Overview

overview

1

Static

static

1

URLScan

urlscan

https://www.google.c...

windows10-2004-x64

1

https://www.google.c...

macos-10.15-amd64

1

Resubmissions

01/04/2023, 10:58

230401-m2yheaah8y 1

31/03/2023, 17:10

230331-vptmpabh68 1

Analysis

  • max time kernel
    150s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/04/2023, 10:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.google.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.google.com
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.google.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3548
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.0.1459088811\1851095958" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1852 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c40efe8-c5b7-4d49-adaf-5a9e567f8dfe} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 1916 1fbffa12f58 gpu
        3⤵
          PID:4216
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.1.908672174\643622787" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e19f448b-58d1-47a0-a11e-065578d9263f} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 2424 1fbf236fe58 socket
          3⤵
            PID:2468
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.2.1584640974\810404596" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2920 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4a9cb18-8e4b-4c4e-9611-fa117674f0f1} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 3068 1fb8313d158 tab
            3⤵
              PID:4352
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.3.1914974225\393316978" -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3164 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82a18810-c4f1-4047-af2d-870d16458415} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 3632 1fbf232db58 tab
              3⤵
                PID:4640
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.6.2009866673\1954987531" -childID 5 -isForBrowser -prefsHandle 5264 -prefMapHandle 5268 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3286027d-7ee3-4cb7-a1f1-dc4b9c28baa0} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 5348 1fb8579df58 tab
                3⤵
                  PID:3428
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.5.1638464810\1574632594" -childID 4 -isForBrowser -prefsHandle 4932 -prefMapHandle 5020 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96f0fb81-d070-4000-8570-27b27aa1c76e} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 5128 1fb8579c758 tab
                  3⤵
                    PID:3440
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.4.1627885008\762813910" -childID 3 -isForBrowser -prefsHandle 4920 -prefMapHandle 4908 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5b4b0f6-709a-4364-bad8-aafa1024c3ba} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 4580 1fb8579d958 tab
                    3⤵
                      PID:1156

                Network

                      MITRE ATT&CK Enterprise v6

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        153KB

                        MD5

                        d7dd8fbccfa21823f78a2739b7fa63a4

                        SHA1

                        07a129da0c9033b1b7c9e3d675062882eca30655

                        SHA256

                        7f512b8d58a4bd0b92445d582079e4b8797979d3be9844b821474dc87a85fe24

                        SHA512

                        d5574b72c95648c731e9d1f2e8ed09ed882d4ee8c03821b8fac64e4958fa4ddd08942fe105a700db06ad5fd234f316886e3edca4b81474c94177325236187284

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        40b1bfa74c9eae8c01e811b92cdaca1c

                        SHA1

                        fe4d86702d6dc5a2bfe38a657acae73105d7d708

                        SHA256

                        d21c2ffa2bdb6c49ab0274fdd69a3cd8862f34290d8ffffffc9d53af09ffc2d3

                        SHA512

                        ab837b7916095ac2d08d352dd6066ef5546ce2dae52a1fb0261c1fd59bc205ac98f645ef29bcc346fe3fb9113775f35229533b08b81c37c85a464075783f4f11

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        aaf681a9aecca361d80bfa933ae947e4

                        SHA1

                        400b7e9275af57ce30d6206606c358aedc33b71c

                        SHA256

                        d0c55850eba763ac0fca6f9a8b3f0aa5e9df04671a1263bccb59764408d50e5d

                        SHA512

                        8816562d14c43c1a39a5152ba5660a53a88a22f5fd54633eb0ac7fe5d2341b3d1bb9f22237bacea6b2061f6325713057b9250c3496d5fd06ee7a4d5969804b0b

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                        Filesize

                        7KB

                        MD5

                        780c79c0b6c9e492eb5dd62f52c021a3

                        SHA1

                        81b1fce953e871c71231832f9f62885a10b595b0

                        SHA256

                        40c414f1552e8b56780f3583b75b95381b7306d7de4eb110621d7a76494b809d

                        SHA512

                        e2e09ffc109551297b588c4d25d7ca931411c493df848b9fe9d172222c743b32bce7cba00345bc96b97b67798277eb828cc8723f6eaf032bdf92af30f2b07e5d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                        Filesize

                        7KB

                        MD5

                        97796cf6f4590d2ade0ba68b9725aca6

                        SHA1

                        912788400cb73063864874ce1861f27556d02369

                        SHA256

                        e7776f5c76b66868415fa076c197b547d33bef061ce0e9ef86566705ed18f286

                        SHA512

                        c805b40d2fe1ae991c64f351829df257f998f193b315c3434ee6f01ffa6f4087049816761bd950ad292366c9fbc5e63e4e41692ded68ad4f15ddb5cd5670da47

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        f560e6dd82a2c115e7d53dd84eaf2809

                        SHA1

                        75e9667903b213dd1d61b24768c420b2b2eb895a

                        SHA256

                        3bf81997a8ac93cf9be01110e81df65fc1a85f0ab1027e935db27fe25b0c848f

                        SHA512

                        8fa7e7be37d33afbd81237236f6e4d8ede4b7ba6ce6358a3ee6ef23d76513fcd6f1df80854ea5aa8b0b03fbbc81aea69f7b576c8eac66adb7baa0408bb281115

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        108b97b1ff7efbdb1aecce96d55ff2e5

                        SHA1

                        bb72b2e0c3d859fe5e821632307a32df331b55e1

                        SHA256

                        c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

                        SHA512

                        e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        4KB

                        MD5

                        80f6a75d14fcb8eb45959e62b42f120e

                        SHA1

                        ff6b8773a6ba5271ecd782886fb363ee929cc0ef

                        SHA256

                        a1c1d86071e8a4bbe952ebb2b3a44042b5f15b7b408103e132eda69cf0ae0e22

                        SHA512

                        c5ecf5ca007ebdfd071dca2eacddfbe26e929981173a9e5c10cdae756fc8f910b5bb7d1f0b89d1f6da04fe4e5474e65009094823587045bda7ac0d8b405842e8

                        Download Submit