Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://sites.google...

windows10-2004-x64

6

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2023, 21:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://sites.google.com/view/rljonesinscom/home

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://sites.google.com/view/rljonesinscom/home
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3688
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://sites.google.com/view/rljonesinscom/home
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1880
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1880.0.1696948840\617757440" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8141332-6690-49ad-b382-13e600fbc3c2} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" 1900 253257a5858 gpu
        3⤵
          PID:1680
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1880.1.383950256\2028818264" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8afb8fc3-c720-4f15-ac93-8f63950ce799} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" 2408 25317770758 socket
          3⤵
            PID:1164
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1880.2.1898851428\975225392" -childID 1 -isForBrowser -prefsHandle 3044 -prefMapHandle 3036 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ced298c3-f0ba-4ec3-ac00-2c0fb7e42221} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" 2780 25328510458 tab
            3⤵
              PID:2652
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1880.3.936962654\778242844" -childID 2 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62e7973a-ff6b-4925-90c5-68126dd2b3cb} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" 4000 25317767258 tab
              3⤵
                PID:3792
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1880.4.1825649338\532342980" -childID 3 -isForBrowser -prefsHandle 4928 -prefMapHandle 4924 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {207a0ee6-61b4-45e5-b17f-44d466017f58} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" 4940 2532bb6d558 tab
                3⤵
                  PID:4424
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1880.6.997731147\1193926810" -childID 5 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54eaa622-a1f3-4d04-ac43-84af668f0d19} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" 5384 2532c017a58 tab
                  3⤵
                    PID:3336
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1880.5.155764092\33559823" -childID 4 -isForBrowser -prefsHandle 5240 -prefMapHandle 5236 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8424b324-7321-49d6-830a-3bc6143f59c5} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" 5248 2532c017158 tab
                    3⤵
                      PID:3796
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1880.7.1911551133\490934062" -childID 6 -isForBrowser -prefsHandle 5664 -prefMapHandle 5600 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19c2090d-0c9e-436a-8021-7680e6c792d6} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" 5652 2532c018058 tab
                      3⤵
                        PID:3556
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1880.8.683922038\1702280557" -parentBuildID 20221007134813 -prefsHandle 5868 -prefMapHandle 5864 -prefsLen 26913 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e343bb11-a242-4307-8bac-4f4fa85d355c} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" 5880 25329934558 rdd
                        3⤵
                          PID:1560
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1880.9.875212933\1664529827" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3860 -prefMapHandle 2928 -prefsLen 26913 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c01dd1cb-1d82-4914-838f-d1b6fdfdec06} 1880 "\\.\pipe\gecko-crash-server-pipe.1880" 4428 2531775b258 utility
                          3⤵
                            PID:4156

                      Network

                            MITRE ATT&CK Enterprise v6

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp
                              Filesize

                              150KB

                              MD5

                              cad00ec318b515f3a3b4b16b79a87480

                              SHA1

                              c57c8afdf2ea99546672f4f0ddbef264d5b06161

                              SHA256

                              23e380dd9cc506ddb9805d00419422b5dad5b858c3c3550217e4d2d34be7de2a

                              SHA512

                              e48b3bc021f0c013d693994c6bcde04709a6d1e1c9001585c6e83a517c46cd512058b2c50962d12d7b582228da7dfc8683480d0a33c01c26eb06b5a0dc28eb23

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E
                              Filesize

                              14KB

                              MD5

                              a958982220e242a9e1264ceef419a696

                              SHA1

                              ed95641ea72056028dea1108a7debf11d0b3b6db

                              SHA256

                              0498333d79e54a9a898fbeb54ea57497ce529e00b4b97b7fb460de48c54ae3a6

                              SHA512

                              5d8e368e0e702e29c83f11b6744961a07a42a97cfbda8303b268fb1468060eaacc6de3f53cf87a34b82528397091ab42cc127fa27987047fb229275eaf635d74

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                              Filesize

                              442KB

                              MD5

                              85430baed3398695717b0263807cf97c

                              SHA1

                              fffbee923cea216f50fce5d54219a188a5100f41

                              SHA256

                              a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                              SHA512

                              06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                              Filesize

                              8.0MB

                              MD5

                              a01c5ecd6108350ae23d2cddf0e77c17

                              SHA1

                              c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                              SHA256

                              345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                              SHA512

                              b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                              Filesize

                              997KB

                              MD5

                              fe3355639648c417e8307c6d051e3e37

                              SHA1

                              f54602d4b4778da21bc97c7238fc66aa68c8ee34

                              SHA256

                              1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                              SHA512

                              8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                              Filesize

                              116B

                              MD5

                              3d33cdc0b3d281e67dd52e14435dd04f

                              SHA1

                              4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                              SHA256

                              f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                              SHA512

                              a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                              Filesize

                              479B

                              MD5

                              49ddb419d96dceb9069018535fb2e2fc

                              SHA1

                              62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                              SHA256

                              2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                              SHA512

                              48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                              Filesize

