Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://gloriousscan...

windows10-1703-x64

1

Analysis

  • max time kernel
    30s
  • max time network
    32s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    05-05-2023 02:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gloriousscan.com/projeto/sss-rank-lone-summoner/capitulo-1/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://gloriousscan.com/projeto/sss-rank-lone-summoner/capitulo-1/
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1012
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://gloriousscan.com/projeto/sss-rank-lone-summoner/capitulo-1/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4144
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.0.1081220288\149784981" -parentBuildID 20221007134813 -prefsHandle 1652 -prefMapHandle 1632 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b1db1e9-c880-4b28-90b2-65f5007ec3d2} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 1728 2d0cb319858 gpu
        3⤵
          PID:2124
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.1.747023387\583881279" -parentBuildID 20221007134813 -prefsHandle 2168 -prefMapHandle 2164 -prefsLen 21749 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d51646df-9cb4-4d00-8d05-6a4d28fe015b} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 2180 2d0ca0ed558 socket
          3⤵
            PID:2008
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.2.321016944\1891834358" -childID 1 -isForBrowser -prefsHandle 2748 -prefMapHandle 2776 -prefsLen 21897 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef4fbee5-5b80-4cb8-b3e1-bc35fb90b407} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 2908 2d0ce216258 tab
            3⤵
              PID:3740
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.3.471195728\1088380329" -childID 2 -isForBrowser -prefsHandle 3632 -prefMapHandle 3628 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26ae0db4-f9e4-41b2-ab98-28452360ef49} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 2212 2d0cf1ebb58 tab
              3⤵
                PID:4696
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.4.621867536\1456523723" -childID 3 -isForBrowser -prefsHandle 4684 -prefMapHandle 4672 -prefsLen 26702 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c37e9808-8b01-41ea-adc2-d6d57fb36325} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 4700 2d0d11e7158 tab
                3⤵
                  PID:688
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.5.1589959949\2008951169" -childID 4 -isForBrowser -prefsHandle 4708 -prefMapHandle 4828 -prefsLen 26702 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8abda056-4a2e-4fb4-980c-276ed68132a5} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 4720 2d0d11e8f58 tab
                  3⤵
                    PID:652
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4144.6.720823080\1007169031" -childID 5 -isForBrowser -prefsHandle 5040 -prefMapHandle 4632 -prefsLen 26702 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c299494-6d37-4f13-b196-1d0a7ce414c8} 4144 "\\.\pipe\gecko-crash-server-pipe.4144" 5116 2d0d11e9558 tab
                    3⤵
                      PID:4052

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\evlzgz75.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  146KB

                  MD5

                  c98724c9124f78de4610ba2aff88bbe5

                  SHA1

                  ef231547ef84d34551c133c0d38c63c9637f99f4

                  SHA256

                  c6e9d7045b9adad478ce6b18bfb94ab3ed9be73399744eab62aed28d55807b8f

                  SHA512

                  bf02613267f954a428777fede711e746ef0b2bbd22186ec129a4b7ec8b1303957fbc21f16e53ced5edb0cb1542bb0803faa8d1652168fa8f5beebc33148ffc3c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  f843fc3b858888d342076c7199266348

                  SHA1

                  97dea7b7d8486f03cc085ef488fda80fe53515a0

                  SHA256

                  19b6e95d7e0e109333b648d994d42f1f8552467f8f43a4570f84dc5c5e2189a4

                  SHA512

                  9b25cfb2a279bda5827e7d4c3446c75cb5057e7a886e23b7f3eb44d3a2fbb04d19249ff423c821cc41ea7a6d8585fafb0b4f9ae8d54274883250c4a4a1c7c1f7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  fe069027df71d6fc89f79da26fd6caea

                  SHA1

                  eaff6f43173e7462f36aa5ea7a8a2ee279d75c2e

                  SHA256

                  450d6107e7e54a50510457b812c90d1870edb85af7ebcc6d61021f5b2d2a3c33

                  SHA512

                  80a08e00fc70cc8bf0ee1c888cf780b66387f3391424f364a9869ba9158e7980101516450b76170cca80c1b694d936cabe90bc3b5be276bdaf9a987c2bbb8798

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  13f4ea7224417985aabae4a2f59fc2ba

                  SHA1

                  2d20752d98ce84d37a69d349d2c008e302748b59

                  SHA256

                  929688d666a67a627252819b523a1a80c92a092a94b155728b8ae603ec370c4f

                  SHA512

                  0cf9e68368fff17491537a97f62cd1dc0ac9d1d7330cb2ad3f3e252ad973097fd53e416c70e9c0abb7a5cf97ac92e58f364fa96c47c95c071df71aca94dd8501

                  Download Submit