Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://yakutaconsult...

windows10-2004-x64

1

Resubmissions

26-04-2023 11:29

230426-nlk3taag8s 1

26-04-2023 11:26

230426-njywwsgh79 6

Analysis

  • max time kernel
    63s
  • max time network
    67s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-04-2023 11:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://yakutaconsulting.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" http://yakutaconsulting.com
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" http://yakutaconsulting.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3336
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.0.1740205003\406539341" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d83e823-e163-4900-832f-f7e6dd8a9d3d} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 1916 21de9aeec58 gpu
        3⤵
          PID:1308
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.1.1733783845\1764764551" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce7b37b3-727b-4e5a-90ba-4adb6601b5be} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 2424 21ddcb72858 socket
          3⤵
            PID:1952
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.2.116175039\850995091" -childID 1 -isForBrowser -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7eec728e-d907-406b-b0ed-b3ec13606463} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 3280 21ded7f5758 tab
            3⤵
              PID:940
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.3.554940483\191558681" -childID 2 -isForBrowser -prefsHandle 3968 -prefMapHandle 3964 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b82cbfdc-4cec-4cc0-b311-9aebf7d033a5} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 3980 21ddcb62558 tab
              3⤵
                PID:2160
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.4.1963525086\1699214876" -childID 3 -isForBrowser -prefsHandle 4540 -prefMapHandle 4556 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a83319cc-be61-425b-bb7b-41248a2f2885} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 4584 21defaa5b58 tab
                3⤵
                  PID:1432
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.5.506173619\881955162" -childID 4 -isForBrowser -prefsHandle 5060 -prefMapHandle 5036 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d25da45-074f-41c7-9cde-be0f007e8f2e} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 5072 21df1798e58 tab
                  3⤵
                    PID:1444
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.6.936202033\360073072" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74ca35c1-71c2-494a-8aa9-8b3552cd970a} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 5176 21df1398b58 tab
                    3⤵
                      PID:396
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.7.159515623\329421737" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00dffd30-9c6c-4c72-b97e-848b6fc3a289} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 5364 21df139b858 tab
                      3⤵
                        PID:4056

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    140KB

                    MD5

                    96412b8feed5de9ce8a582476dfce608

                    SHA1

                    ab0807e9a36eaba24a7145c93a924311e0b85e22

                    SHA256

                    40463dd3deab6a20e65ba5d35c82ab9eff1ef9b54a7ba0e614faa3f1fc4da705

                    SHA512

                    fc11cb1d968d3ca1de963f2f9362812a8a84bd135f54d95901562e51b1a3000d3ed35237066a1b79f15137e6ac736408540d1c649c86354272012a59966a273c

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E
                    Filesize

                    14KB

                    MD5

                    6dd37d045dd8f384125b23d32a895420

                    SHA1

                    817c337f3f9935916bbf4eba11f66c47f82ac952

                    SHA256

                    f6fbdbd062b26662e94876d4ac83950931ac99ea67e80410d6c9a247565191df

                    SHA512

                    ab6533e32bbdae482a608b7cfe24320fd96a2b997834c391d7f3cfeecf59aff482e6fcb898d8166c0bc2f33547ce7661caf83a3d84b5b908a4b29878f25f1810

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    442KB

                    MD5

                    85430baed3398695717b0263807cf97c

                    SHA1

                    fffbee923cea216f50fce5d54219a188a5100f41

                    SHA256

                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                    SHA512

                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    8.0MB

                    MD5

                    a01c5ecd6108350ae23d2cddf0e77c17

                    SHA1

                    c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                    SHA256

                    345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                    SHA512

                    b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                    Filesize

                    997KB

                    MD5

                    fe3355639648c417e8307c6d051e3e37

                    SHA1

                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                    SHA256

                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                    SHA512

                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    3d33cdc0b3d281e67dd52e14435dd04f

                    SHA1

                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                    SHA256

                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                    SHA512

                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                    Filesize

                    479B

                    MD5

                    49ddb419d96dceb9069018535fb2e2fc

                    SHA1

                    62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                    SHA256

                    2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                    SHA512

                    48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                    Filesize

                    372B

                    MD5

                    8be33af717bb1b67fbd61c3f4b807e9e

                    SHA1

                    7cf17656d174d951957ff36810e874a134dd49e0

                    SHA256

                    e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                    SHA512

                    6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                    Filesize

