Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://multilatinom...

windows10-2004-x64

1

Analysis

  • max time kernel
    29s
  • max time network
    30s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-04-2023 13:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://multilatinomarketing.com/PDFl976gs.pdf

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://multilatinomarketing.com/PDFl976gs.pdf
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1224
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://multilatinomarketing.com/PDFl976gs.pdf
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3560
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.0.1316839390\1636878874" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa4b26b9-09e6-443d-bdf5-b21e9f093155} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 1900 1f18f8a5258 gpu
        3⤵
          PID:3912
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.1.863745522\1303960599" -parentBuildID 20221007134813 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {093ed76a-2940-4de6-8f8a-dc48de294e2f} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 2408 1f18186fb58 socket
          3⤵
            PID:2852
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.2.1857491345\1141164580" -childID 1 -isForBrowser -prefsHandle 3100 -prefMapHandle 3092 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f35c9f9-44d6-4702-ae7f-837da5180269} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 3104 1f192713f58 tab
            3⤵
              PID:4028
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.3.1204648948\320650768" -childID 2 -isForBrowser -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71aac269-60a1-46e5-abf0-1e39f10e2c7f} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 4092 1f193bfeb58 tab
              3⤵
                PID:1968
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.4.1446013041\919789017" -childID 3 -isForBrowser -prefsHandle 4728 -prefMapHandle 4228 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8601504-6a63-48c9-83e2-8abbf82e975f} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 4716 1f1948a4e58 tab
                3⤵
                  PID:4752
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.5.93655629\79207227" -childID 4 -isForBrowser -prefsHandle 4560 -prefMapHandle 4552 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adaba795-bb99-4dfc-a605-55dc9244f92d} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 4836 1f1948a5758 tab
                  3⤵
                    PID:2108
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.6.875154895\211047336" -childID 5 -isForBrowser -prefsHandle 4956 -prefMapHandle 4916 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9062c589-3b19-4a3b-9e74-e52e37ec33d9} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 4960 1f194d5d758 tab
                    3⤵
                      PID:752

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  143KB

                  MD5

                  2fbbb0141103762d8a13a9552d63e682

                  SHA1

                  d8d2ee139ff1af2b4d639419d2cfacfa89fcae29

                  SHA256

                  d845d3f9c080e164cd5c9862f1c7090b8a091a6b1249e1824b9e252389089cad

                  SHA512

                  da7a05a67a7674ea23585970f6086943b1f0b1d944b62b5f056fc552078fd1fd42a58a7ef947b2ca05565459e6e8161c4c7d4f5df625e34a1ffade2972190e1b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  d93006e7c22452bc1a4120e5226e4fa4

                  SHA1

                  774f0e4b2440dc477f90b08716d87272a56084ed

                  SHA256

                  a851f65f4f0dc4c073fc4e50b0cbba49bb6f8fb8195556bc6ed99efc93f9c10c

                  SHA512

                  da779cafd9c76e8895d379111f42b1f3556ed54c04e4438e2e5c5ee39ba6c206ad2c6da4c59bd5326c28cdc4ed58e6309a6712eeb873b9473d66be299c4f8753

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  66e576127a9fd344ec0375333108d0cf

                  SHA1

                  84c80961e081f26413e5a20d1f0acc5a89b9f5af

                  SHA256

                  2db17b714cfe9ee1fb4f7ba2599039512a9275c29d023522335e4effaad55546

                  SHA512

                  1752a2fec38638e4138ce142a263457780b0a81d8a97b61636e01da18a1901e77e7962a8da4c94b765a09b931b33b2932815ea343eb1517fc164bd53dda127b8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  108b97b1ff7efbdb1aecce96d55ff2e5

                  SHA1

                  bb72b2e0c3d859fe5e821632307a32df331b55e1

                  SHA256

                  c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

                  SHA512

                  e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  36KB

                  MD5

                  7d5c519f129f62441f68f9ee2ab8e020

                  SHA1

                  f8a93f4dd708215a2574fb48cdeb58d1a21a25c6

                  SHA256

                  65d02caf906a81ddb22e193ab8449f4da602d50e6fa82c4c01d5aec2005e6912

                  SHA512

                  693aa63c43835592bf2c21c1cfa57096c383809f6e7b1e9fbf7e244a5b0439d4778e30a3db5ca95581a7d12f6c95aa42b3c0583fcc82a90155b2955c7ec35db8

                  Download Submit