Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.gamesgx....

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/05/2023, 16:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.gamesgx.net/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.gamesgx.net/
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.gamesgx.net/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1212
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.0.253209954\13638700" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5e034c0-8859-4530-aae4-9e32c3b117ca} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 1916 1bc30aece58 gpu
        3⤵
          PID:1124
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.1.404913104\1693605032" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99c791e5-32aa-4d06-96f4-4183fe38700a} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 2424 1bc23b72858 socket
          3⤵
            PID:228
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.2.1839748127\803802185" -childID 1 -isForBrowser -prefsHandle 3060 -prefMapHandle 3372 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4c668dc-0330-4714-b82b-8dbd19e38577} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 3280 1bc347f4a58 tab
            3⤵
              PID:1596
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.3.861587001\1295918008" -childID 2 -isForBrowser -prefsHandle 4068 -prefMapHandle 4064 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22453d1e-b5f8-44b4-bf26-d8fb41bdf52c} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 4080 1bc35f60258 tab
              3⤵
                PID:3000
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.4.108167795\1647269260" -childID 3 -isForBrowser -prefsHandle 4848 -prefMapHandle 4872 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8910cf67-21a1-4231-b11e-691cc24ddc85} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 4820 1bc37574a58 tab
                3⤵
                  PID:4276
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.5.569292277\489580513" -childID 4 -isForBrowser -prefsHandle 4960 -prefMapHandle 4964 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4654b755-6b85-4aac-93d1-0ee90b3061d2} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 4952 1bc37574d58 tab
                  3⤵
                    PID:944
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1212.6.751272869\1457104282" -childID 5 -isForBrowser -prefsHandle 4840 -prefMapHandle 5036 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7ef5108-2a1a-4b63-a571-aeabefa26313} 1212 "\\.\pipe\gecko-crash-server-pipe.1212" 5136 1bc37573558 tab
                    3⤵
                      PID:4068

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  157KB

                  MD5

                  9093b7ad449653a1d7401c3ffff0dbb0

                  SHA1

                  44b0e48e49df50d7d17b69f989236978cb36c67d

                  SHA256

                  6c898b685300579bf9be54685357cf244f41bcc718b01009d7946028f733c39c

                  SHA512

                  38e2efcf5744f10b8b7186712ed3fa2daafaeffeaa70b31de4ca6179bd58163a3d5c77c1c2fab22b72b0241ba02daf2130986782e79060aaf8a86fb867b15f64

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\2927
                  Filesize

                  42KB

                  MD5

                  6d1b52fe507e485147e12b3edd1f2c0f

                  SHA1

                  b982aa52295b816f190b649d398eed38104b09f4

                  SHA256

                  5f2f51c4483614686f29b0463a80315dcc1a50563a9adc8e61996c8c746969be

                  SHA512

                  309e83eafb93099c73bcef832cbd6fd82286f8f46af537783f979bce0a132e53027858568be81ce01600913f17832c29a92d9a476137a32092283639644699cd

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\2F97B8199CA26DAB32E661BE05F4048BE9EDE2BF
                  Filesize

                  54KB

                  MD5

                  2a80f5526974735d8b4bc179dc5abf90

                  SHA1

                  4c345a68469fd103ad563e9de83363152196d8ae

                  SHA256

                  4dd07292108ad4326656a7bb95b19e4e54f5c98094db1647c002183bc0877473

                  SHA512

                  f7e91fd6ae83fa1ad5d9a88961e5de03a5142f67e05ac7389f455c69848e55b1661322726c23f41810eb5843bc49e70e638efdad2f22aac859976282c66cdc91

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  c4490f0dbe0a3830da7745448cab231e

                  SHA1

                  e6e8c7ca7d8722807e22556312101306eae71916

                  SHA256

                  cd2294ea65b92524676afbe0cb09920e936aa709af19b4c54eecdb719b498eb8

                  SHA512

                  d2f6c461c3a9cc40052829b99f648e1824413acf20847aa7732759bf1553c7076492d0444ccaa629c36467bbbb39f9445bb3a8eca41eb3ae061ed85f1011e288

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  6e80a1bcb7524aab68bc971e374ddc73

                  SHA1

                  13082e07d2af62b3142383171ff8fd0822eccd5d

                  SHA256

                  bb4b4e0d80f4e41e62b8efc567f134e5f6c2beb95fd115c1c978b3573fe817c5

                  SHA512

                  7e4b62cffe0d9ae40ab835a2a5d4ebeed841484307de18d1d8e78616f08fb082a01c3bb4784863ef04457298df0345f4959d6a63caf6227ff0feba4453505716

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  7373fc6470aa9ef96881956adea4d43f

                  SHA1

                  918658687549c21ca030e988a1db1bb29b2779e5

                  SHA256

                  4d0ae8efb775fc542ad6a4f48efe67814ebdb5fe9abf258c098ed2ca3a6be49a

                  SHA512

                  b60722a164e96a9ee1846bdd067ff46429155d827227e292aa1fc9ba792d5765a78df55c64bcd4721ea33261fa5ee7104648011d3c35a0859031d8e9b95d930b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  82bbb0e224b28ef99546a024e6bce563

                  SHA1

                  92c986f057c33f041a35a16bc93bc834db1ec460

                  SHA256

                  568736c7cfef339741b42e5b36c297a4df37271dff02091d9ae2306fbb2c44fe

                  SHA512

                  81b871d2eb0358aa46630ab63872c261cc8854af231be1f6dac827ce4f3cad24031c2464bcd215f9fcf6b6747b35218bd30de8c37bf96484e4ff573f3cd84d3f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  f73e52d124620d05267ba934f3b312d3

                  SHA1

                  34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30

                  SHA256

                  fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7

                  SHA512

                  4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  2KB

                  MD5

                  e3217aaea8eae7b1bf4ab87613d36dcd

                  SHA1

                  6ca081233e08cc0b5074de74afb94967596bb883

                  SHA256

                  61b1504fcbd8a13442b6ebb0575516a0bb55dd5185025443726de86b5a87c583

                  SHA512

                  259fa24360e03fb0ab14637e842283d267454b337ff3a1918bcba837b681431796d82167eb8502f0fb569bc650fdca206852474a2b383d069bbe257a69f7e042

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  2KB

                  MD5

                  cdd8aa6d843968675bc7d8aabebd92c8

                  SHA1

                  5e6bcaadf3bfae3abc0760875e8c140e8b573841

                  SHA256

                  38dc53f5826a6fd8b02dc0dfc31560e09aae43d903cf2d5b27159680a9c09f8a

                  SHA512

                  ee2e1611af3a097db36d9c738d3efcce85e40c664a6d9b51052f03ff9be791ed9b9757d38ab9c024072572d90747eb7cdb4ac4c566851037ac8b6939048b47da

                  Download Submit