Overview

overview

7

Static

static

1

URLScan

urlscan

1

https://tributario-c...

windows10-1703-x64

1

https://tributario-c...

windows7-x64

1

https://tributario-c...

windows10-2004-x64

7

Analysis

  • max time kernel
    600s
  • max time network
    597s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23/05/2023, 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://tributario-cpfdl7hweq-rj.a.run.app/622354/FFADJLWE6Y02KDQE35IIPNBC2895DA/Factura55276391*3.

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://tributario-cpfdl7hweq-rj.a.run.app/622354/FFADJLWE6Y02KDQE35IIPNBC2895DA/Factura55276391*3.
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://tributario-cpfdl7hweq-rj.a.run.app/622354/FFADJLWE6Y02KDQE35IIPNBC2895DA/Factura55276391*3.
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2236
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.0.1833241848\922831680" -parentBuildID 20221007134813 -prefsHandle 1652 -prefMapHandle 1628 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7d5674d-d40d-4f28-8473-ca802e5f7fd9} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 1732 1e276717558 gpu
        3⤵
          PID:4408
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.1.1215517263\702718972" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 21749 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97c96363-4d21-4276-a6a7-211e6ceb70d0} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 2184 1e274a4a858 socket
          3⤵
            PID:3920
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.2.49918344\1278374606" -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3056 -prefsLen 21832 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a805304-cc1c-4ed7-b8f8-ac39c36209f0} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 3100 1e2794d2558 tab
            3⤵
              PID:4856
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.3.38056477\1476955539" -childID 2 -isForBrowser -prefsHandle 3848 -prefMapHandle 3844 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fde09039-646b-41ea-a5cd-200268450f09} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 3856 1e27ad70658 tab
              3⤵
                PID:4840
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.4.1035640820\550870824" -childID 3 -isForBrowser -prefsHandle 4424 -prefMapHandle 4384 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7be93d2b-9ff3-4593-b846-4e8814979d71} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 4408 1e27b938658 tab
                3⤵
                  PID:5116
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.6.672798800\2031668402" -childID 5 -isForBrowser -prefsHandle 4776 -prefMapHandle 4780 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66f30305-96d1-4a2f-ae38-bc4c6c35f418} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 4684 1e27bbeb258 tab
                  3⤵
                    PID:5092
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.5.1745570888\1270437112" -childID 4 -isForBrowser -prefsHandle 4588 -prefMapHandle 4664 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef7071aa-996b-4756-a549-a1aaa0382878} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 4580 1e27b939258 tab
                    3⤵
                      PID:4100
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.7.22069081\56926482" -childID 6 -isForBrowser -prefsHandle 3220 -prefMapHandle 3208 -prefsLen 27759 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f78da144-8942-4cb1-9186-05c41d9bfa15} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 3612 1e269f5e258 tab
                      3⤵
                        PID:3348

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    144KB

                    MD5

                    87e2fb50cc792d22312c916c8073afa4

                    SHA1

                    07e6963ca55504796c8f2f30a3c82ebc1d38dc13

                    SHA256

                    0b98db0977dfb470537a48705b137a640f2d26060b9c8f36e8ed0d99cb37e6cc

                    SHA512

                    a43208cce4b107353b615aee224ebc93c310773518a34e4a92744f6e30a4b466360eca87bfaa8b21e38a846fda437c2a09d2f94f421a90236e65954cbf184425

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    442KB

                    MD5

                    85430baed3398695717b0263807cf97c

                    SHA1

                    fffbee923cea216f50fce5d54219a188a5100f41

                    SHA256

                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                    SHA512

                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                    Filesize

                    5KB

                    MD5

                    5bf46bac316852bf98a2ed986305bf84

                    SHA1

                    934d57253ecce9a83b7e66c8b8da08687e1de476

                    SHA256

                    b783d36e2ddb7bdd97604e1c6d58df19d2badf9f24054aa62ca1f00878efcd66

                    SHA512

                    f05ccd95b8a5f35669745eb164c245a0a705da0317bde06b1cf2d574aa0b73decfacd743615601fa2a9cae0ce3225eda5115286bf65142b64a9542e822571544

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\addonStartup.json.lz4
                    Filesize

