Overview

overview

1

Static

static

1

URLScan

urlscan

http://a.academia-as...

windows10-1703-x64

1

http://a.academia-as...

windows10-2004-x64

1

Analysis

  • max time kernel
    18s
  • max time network
    18s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-es
  • resource tags

    arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    03-05-2023 18:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://a.academia-assets.com/images/emails/inky/Academia.Logo.Shadow.png

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" http://a.academia-assets.com/images/emails/inky/Academia.Logo.Shadow.png
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4188
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" http://a.academia-assets.com/images/emails/inky/Academia.Logo.Shadow.png
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4540
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.0.1991473462\124084673" -parentBuildID 20221007134813 -prefsHandle 1624 -prefMapHandle 1608 -prefsLen 20810 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20c08a63-343c-42d8-9f47-6a7d7a347358} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1716 16cddfa7258 gpu
        3⤵
          PID:4504
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.1.152681304\1426963752" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21671 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09f7f5aa-3d5e-4385-a160-2982ea9aace9} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 2168 16cdce10758 socket
          3⤵
            PID:3120
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.2.407983061\2030936208" -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2940 -prefsLen 21754 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {645855c1-365f-43d1-a8e4-7477e71a75ba} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 2808 16ce0e18858 tab
            3⤵
              PID:4452
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.3.330135506\1734865995" -childID 2 -isForBrowser -prefsHandle 3672 -prefMapHandle 3668 -prefsLen 26484 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28aef0bd-b0a5-49c4-907e-d2b003268f01} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 3680 16ce1d33a58 tab
              3⤵
                PID:4772
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.6.776337207\99569074" -childID 5 -isForBrowser -prefsHandle 4936 -prefMapHandle 4708 -prefsLen 26718 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b2946b8-3be2-4acb-bd4d-61c04b3ab27c} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 5044 16ce3192d58 tab
                3⤵
                  PID:1696
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.5.258392474\647049389" -childID 4 -isForBrowser -prefsHandle 4800 -prefMapHandle 4796 -prefsLen 26718 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91728c6f-5e55-4121-918e-c14647711420} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 4708 16ce3191558 tab
                  3⤵
                    PID:1604
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.4.1656988087\82743535" -childID 3 -isForBrowser -prefsHandle 4788 -prefMapHandle 4784 -prefsLen 26718 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b22a0bf0-43b4-4e14-8222-1903a636c1c5} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 4692 16ce3191258 tab
                    3⤵
                      PID:1700

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oqpbz544.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  151KB

                  MD5

                  e0fed202f442a44c9ec52b33fd42b726

                  SHA1

                  770e3339e19e980d42c60afae23e52ea185d01ee

                  SHA256

                  bf5238f20335034bcf3241420a262a849b42fd07e6a29a4ef2a338eb273a986a

                  SHA512

                  adeed9cf3860f5a65a317444b641cb79d1f995b9951815ed866e3fb7e0757c463cc617db7f1cdf42c1274ad4e2408eb3ef51b2a46e438afc89df29fb305227a5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  cdb5a91b7898f75f98e448e80b41dba6

                  SHA1

                  c749651f98e32a2320d2e52fd467fd6217660535

                  SHA256

                  ed56bd19352777293cf7195af0fe1412d52e25af6a9a8e2bb04e3e32056556dc

                  SHA512

                  b99bca03a398f7e068691852106fe03a90489d1e8230720749c25703e59874765ef706e9e27c9215251372efee84d9c9d0eb636a54e45035d5d2095304fee97b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  bdeb075204e9fc219621b8de9e8d2a56

                  SHA1

                  88571b3073c9dbbceb4ecbb29a9600bfa264245d

                  SHA256

                  4ba399c68a3f9bfea37fa7d824050b31e0b6d1f44ba03486b5e828ba9e19fec0

                  SHA512

                  f1627bd89bd1b75323642586762c430655f9278700452b06a0ef81dd16a3325ed0ccb6b6a97bc02d8605caa1d02cd07bbef8752ae899f08a22fcec2a522f46cd

                  Download Submit