                              372B

                              MD5

                              8be33af717bb1b67fbd61c3f4b807e9e

                              SHA1

                              7cf17656d174d951957ff36810e874a134dd49e0

                              SHA256

                              e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                              SHA512

                              6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                              Filesize

                              11.8MB

                              MD5

                              33bf7b0439480effb9fb212efce87b13

                              SHA1

                              cee50f2745edc6dc291887b6075ca64d716f495a

                              SHA256

                              8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                              SHA512

                              d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                              Filesize

                              1KB

                              MD5

                              688bed3676d2104e7f17ae1cd2c59404

                              SHA1

                              952b2cdf783ac72fcb98338723e9afd38d47ad8e

                              SHA256

                              33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                              SHA512

                              7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                              Filesize

                              1KB

                              MD5

                              937326fead5fd401f6cca9118bd9ade9

                              SHA1

                              4526a57d4ae14ed29b37632c72aef3c408189d91

                              SHA256

                              68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                              SHA512

                              b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              f2501137abc4330d9af4b036b9f673bb

                              SHA1

                              fce653d7733df1d996ab00c371c3368a1029dda8

                              SHA256

                              795ab17602a8dc849c6dd1923d2935ed983308e37cad0c10869d112537002dea

                              SHA512

                              73c7674042129b3d80933e628fb8c75568727aad97a3c8aae4fa2e54c00e514e4c3bd9afc83755131fa73248d5a25aa1e76167454bfafe1d1fbcf7d40d91d637

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              7607371f39fa2492fcbebba4359ab1a0

                              SHA1

                              e5baab13ea2f8c0b19baa3fe9f6aec6027fc2446

                              SHA256

                              e8db84b154f4faa160ff52e066b1764beb250dee9fa5f5f2244633da6d8635a3

                              SHA512

                              0ad16297043eadc16e76ed581f54fbc13eca06a9e014d933d067e8f2365e69828eb703735265cd162698e95d6a0faceeac24e6016a1ab7722b64e216a00c3b42

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                              Filesize

                              7KB

                              MD5

                              500390e3013b6a28fbdaa75400fba2fe

                              SHA1

                              64c32cbed05345d6ec98117ea41ef6af32b8433d

                              SHA256

                              c027a13086ad0d69fe09900a8ec7f79810cce1c3a1e26a5b2840f65041316c33

                              SHA512

                              f0ce3f72c53ec8fd35b197527a5f2d66f289e5229e59232f93adb1820baa20cf2c8f5ed22ecbc81597621fb01cd2442d09a7832a63ebe5e3e3811ef50fb5f172

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                              Filesize

                              10KB

                              MD5

                              ca1d8cc81bbdbf4fa150598e5c50b8f3

                              SHA1

                              360f47fc4653a0d70efaf2b16daa963b8a2d7a91

                              SHA256

                              c6ee5682b1809fdda4f0945dd820c9a275488392dc74298c397947a7bb4246e8

                              SHA512

                              e35126b398f72be05350aa866802b92a3ee0fa8db79647dc8d91fee0714dd19b550f4fb429293dbeb2f11ec3a1a7420b89390c937d81c55a4c3690ed714e2b48

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                              Filesize

                              8KB

                              MD5

                              23887b3ad2b3953690818ef29bafc5d7

                              SHA1

                              51458ed2c5eff224b08092bb447a256a1814fbb7

                              SHA256

                              e7aeabd8b61728cdf940b85067e572713495d34cd6ce079e3c8df7d471af320e

                              SHA512

                              70331382fa3e24a8e07758b19d7d32526729d9b6fe821c86dcffce6f9d9b575a13ccaeb2f03a53f30d80596f9df2cdf78f672d62698e87616bb65f09fa32b5d1

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js
                              Filesize

                              6KB

                              MD5

                              207077fed406e49d74fa19116d2712aa

                              SHA1

                              3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

                              SHA256

                              b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

                              SHA512

                              0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              5KB

                              MD5

                              322411d0e031f4efe50a67d78a272fb1

                              SHA1

                              2346b7c4958d73c29e5957c6b24b567634ac2a1a

                              SHA256

                              a1405eac618f4e3722ff488c77219899fd0af2ea15244e8d960a6e7685041c62

                              SHA512

                              e061d6a04a3d5c0098295fa8aee8148e2a6987d0f34de38fe4db4476b5e734ebf387e45948b1fee663c4ee133d56fa1213c4c38e1ddf41dccf6eeb7c96a0a756

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              5KB

                              MD5

                              ef332a4f767f96ed03896d091f3710c2

                              SHA1

                              9988b19c0facbe0d3b1f7bbacbc1adb24ede844a

                              SHA256

                              0ba5f8e7a0125a7286d78f27544e0e49e308bcf4db7ab507bf561b5cd40561d9

                              SHA512

                              5cb60122cfcbfd2e44f37deb8086d8a98e0bbf826b54d1b5f7556ec799d1fbd4b9273a4a3ac5fc628b3bd6e648cb69bed9c06a9c9da115887d4d67c6a460110c

                              Download Submit