298" -parentBuildID 20221007134813 -prefsHandle 1660 -prefMapHandle 1648 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4df7e975-8426-4d98-9def-b5fb4439eabb} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 1748 20ff42f4e58 gpu
        3⤵
          PID:3928
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.1.721342038\600277353" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 21749 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bc15ff1-a1b5-4395-a6f3-6641c45e24a7} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 2196 20fe1870d58 socket
          3⤵
            PID:2628
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.2.2071359649\818579469" -childID 1 -isForBrowser -prefsHandle 2920 -prefMapHandle 2916 -prefsLen 21832 -prefMapSize 232675 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42c96b89-7a88-4bb7-a537-35cd8f31638c} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 2932 20ff8146b58 tab
            3⤵
              PID:1260
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.3.1768173344\2107915600" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1bd9450-c453-4177-b7c1-08cf9e3fd534} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 3568 20fe186d358 tab
              3⤵
                PID:1452
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.4.145889804\280580160" -childID 3 -isForBrowser -prefsHandle 4604 -prefMapHandle 4500 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36010720-f6bc-42ac-bceb-d703854e226d} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 4592 20fe182d858 tab
                3⤵
                  PID:5056
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.5.2102241597\2112764655" -childID 4 -isForBrowser -prefsHandle 4824 -prefMapHandle 4820 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e227002-396e-4902-9d3f-c097c56d08e6} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 4832 20ffa5ed858 tab
                  3⤵
                    PID:4428
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.6.627649371\1591970479" -childID 5 -isForBrowser -prefsHandle 4940 -prefMapHandle 4944 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02044fd7-8e92-49b3-9ecf-af88783da6e1} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 4932 20ffa5eab58 tab
                    3⤵
                      PID:4252

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\evlzgz75.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  144KB

                  MD5

                  8a80007b9b831059abd8e883ceba4380

                  SHA1

                  c39737343a9c5d20136155cc677c8c4be89078cf

                  SHA256

                  fee94a44197ea3b1f70db565a187888a204015445179bb36da562956079c0e2f

                  SHA512

                  9c75aef9c37ac7b1f5f527e569a38b94912f9136a73de19e76b9350c13e939c62b8c23ea158f8991d408b55271ac5d9bff52084152a0913992cda70f62425de2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  f843fc3b858888d342076c7199266348

                  SHA1

                  97dea7b7d8486f03cc085ef488fda80fe53515a0

                  SHA256

                  19b6e95d7e0e109333b648d994d42f1f8552467f8f43a4570f84dc5c5e2189a4

                  SHA512

                  9b25cfb2a279bda5827e7d4c3446c75cb5057e7a886e23b7f3eb44d3a2fbb04d19249ff423c821cc41ea7a6d8585fafb0b4f9ae8d54274883250c4a4a1c7c1f7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  d379ba01c369650fc13329ac86e834aa

                  SHA1

                  6cd1e7e1c84759955c83932d78dec48f314cee50

                  SHA256

                  ed876d6156e6f4d3f83b1992fcd14c34355c86d6e99de61a06dfc59b86adde4c

                  SHA512

                  6bbdf8fa2e07561ea934de6be468e5686a5ae2307d4640e078e783a4ec305beb2227fd4419fc878a24a76e52d908a671d433fab91442c631b60a03da53187f7d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  d06e5b79e5f971fabbfa3cd771d2977d

                  SHA1

                  d1df0bf73285459068d07bfbccf8cf56ba775288

                  SHA256

                  6a0b88ee2b950a78fd046d8969417ccf1e7a5e8c5196961164397b2961d91339

                  SHA512

                  acfd3b85f9bdc2875645732e5690379c79b821ebefbd000015acddfe61c7ad13a9807fb8f7ffe0abffa41410478366ada145b9fc60a9294f199b807210c00ce2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  13f4ea7224417985aabae4a2f59fc2ba

                  SHA1

                  2d20752d98ce84d37a69d349d2c008e302748b59

                  SHA256

                  929688d666a67a627252819b523a1a80c92a092a94b155728b8ae603ec370c4f

                  SHA512

                  0cf9e68368fff17491537a97f62cd1dc0ac9d1d7330cb2ad3f3e252ad973097fd53e416c70e9c0abb7a5cf97ac92e58f364fa96c47c95c071df71aca94dd8501

                  Download Submit