Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://fromsmash.co...

windows10-2004-x64

1

Analysis

  • max time kernel
    48s
  • max time network
    50s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/04/2023, 21:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://fromsmash.com/Synapse-Softworks

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://fromsmash.com/Synapse-Softworks
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://fromsmash.com/Synapse-Softworks
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4120
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4120.0.487015646\1069069171" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0a20f45-fd77-4072-833a-840ca5d37563} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" 1916 1ffaef0c558 gpu
        3⤵
          PID:4768
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4120.1.1526202353\1977578728" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ade694eb-2cca-4540-b382-e1e0e13169f1} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" 2424 1ffa0f72858 socket
          3⤵
            PID:2056
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4120.2.1687352853\2042063570" -childID 1 -isForBrowser -prefsHandle 1660 -prefMapHandle 3248 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32326ea5-519d-41e2-b3eb-ccfe5735cf21} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" 3220 1ffade94f58 tab
            3⤵
              PID:980
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4120.3.237798292\994196281" -childID 2 -isForBrowser -prefsHandle 3824 -prefMapHandle 3828 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa6a777d-aeba-49b2-898f-fcb36242e755} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" 3908 1ffa0f61358 tab
              3⤵
                PID:3932
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4120.6.1530023227\169793752" -childID 5 -isForBrowser -prefsHandle 5100 -prefMapHandle 5104 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a15f013-2d24-48fc-89a9-2158f7a5ca32} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" 4888 1ffb3dfb858 tab
                3⤵
                  PID:4824
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4120.5.483047753\1817037079" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 4988 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca6e1f8c-7329-434e-9a7e-f370ffd1648f} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" 4760 1ffb3df9458 tab
                  3⤵
                    PID:4732
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4120.4.234150736\842956711" -childID 3 -isForBrowser -prefsHandle 4724 -prefMapHandle 4720 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80b26ddd-7d2e-4d14-98b7-968a9db1a620} 4120 "\\.\pipe\gecko-crash-server-pipe.4120" 4744 1ffb3dfbb58 tab
                    3⤵
                      PID:1524

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  145KB

                  MD5

                  65a02f8d9cb814e38c9667ef45af82d0

                  SHA1

                  e874278809d7c35bc369fd62f246c2fb618ef8c3

                  SHA256

                  01921c9d2f0ef1128b2fab965dfe27922cbd627a3381cff003a05a5e751ad9a7

                  SHA512

                  d4e7629c1d936f34a5e040de61d06ee2a254e8ee15cf68030d928bc42d678f4c94fb90fe561245aceb08f63b5e9ad53194ac1bd8e8df43281d7c7eeb1e765026

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  c7b045962e83f50fa9800ecd3a2a6eb3

                  SHA1

                  31b79fff48a14c56b858636aee99280469d3f4ad

                  SHA256

                  963862e4e46c1d2111d3dcea6b8cdf8a031c819674a660548c175b31279613ac

                  SHA512

                  08b40d014f692680f365eeafe77fd0e3d8b6824cd0959ceed7b1e341e0960eb53a1f6bdc0920d59c6344a18c82c79d9a061705e193f5d9fd4f0d688d839e7adc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  9ad4e26facac0961900d30ec137013d8

                  SHA1

                  b31fc8952e68d719c33c72d37d1f0dd3077d2f6c

                  SHA256

                  0dd8e8175cfdfc29aef30dbf454bb3b51519180dd1997b95fa6e86c105d1ccdb

                  SHA512

                  9126b70213c2233dcd6a5416977f10ff36ba7aa33fbb1ef43e10b26ed4881a13b0223b65c8a284acdb65d91d6e80bde2b9a7f179975d247a98dbf227abde1525

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  278a96d340be02d5d77e850269f78c8c

                  SHA1

                  787888b411e393d480487e07851b362977824afc

                  SHA256

                  4bb4073334f17f111dca88646076871a9997dde46cc49ff60fe3b9fdf7527d62

                  SHA512

                  04ebb401ac6d4a58eb2ba8cb06422ca065f0be92055d6fac8ea1713583464473e0c02e5b0343058afe9fb51342cb98ca67b05b028d73d18e4379ab7830113870

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  feb8a52858c8167a58f36caa1b37f116

                  SHA1

                  7ae7f9d2721ae3c579f9e18e4fea679e8c848158

                  SHA256

                  adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

                  SHA512

                  109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  16KB

                  MD5

                  d50564b62aafbbec2a6146b628161cd9

                  SHA1

                  e384447b9bc651ecd7c39f59475f6cf7a25ace9d

                  SHA256

                  0323fd761f45dcc633af4994dd38b50fe65ea3eb8e75b5456cf7a6fb7a39efa2

                  SHA512

                  67a23827809548b1a6bc5770914386db5469f667958de878c52db309a4f255aef1770e6d7d3c112ce1aecc6724fe6b28226515581a387769df91ec1e2f087cef

                  Download Submit