                    11.8MB

                    MD5

                    33bf7b0439480effb9fb212efce87b13

                    SHA1

                    cee50f2745edc6dc291887b6075ca64d716f495a

                    SHA256

                    8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                    SHA512

                    d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                    Filesize

                    1KB

                    MD5

                    688bed3676d2104e7f17ae1cd2c59404

                    SHA1

                    952b2cdf783ac72fcb98338723e9afd38d47ad8e

                    SHA256

                    33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                    SHA512

                    7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                    Filesize

                    1KB

                    MD5

                    937326fead5fd401f6cca9118bd9ade9

                    SHA1

                    4526a57d4ae14ed29b37632c72aef3c408189d91

                    SHA256

                    68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                    SHA512

                    b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    d0701f4db874e0497c6873c8b61cb9fa

                    SHA1

                    2fbe0b3e77c08c46d2cb8a82b7678b48202cfa6f

                    SHA256

                    d74dd16fadd894dc15732fa590a2460ff1209f5a9fb4ee6d8e8bc694fe07ed52

                    SHA512

                    3d2dc3a25d96248d3ae97cb1a4fcd38bae49c43d18c82da7139b0528487c5673e8ec4a0f75ec15dbae859039a438792da8bf99a1a03ffda5b640268cebdf61b9

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                    Filesize

                    8KB

                    MD5

                    e87d189a73f1ea04b8dae699bd73cc8d

                    SHA1

                    4183b24a1751a3334b156512e6a0cb709b405d2e

                    SHA256

                    0a6f9ff4cde28aae2493c6f8b480839c6945fbc9fc283440ad50ea890f816201

                    SHA512

                    e969c9450ac57d6579ceb748e775ec5040ab6e7b539e3004baa224d5ce1ceb7f8037d98d5f0fff7853e4cda507433e78e7fba805bb98fb59534c5d778c4567cc

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                    Filesize

                    10KB

                    MD5

                    829c5922c4a84c17bd1cf8044bdf0954

                    SHA1

                    147edee42d72987f8c1b00a73554cf05f6bb3514

                    SHA256

                    c6909495da189fa91b8cf30de90da7d9d40be6feda05e934441420285adad93e

                    SHA512

                    f57368b8403df03ca143bc070926fdf64517bf5cc4ffaf60eab614b0b4a54848cc5c2ab6035b67567d7918e385353209210f631f766aedf7dabc013929f55f5d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    3bee9a9c0135595424a3b743a4da5a64

                    SHA1

                    6a178a5d91c6bfca3eafb745770194a84e95e38e

                    SHA256

                    c757d10a1e220a5d113efe36761c58ee7a8e3c7815e93ab69cc4ca6712f333b0

                    SHA512

                    0dcd5368a79f75a16d7c940f68bdf14c97e46b5ab28887e679151b64fdeed48258cd2e3a304d16912add6e41a2677cfc159a458c8fb94ad7951024a66e6c5f2e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    f73e52d124620d05267ba934f3b312d3

                    SHA1

                    34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30

                    SHA256

                    fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7

                    SHA512

                    4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    ded0024bd41bc27506baa63ca38b04ba

                    SHA1

                    3167e4a1debf710d89389e4ff05659c83e39509d

                    SHA256

                    383c6f22de2d6d20ff757d2b4d565e79a8cf00501fbf3d73b73cb6efbfd951fe

                    SHA512

                    75fff2456f282194ebc65e04f5b06f9bc37b6478f347769468b73144cfa8561896b23ea4edaa630f31320e3e07f41fb51a09afdcf6ec55897d08d7b92530e853

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    45cbd8d2b2d8a708d0c7cb2f73dd00b6

                    SHA1

                    7f3712048c43b03b3b44749942a1bb54e0cf375a

                    SHA256

                    41b8e48f52ceeab9c6359f94a6e71cc9f7b912d34f3768e68c9d42592aa7ddd8

                    SHA512

                    69222616777476de48c83c8b7c1718b58252baa48fb593bc5de6fa27e31730250485a82fda94665f1aad0773fb0a0fe0bf95870f0f7f8ed45315066c05597c6c

                    Download Submit