Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://t.co/JAV3LYA...

windows10-2004-x64

1

Analysis

  • max time kernel
    13s
  • max time network
    29s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/04/2023, 05:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://t.co/JAV3LYAbY0

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://t.co/JAV3LYAbY0
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4960
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://t.co/JAV3LYAbY0
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3444
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3444.0.1491316903\1991979331" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88cc42ca-b30d-4ac7-81b7-3af1c50721d4} 3444 "\\.\pipe\gecko-crash-server-pipe.3444" 1916 1dd5b716858 gpu
        3⤵
          PID:4208
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3444.1.1538367876\1578679851" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9b62e0b-b723-46fa-820e-ad253f41fba2} 3444 "\\.\pipe\gecko-crash-server-pipe.3444" 2424 1dd4d872558 socket
          3⤵
            PID:4956
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3444.2.610358737\839353199" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 3048 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d90124c5-5f4a-4ce0-aa73-a0ca6f5b0f70} 3444 "\\.\pipe\gecko-crash-server-pipe.3444" 3116 1dd5a694058 tab
            3⤵
              PID:2316
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3444.3.1511748697\299170453" -childID 2 -isForBrowser -prefsHandle 3984 -prefMapHandle 3980 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e915f0f-25be-4b24-9ee3-92e6fb7db260} 3444 "\\.\pipe\gecko-crash-server-pipe.3444" 3996 1dd4d85df58 tab
              3⤵
                PID:2052
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3444.4.891620366\354472939" -childID 3 -isForBrowser -prefsHandle 4580 -prefMapHandle 4576 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ae525ff-c03e-4c35-8127-2e1abf4b8780} 3444 "\\.\pipe\gecko-crash-server-pipe.3444" 4588 1dd5eb0e858 tab
                3⤵
                  PID:3684
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3444.6.997959847\989036724" -childID 5 -isForBrowser -prefsHandle 5044 -prefMapHandle 5048 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16bbd8cc-847f-492d-b7a9-b2a69a1f5022} 3444 "\\.\pipe\gecko-crash-server-pipe.3444" 4936 1dd607ee858 tab
                  3⤵
                    PID:4276
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3444.5.1841097902\1678248522" -childID 4 -isForBrowser -prefsHandle 4872 -prefMapHandle 4868 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81cdc6a9-a5d1-47e5-b77b-8961adbc6452} 3444 "\\.\pipe\gecko-crash-server-pipe.3444" 4780 1dd60d19758 tab
                    3⤵
                      PID:1356
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3444.7.1818446652\1944701647" -childID 6 -isForBrowser -prefsHandle 5476 -prefMapHandle 5436 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f098c7d4-d3d2-4978-bff4-121345590ce0} 3444 "\\.\pipe\gecko-crash-server-pipe.3444" 5460 1dd5e5c8858 tab
                      3⤵
                        PID:1692
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3444.8.1514577696\1866017029" -childID 7 -isForBrowser -prefsHandle 5588 -prefMapHandle 3184 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {789d2bb4-782f-4af7-985a-ac863812c811} 3444 "\\.\pipe\gecko-crash-server-pipe.3444" 5728 1dd61bd4858 tab
                        3⤵
                          PID:2188
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3444.9.1051594302\416011621" -childID 8 -isForBrowser -prefsHandle 5968 -prefMapHandle 5892 -prefsLen 26851 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1783a4e3-28a0-470e-ad0d-e47cd6a6c1c3} 3444 "\\.\pipe\gecko-crash-server-pipe.3444" 5980 1dd61b7b958 tab
                          3⤵
                            PID:3572
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3444.10.151527299\1245958028" -parentBuildID 20221007134813 -prefsHandle 6000 -prefMapHandle 3096 -prefsLen 26851 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e183f45-5582-47eb-9ea0-58140de67600} 3444 "\\.\pipe\gecko-crash-server-pipe.3444" 5916 1dd61b7aa58 rdd
                            3⤵
                              PID:5040
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3444.11.535571433\1456131294" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4820 -prefMapHandle 4824 -prefsLen 26851 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3223db3b-2972-440e-b638-89a83c4d1f71} 3444 "\\.\pipe\gecko-crash-server-pipe.3444" 6148 1dd61f2d658 utility
                              3⤵
                                PID:796

                          Network

                          MITRE ATT&CK Enterprise v6

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
                            Filesize

                            144KB

                            MD5

                            a4f25dac6383c74f558959b08f708590

                            SHA1

                            ac82fb529a4134ebdd666449b1941959f8dba4d4

                            SHA256

                            3ccd78dd239e408323f00551e7193f439ae5ee1630261b2caa88f2b316d3414d

                            SHA512

                            5d9d42dfc9a7f8444f8e6f48aeb9f6760501c159613b7a26d0076828feece6d9fc771ed209d560d933ca174b7ceb9617fdc554a778b44cde0cf4ef9b490bce2a

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            e656f7800ae00a6f38ad62ff5d44b06a

                            SHA1

                            39b95978101394bdf4b795fa5ef655a0424d6776

                            SHA256

                            f416d48a3bfe82e77cd7eae67bf5c9a4c29297d780f1739b3cf0662e2a86afd3

                            SHA512

                            cfb49c0be5f2144c1cfd1d40088ca1cd084c0240dc76acc2faddbf06c5d84173d92504491a244ad38c18e2c822d88aeb0ccd11e94f39866094bad0707c38bd83

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            4c3a7177fd126398365a458449bc27e0

                            SHA1

                            8b7970aefa405ccd4a499fd0c6ae782013cdb54a

                            SHA256

                            92078852a64123110263b87d271a0cf2e42841a41cb74a488e7a97330f9a4c2a

                            SHA512

                            80d1deb3d73c00fe514eaadcd9f2ea5f7b8d8e3c60c8e0be5fdf037d1df7955727d02ed737e21a0c0563d2a9360efde8235100d8c5c86412da37c92ca973be46

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            feb8a52858c8167a58f36caa1b37f116

                            SHA1

                            7ae7f9d2721ae3c579f9e18e4fea679e8c848158

                            SHA256

                            adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

                            SHA512

                            109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            1KB

                            MD5

                            e2c3ee879e19394cb6000acbca780c28

                            SHA1

                            2d726036837b4fa29aa44d40eabb2f2a401ccbfd

                            SHA256

                            6b5b53f441bba6a7eaed087d6e968ea98892037d3b7a4f4b93523466b0f748e4

                            SHA512

                            3a84cfa8a1fde42f8506bfbdd1ddc4ccb2b4461828ac8211fec043aec09cbdf3b057c8b6a184d57c16504a9d6787d3db89f7119c499d4909744c722ea6cc38d6

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            28KB

                            MD5

                            a85fbb15987c180192405c04270387a0

                            SHA1

                            5d2bfaf9847fb471b71573c5ac2621f677b83706

                            SHA256

                            e7f910a5c8a88ef00c2e8e04f155b63c9cf652dc7dd1b4d7e5244b8e369291fc

                            SHA512

                            631cb5f70edffa7aa94557bf72d47733db646a1fc08ed8a1d0c8b29fac7d565092d3fc7f54ed1a59fe851df5b7bd67036f4051d9e718a536684b174d84b180b1

                            Download Submit