Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://www.dropbox....

windows10-2004-x64

6

Analysis

  • max time kernel
    65s
  • max time network
    68s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/04/2023, 15:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.dropbox.com/scl/fi/np98zps7401bhwiaaebto/Jean-Denis-DUPENLOUP-has-shared-a-Document-for-your-review.paper?dl=0&rlkey=pzwi8h2ev6gx21y50ugqecop3

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.dropbox.com/scl/fi/np98zps7401bhwiaaebto/Jean-Denis-DUPENLOUP-has-shared-a-Document-for-your-review.paper?dl=0&rlkey=pzwi8h2ev6gx21y50ugqecop3
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1008
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.dropbox.com/scl/fi/np98zps7401bhwiaaebto/Jean-Denis-DUPENLOUP-has-shared-a-Document-for-your-review.paper?dl=0&rlkey=pzwi8h2ev6gx21y50ugqecop3
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3612
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.0.1852096800\1705188205" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41dcb203-daf1-4412-adf0-706fb5790645} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 1916 166b36e2358 gpu
        3⤵
          PID:4736
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.1.1362729767\1974199742" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e9043f2-66c2-48be-82fc-b014397a198f} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 2424 166a6779858 socket
          3⤵
            PID:1500
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.2.856747926\1473353707" -childID 1 -isForBrowser -prefsHandle 3232 -prefMapHandle 3060 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {390b2406-8f0b-4d72-a8e0-b8fc7b20ded6} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 3028 166b75e4958 tab
            3⤵
              PID:2060
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.3.1570674798\1582440949" -childID 2 -isForBrowser -prefsHandle 4040 -prefMapHandle 4036 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c15e22bb-a20d-41c8-bf35-81e8c722006e} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 4052 166a6769b58 tab
              3⤵
                PID:3516
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.6.524478406\1218706262" -childID 5 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd54465f-47f9-4b83-b10d-23cbe2d11619} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 5060 166b9bea458 tab
                3⤵
                  PID:1460
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.5.1620111751\2034672491" -childID 4 -isForBrowser -prefsHandle 4888 -prefMapHandle 4892 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a41da3bb-d88c-4339-94d3-0b3994e99c5a} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 4880 166b9bea158 tab
                  3⤵
                    PID:4108
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.4.1307711023\429467140" -childID 3 -isForBrowser -prefsHandle 4728 -prefMapHandle 4700 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a4896eb-c64d-4e72-80bc-3e75c39436b0} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 4752 166b9be9b58 tab
                    3⤵
                      PID:2800
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.7.257462736\608814848" -childID 6 -isForBrowser -prefsHandle 5796 -prefMapHandle 5768 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eeef2069-ed50-464c-972e-5a73ea2f468c} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 5816 166bb557558 tab
                      3⤵
                        PID:4488
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.8.664286007\991732831" -childID 7 -isForBrowser -prefsHandle 3324 -prefMapHandle 3320 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d5d4429-b0df-4a31-a365-b76963742688} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 3148 166a6764f58 tab
                        3⤵
                          PID:4432
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.9.293527711\530844506" -childID 8 -isForBrowser -prefsHandle 5604 -prefMapHandle 4760 -prefsLen 27116 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3f8b1dc-3e98-4ddd-b283-f4ea55339234} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 4596 166b97ac958 tab
                          3⤵
                            PID:2124

                      Network

                            MITRE ATT&CK Enterprise v6

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp
                              Filesize

                              145KB

                              MD5

                              94a3159c8bdf34e0d9d9d4bb933484ea

                              SHA1

                              1850196a14c1730ee2e191abb9a9032b89508ba7

                              SHA256

                              30792e28e3bc31ac113339dd31cb2800d7d55ac22f935c2be0c0287ba861f329

                              SHA512

                              c834c07b25c5ddf53635b3a3c697474c658bdfb402c7638ad7dc7761b322538fbb77987dd9ffa6806762bda9bd9c1b4014482c5e44cf3fc23d66f257d579296a

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\17798
                              Filesize

                              94KB

                              MD5

                              d0bd1546444a589ebbfb845d3abee521

                              SHA1

                              6cad2c9f2ed23b0b0fabe85a7c77ab665f995b83

                              SHA256

                              4c35b6989d6e380ecf774a7918c065cffe5bb6a291f51e23c0b2e4fbb7eae1d0

                              SHA512

                              46e282feec56bea0fa22b54873f1a1d3d44cf1b314cb0a0bcf1561b28349fde7e7579f37e5ce690346287082bf907ba6eece2a1759ff30cde2f5c60b2d9a5ee2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\doomed\3536
                              Filesize

                              84KB

                              MD5

                              1e45429bc26f444edd4dfd08f06b6c70

                              SHA1

                              df7f8d708aec9fe671554f1dc74a8b36e05d3ee0

                              SHA256

                              bf919a7da15fbe380ca5197680f94644461f41ed66eb32cc2daac31ffeb233cb

                              SHA512

                              4e830a85cab5c27ae55f76c61747ec3d1d7652d0b5d0f0bbfe96ae7563384cd4bc93b82dbd1d0ea96650a46620d92f00b13f62f4c7bd33a622d3b0ad16eddf5a

