Overview

overview

1

Static

static

1

URLScan

urlscan

https://zoom.us/my/f...

windows10-1703-x64

1

Analysis

  • max time kernel
    300s
  • max time network
    299s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30/03/2023, 12:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://zoom.us/my/fergusonandreawestmoreland

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://zoom.us/my/fergusonandreawestmoreland
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1608
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://zoom.us/my/fergusonandreawestmoreland
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:64
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="64.0.326928707\1010243917" -parentBuildID 20221007134813 -prefsHandle 1652 -prefMapHandle 1644 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41a796b4-5a8f-45fd-a3ff-469d10de4e5f} 64 "\\.\pipe\gecko-crash-server-pipe.64" 1732 21792916858 gpu
        3⤵
          PID:2772
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="64.1.685161544\1880061896" -parentBuildID 20221007134813 -prefsHandle 2164 -prefMapHandle 2160 -prefsLen 21749 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a35c92ca-5daf-4347-91aa-133b6193d49a} 64 "\\.\pipe\gecko-crash-server-pipe.64" 2176 21790c46858 socket
          3⤵
            PID:4756
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="64.2.408048207\252788786" -childID 1 -isForBrowser -prefsHandle 2820 -prefMapHandle 2816 -prefsLen 21832 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a45ab46e-d247-4060-888d-0298e4d47e8c} 64 "\\.\pipe\gecko-crash-server-pipe.64" 2792 2179562e158 tab
            3⤵
              PID:3772
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="64.3.698096310\527587732" -childID 2 -isForBrowser -prefsHandle 3780 -prefMapHandle 3776 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33dd8e94-6db7-4720-bad6-16fbe12be837} 64 "\\.\pipe\gecko-crash-server-pipe.64" 3792 21796be1d58 tab
              3⤵
                PID:4328
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="64.4.1395377517\1673774017" -childID 3 -isForBrowser -prefsHandle 4364 -prefMapHandle 4360 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55cc107e-5971-4ece-a2a4-15ec867fd28d} 64 "\\.\pipe\gecko-crash-server-pipe.64" 4372 217940e7958 tab
                3⤵
                  PID:4936
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="64.5.1260479946\37955303" -childID 4 -isForBrowser -prefsHandle 4632 -prefMapHandle 4628 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1aa78bc-d703-4cc9-b2e5-250e40bf8507} 64 "\\.\pipe\gecko-crash-server-pipe.64" 4120 217978b5258 tab
                  3⤵
                    PID:4264
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="64.6.261330473\893940497" -childID 5 -isForBrowser -prefsHandle 4760 -prefMapHandle 4764 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8f23aef-7f6c-4696-b3db-ac393b3b1850} 64 "\\.\pipe\gecko-crash-server-pipe.64" 4648 217fb360d58 tab
                    3⤵
                      PID:4236

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\evlzgz75.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  150KB

                  MD5

                  c05dfc6b5a549b4908019d84dce68139

                  SHA1

                  a3ab7167e144a104a6e79d696e9c3ed12b31395b

                  SHA256

                  195fa8160bd93ef57eca49975aa38e5054a18a5739813a7646aa60876a42b338

                  SHA512

                  8c40349da4f1f924465742f6b3e02b6126ab6e9c1e06381ba5adc3784a012094268e3da7e81ae34636525d4e1893f801bb0847151c9b4f3cf98941ce04d9672f

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  7KB

                  MD5

                  fc13df9bda89284092209136719393aa

                  SHA1

                  85427f8e3d4efbd71764bc773d0fad83261075a3

                  SHA256

                  1d285ff07ea47726c98c6344a2f2f153d132a1388bb224e3e87301a31a798bcd

                  SHA512

                  e75d5fdf6ec1f1d08d54fa7fbd4d7127dce2baa25654776b5244316cd190f4eb3eda5daf7efaacb9e15b4e8d775197da3ff6f78e9dbd37c58498b6b398d5737a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\bookmarkbackups\bookmarks-2023-03-30_11_yyzQT6zYKGzzlFbJAldNzg==.jsonlz4
                  Filesize

                  944B

                  MD5

                  6e888dd6fcaf9594a8c4264b6803875b

                  SHA1

                  b2437376c810d15fd5bab09673a2d2ede1c088bd

                  SHA256

                  26e32f944b43b35bb48ccab93e4b9e63d490da27e0f8c26afe10a193a21b03e1

                  SHA512

                  cc88f691a29b9a30abaed808025cfbccaa251a2d71b32fccac292930142f0b8450cfd2e4a14a6e65fd7d3f4dee562bcde642648e0affe0763b08d34c1f699a84

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\broadcast-listeners.json
                  Filesize

                  204B

                  MD5

                  72c95709e1a3b27919e13d28bbe8e8a2

                  SHA1

                  00892decbee63d627057730bfc0c6a4f13099ee4

                  SHA256

                  9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                  SHA512

                  613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\cert9.db
                  Filesize

                  224KB

                  MD5

                  5d31cd783d1d5f8926c6c7dba5097453

                  SHA1

                  dbc366e790d4476c47b93922cde5a3cc70dbbad3

                  SHA256

                  ca63a5a0d2e8f0a5eaa85979d791acf421d45484c55bdc8c1750b76cc2b5662f

                  SHA512

                  4e730bfdaa6eb7a08ad6c00e8fffe47028b66b16413ed1d700cbf6a56b5b5f1ced989d11209b7025d60279d9fca36c8884455e1a195e086ff71adc26e09bda35

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll
                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  f843fc3b858888d342076c7199266348

                  SHA1

                  97dea7b7d8486f03cc085ef488fda80fe53515a0

                  SHA256

                  19b6e95d7e0e109333b648d994d42f1f8552467f8f43a4570f84dc5c5e2189a4

                  SHA512

                  9b25cfb2a279bda5827e7d4c3446c75cb5057e7a886e23b7f3eb44d3a2fbb04d19249ff423c821cc41ea7a6d8585fafb0b4f9ae8d54274883250c4a4a1c7c1f7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  933926bac561492b75e29876299146b5

                  SHA1

                  e7efc84eb47737a346bdcba8847913d3fed79f79

                  SHA256

                  7becd0ecd2d7e2f1bd921cefc5757305e40ab41518142c647dac19c8a28e048b

                  SHA512

                  2adb4ea2bbeb7500241829d75c34e4033a02c1ad68bf8f7e17efda2e4daccc7eea7f33c821d53c9c8e1c38f2bd8297469735e0bf9196190b3e926e309c472686

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  c87908731e4fcc6f79ddc1d07d827dfe

                  SHA1

                  c3a8262abd6f691ac67c680688aa8ea1b7bb22e0

                  SHA256

                  e4c28e7aabae3406ac7a3e8242d3ec3d46bf6aa0b2d4ade471af690e1d389e47

                  SHA512

                  54bccc7b354efb974dafa6484a19cf979d41d58d820cd3bbcc25c8f89bd679b04cfdf847eb56896f96d6105489d370963cc6fb27dad2b66edf29e3556d6ee99d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  13f4ea7224417985aabae4a2f59fc2ba

                  SHA1

                  2d20752d98ce84d37a69d349d2c008e302748b59

                  SHA256

                  929688d666a67a627252819b523a1a80c92a092a94b155728b8ae603ec370c4f

                  SHA512

                  0cf9e68368fff17491537a97f62cd1dc0ac9d1d7330cb2ad3f3e252ad973097fd53e416c70e9c0abb7a5cf97ac92e58f364fa96c47c95c071df71aca94dd8501

                  Download Submit