Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://idcs-994c736...

windows10-2004-x64

1

Analysis

  • max time kernel
    22s
  • max time network
    25s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/05/2023, 14:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://idcs-994c7364b70a4245a00c3ae6e53cc0c2.identity.oraclecloud.com/ui/v1/signin

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://idcs-994c7364b70a4245a00c3ae6e53cc0c2.identity.oraclecloud.com/ui/v1/signin
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4444
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://idcs-994c7364b70a4245a00c3ae6e53cc0c2.identity.oraclecloud.com/ui/v1/signin
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4584
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.0.270431276\104792536" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98998f6a-ba92-4e1a-bda8-8e321dcff95f} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 1916 24a35718958 gpu
        3⤵
          PID:3976
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.1.1530043257\412580367" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab48287b-27ed-485c-92de-902fb5588689} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 2424 24a27772558 socket
          3⤵
            PID:4172
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.2.1062080052\1329551399" -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 3152 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79556555-2c28-4b3f-9397-6327b909d810} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 3124 24a3840c858 tab
            3⤵
              PID:4672
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.3.928044163\775845867" -childID 2 -isForBrowser -prefsHandle 3952 -prefMapHandle 3948 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7124943a-166c-4a2b-a1a1-7ae55c09b972} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 3964 24a27762258 tab
              3⤵
                PID:4404
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.4.466505495\1975710336" -childID 3 -isForBrowser -prefsHandle 4692 -prefMapHandle 4684 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cbd73e7-b3ad-43a6-9fcd-4f381574e925} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4708 24a3827c658 tab
                3⤵
                  PID:644
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.5.2123697741\2121956965" -childID 4 -isForBrowser -prefsHandle 4904 -prefMapHandle 4900 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c889141c-15e2-4816-ad9d-acb96fb76067} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4912 24a3827ba58 tab
                  3⤵
                    PID:4972
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.6.1577163919\1684323313" -childID 5 -isForBrowser -prefsHandle 4552 -prefMapHandle 4932 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aadb3a69-b650-44e0-aa73-94083c53ae5a} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4804 24a3827bd58 tab
                    3⤵
                      PID:4952

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  156KB

                  MD5

                  43225c586e6c3abee6d545d343f4edfe

                  SHA1

                  b4b06a147b545dcf9d41fd7df11e6345eebaf22b

                  SHA256

                  a5c758e4fd5b3cf3dad461f37aa3fafe90fa3135fe9f3d8c1307f9fc56cb8eff

                  SHA512

                  90d0b616bc3056533bf532202a305619083331d2b6071aa095435e071917966545c04f714743a0e953f0e1327f23c83cd38b3e346333037fc4ae9e193aac8145

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  79d7ec2f606d9ece79da5c30c84b0b26

                  SHA1

                  2393857a5e8582a6ae5e305ff0b2a06b66ba9eb0

                  SHA256

                  f950450b130eed19401382231b955ab3a72f90b836615119f16214b2465fee7c

                  SHA512

                  b56616b97bdd8b6c8b652e6d7d82b67e1985cdb31239cbeafd3000f4c7580d288c3c6fc91cee59338152f45c381056e8a1295b60a265b60e7288729dc1b616f0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  1c94fa9e2c8b9b8c4b943d6d75e7301f

                  SHA1

                  aaffd21b887a065c79d053c1fb6740a067bc53a1

                  SHA256

                  a38a50c6acc653dc5256daf8ee3fb8c04668db474fc1900cae68019a1af1f4e6

                  SHA512

                  1e875ffe196213114b5a27e0849e5556045f3e0b2f87697396e4e0aa7f9b4d7ecfb5049a56c3ab1d69187dc81b9f390e920f3bb11a6cda22d766a6d94af035ba

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  feb8a52858c8167a58f36caa1b37f116

                  SHA1

                  7ae7f9d2721ae3c579f9e18e4fea679e8c848158

                  SHA256

                  adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

                  SHA512

                  109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  70KB

                  MD5

                  4110db202b838a9e03abaede28a66165

                  SHA1

                  19d0db101c226f431e772fce331b5c4845beb40c

                  SHA256

                  d611a9376da647db90a7f0f6e9575d4996e7f63a962d788cc4c241188c1de6f0

                  SHA512

                  1a2ba899cf3446112bc9c2a5288490cf37f9823b2306800b721a4b4321ed57ade83c3dcba337b9cc331c4b58c8191eeb4b9d483c301495755dd72e27dbb9c233

                  Download Submit