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\33B1FF14D787705E26ABD81BA35BD30464535237
                              Filesize

                              85KB

                              MD5

                              0ae88f3c62957d60696e090b0bc60a49

                              SHA1

                              2e723dfe37a2d23523915eb218c71ab5e7f4bf1c

                              SHA256

                              d627cde5557ff2dbc821552aa8bd6e68d2f4ff4526fe3b074602395f81fd035c

                              SHA512

                              219ffe3b3c98bbdbc4ea2f967748e626efd9756bf106094558167fbe3f6558dc3f1ea437b721baa5996dc4be1986250890a234d9599aebc63b0413fcbe439d5f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\DDED900D5174BC5C0694E37F224F63ED20F822BB
                              Filesize

                              92KB

                              MD5

                              4ba2789d895256387e7dc464f3988d88

                              SHA1

                              85cc8d2a007b1d1c922b199fe8abba19e8ac8cb9

                              SHA256

                              e96d0fab61932c0230f4b74be56547ef3f47bfecb7f5386cb1d62793be7863e1

                              SHA512

                              b2200faa0ac0d459ec4d6e6bce2708c97dc3654b1e909cb7496430d141f4a03526a810aee2c14493fd24b05f5b9a2dbfbd2e866527a185c132faaf72bf755758

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              66edb6e8c219087b46e88a3542fee9cc

                              SHA1

                              134aa801a4a5e880afa855d9d2520dda7b95886b

                              SHA256

                              4325f3939ae01a0eb065922aca3aaa31f5149407669a8c25e8b45a36b7fa9a11

                              SHA512

                              17e26c2de297a25ec4d8e71321be00f1befba877c135a6497dd09c3cccd1576bdb129ffd4314de33443a6d4efe69da3cbd13094a8170f5696a98f30e9469b94a

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                              Filesize

                              7KB

                              MD5

                              6734d3ecaf5eaabd28975bed3ed3d896

                              SHA1

                              b58786688111b087112c7464c23d968c2372472f

                              SHA256

                              9b82f303dca3b319caa30f55b2e2078a923320dffe6711eb92d1bf421746c8fc

                              SHA512

                              69f29c43f44617e10c994069cafe5beaffbc744f37642fafc1ffc2079d74ba942e60d79adea95597477387759aa0f8f9d0571e4721510587abd2a4fca6b45b5f

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                              Filesize

                              7KB

                              MD5

                              bc5cc50146f210c0a7dd9d26aff279f0

                              SHA1

                              fca6dcafd3ea704d805d552841cfe295190b4573

                              SHA256

                              c2ed905920f41c5680c51e325fb24b75b1637b59c5b8a8b82662260f6818cb86

                              SHA512

                              402d8a73dcf86a1ec957ebb43fd62771ab625ecbda9c3332ce587ebb989a2d63cefc3fbb8e7ef42846a9cdc55f3a15707ab159e6b06c8ddd6f4c0d3f682c94c2

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              44533d0b893614bf26df36dd480cbcf9

                              SHA1

                              a419440c79387f871b924bc33626e8790e1a62f4

                              SHA256

                              4018d44d78bceb63d311879d05e14eda906039e080b1442fb3df0fcf15d4b1cb

                              SHA512

                              8b73e6f2d2c58327dfc7adc1c89b625ccad952aca5e6716a630de8041cc9b2687d16b53c2c3ccfc6c34d93e7fc2ae75e1aa6a38a78c7cd9ca8b9fe74b8521a72

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js
                              Filesize

                              6KB

                              MD5

                              1984b45f201f1fd79d2154406648433b

                              SHA1

                              42f082dc6d4d43333688690bf4dfa7c7f8b618ab

                              SHA256

                              000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9

                              SHA512

                              e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              7KB

                              MD5

                              78504b74bfa84ab9287feeb0d74f27a7

                              SHA1

                              fca226c67c323c64718ef3058fbfa15800f623d6

                              SHA256

                              b04be579016505a043572d01ef17a411fec82995968a4e432e4c0e1c46c9dfce

                              SHA512

                              e7d56cec66d3d32bedf2b4240b2b2f14b13aacdf4dd133586c69fa33005af3940c3389ad1994f4568d85ecfe45f656a17a25e4f29bbf0f80308e7008de7ccbaa

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\storage\default\https+++www.dropbox.com\idb\2243825010udneus.sqlite
                              Filesize

                              48KB

                              MD5

                              67d7b82aaf06064c7a77683fd0d59a09

                              SHA1

                              143e274e96c3362a4c7cb462b47eaa5fb3c1042b

                              SHA256

                              d035e2f2155f1142b3fbcdb6f080101addbad0cef352af1157a17de2493ad74f

                              SHA512

                              2d12f9f1c87df462fa05209943c3714a60970eaaf6d88a963e1cbd23c019a338ebeeac6a86822b7604b83a445a41d583c2760f31066a6990effa222900f28ed7

                              Download Submit