                    5KB

                    MD5

                    f250c684a241935c2794c30ae164ae52

                    SHA1

                    ea384bb1ba6744718b3bb8180800365d19887692

                    SHA256

                    ff08fca842608945bab874f225d809065a58d1eda82f37f80f727bff95bc00a7

                    SHA512

                    e16698db5705fb140ab0579c4ecbe51ba7fd2d494bf987c23bc5c46294e84749a3f1b43d0ef43fa75e7ce0d1b67ac3c22421717506be6fedb4dac49e2e7870ad

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\bookmarkbackups\bookmarks-2023-05-23_11_5lxkRdLxY4uLxvp7U9J81A==.jsonlz4
                    Filesize

                    947B

                    MD5

                    e264eae3ceb9c55e350502aa8ee34665

                    SHA1

                    3450193c413e6dc549de54f757f5543b71f72653

                    SHA256

                    76fbfb2797a9173c1d46538da15149c94fed5a20b8c1401a8064a5657336d452

                    SHA512

                    16dc15aceeadd602693c0f48f66f1de84e959f5faa58f1d8ef6e24c3bb763177e4078f5cf504a9542fdc08be20f0a5f134d4e63faf743af623cdf2843293826b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\broadcast-listeners.json
                    Filesize

                    204B

                    MD5

                    72c95709e1a3b27919e13d28bbe8e8a2

                    SHA1

                    00892decbee63d627057730bfc0c6a4f13099ee4

                    SHA256

                    9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                    SHA512

                    613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\cert9.db
                    Filesize

                    224KB

                    MD5

                    1dc67c6045dddf076deb72a78a77931e

                    SHA1

                    2295173960c6eccfdbf3e7e1b4a62df14bd7b988

                    SHA256

                    59d334d65475d87345d4c342ae5d84072678c676cfb8e68e0f55912cf115cebe

                    SHA512

                    c4e9fd7280f58dc393514e831e8d381a5e6c6238ae480d7a3d3713d6acc2164e789ca7fcb4f26d5f98bb29d925893f8853f066d5d59c5b4787e5b2c2df22e6e1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll
                    Filesize

                    997KB

                    MD5

                    fe3355639648c417e8307c6d051e3e37

                    SHA1

                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                    SHA256

                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                    SHA512

                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    3d33cdc0b3d281e67dd52e14435dd04f

                    SHA1

                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                    SHA256

                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                    SHA512

                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    c205c8a6591363331cd60c7286ad4ac1

                    SHA1

                    7d4c89374e88116484984f5d0b5df0d59aa63ecf

                    SHA256

                    81db871d08aa9e5a991e6e04e462d416753cb92830860bca520d0c73d69b07c0

                    SHA512

                    fd09bd9b7d42c6bfa6e508c071d0a67caba2437ceb56e0088cbf72e85690619ba9e7a81f2bc9956405a93210e2c46b8ec4bbf5aa7341f382457a5926ab9cd7c9

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    c12575ca632c9e5aec1d62607fb5df16

                    SHA1

                    78676d0fcc386f3203f9d5df0e0c5ebcb5b68ed3

                    SHA256

                    29ac6f178a9cd582d4ab6095c590cd3179e1f1d2eb611d7994d03c561f0b095e

                    SHA512

                    f6046046fbda96606813404b64c708af15be8be7ff21199225f7c30fcd2b1ae1144dc701ff8819c9e5fe86dd9ed0154864edc35a97646c383e4712c98ecadd33

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    0bd74c5487fa5f98e7e221ba034a62f8

                    SHA1

                    6d72fd6567fe9234a6274d18f9f12ebd249e694c

                    SHA256

                    6a2a5dae890e639f844ba576db71712a84d9dc0749bbed1405e118261d4ab230

                    SHA512

                    871cb37d4c1e01b4dfb0b60eda09c169064c08a31f9c6fb42db9c1491a89fdf139be887fa38d44d1047502235bac520efed24ab43efdd1cb3b6447b1f23ee30c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    184KB

                    MD5

                    643cd63a8abcd7eab522adb4d02ae609

                    SHA1

                    942172af5063027de9d7cf192afdb4bda2d525f9

                    SHA256

                    1986ca783bab9b41c6b6318739e11fb4f3e0dbf96656597c947f7300985b2060

                    SHA512

                    9622b7aaf84f8dfe272987e0c76ced9ddf9588fd51838e32b71a81129fbc5ce77c1180439887dac3cd37c4964a0fc180f1a0026eb2eb8f31584abb38e65e14f4

                    Download Submit