Overview

overview

7

Static

static

1

URLScan

urlscan

1

https://tributario-c...

windows10-1703-x64

1

https://tributario-c...

windows7-x64

1

https://tributario-c...

windows10-2004-x64

7

Analysis

  • max time kernel
    600s
  • max time network
    597s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2023 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://tributario-cpfdl7hweq-rj.a.run.app/622354/FFADJLWE6Y02KDQE35IIPNBC2895DA/Factura55276391*3.

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://tributario-cpfdl7hweq-rj.a.run.app/622354/FFADJLWE6Y02KDQE35IIPNBC2895DA/Factura55276391*3.
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://tributario-cpfdl7hweq-rj.a.run.app/622354/FFADJLWE6Y02KDQE35IIPNBC2895DA/Factura55276391*3.
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1416
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.0.1662798245\1319640014" -parentBuildID 20221007134813 -prefsHandle 1196 -prefMapHandle 1188 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {076ffb78-64d1-4a49-82d2-38e4bfd5d1ce} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 1260 13ca9a58 gpu
        3⤵
          PID:1924
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.1.1629578413\898050826" -parentBuildID 20221007134813 -prefsHandle 1464 -prefMapHandle 1460 -prefsLen 21751 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15008004-83de-4190-8f60-e65d9e67ce5b} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 1476 e73d58 socket
          3⤵
            PID:360
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.2.876059055\642935054" -childID 1 -isForBrowser -prefsHandle 1924 -prefMapHandle 2204 -prefsLen 21834 -prefMapSize 232675 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb0d91a0-bdcf-45f8-9fa4-18192774db80} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 2076 1a0bcb58 tab
            3⤵
              PID:1756
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.3.1037011154\1485173238" -childID 2 -isForBrowser -prefsHandle 2764 -prefMapHandle 2760 -prefsLen 26564 -prefMapSize 232675 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dda5640e-a280-499b-8ccf-8f099a737836} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 2776 1c24de58 tab
              3⤵
                PID:1760
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.4.1927188389\1240354731" -childID 3 -isForBrowser -prefsHandle 3328 -prefMapHandle 3332 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05be6c81-49d2-40e0-8911-0c03d414f506} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 1076 1cf7e758 tab
                3⤵
                  PID:2324
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.5.549527323\1531326653" -childID 4 -isForBrowser -prefsHandle 2756 -prefMapHandle 3168 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4230bb1d-2942-4804-8cef-c6a56bcbde3d} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 3416 1d6d9458 tab
                  3⤵
                    PID:2344
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.6.880149435\241733177" -childID 5 -isForBrowser -prefsHandle 3388 -prefMapHandle 3360 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c84948a2-f5ae-443e-a638-b011d7c17225} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 3520 1d6da058 tab
                    3⤵
                      PID:2360

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0fuzji1n.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  151KB

                  MD5

                  4a3c11ab06ec8e6c0cd895e84bb31db8

                  SHA1

                  2f2d0eb900c37956024fa4196616f373e503e6c0

                  SHA256

                  2bb9323dcd54065be55e2250567ed13890d9e76397ee4fade6ebeff7b93d5333

                  SHA512

                  a8ef76a5df079b08678839a461898b0a2b3a0bf984095c4ee6bc96a275ddc911ca5e8172412a8c2bbe94586323af6da2d6a473c4f5dc979b13d25152ff61bf36

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  5KB

                  MD5

                  156d1f92edaab6774b5638b4c4c4c458

                  SHA1

                  4cfd54f7b1a9413a436b834644ce4c56c130c378

                  SHA256

                  f4bbc86c2ad95190c8ffa6e8dc04d3c6e5ab7f1baddf1f4f8441fa4750e2dfcc

                  SHA512

                  29884e404cf8c30975a90d6cb07074ed82887c0f78cbfe17bb6195043de6b73f8b4a753ad2ff9d34b9d3903bc91a0fd163c9a6253aec709d705a61f270eab65a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0fuzji1n.default-release\addonStartup.json.lz4
                  Filesize

                  5KB

                  MD5

                  218a6ede36bf96da77cbec9b979bf215

                  SHA1

                  72a1d0af732a91ebd9344165a25831656aa5d647

                  SHA256

                  f37e929262aee0d3e467ededad98ca7c3c5585ae27e04df14943c48ddfec6082

                  SHA512

                  36604958489b3017ddd30505d997382def83c991f840caf90b331f04edbffd62f262560327848ef174f0feac6d984efa513acf28a852e913b796d7abd21988e2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0fuzji1n.default-release\bookmarkbackups\bookmarks-2023-05-23_11_+VTfik08W1oaiBamWqYCwA==.jsonlz4
                  Filesize

                  939B

                  MD5

                  500dc6ee00ec0bd1263ceb3d1a356ecd

                  SHA1

                  5eed3060b8f7c1c56d87f0c8725f0312c1739761

                  SHA256

                  3707c4b644ab1e7bbd74937c4ef758f5776c5a481a7c82975691ca4e2532700c

                  SHA512

                  fbff95729bb02401b440d0d25a6e39885a9c8f17ab0724b49db05a22cf9d7b72539860045d4677c2a192fafb8c17672567772f644625c6c38752ec26dbab1901

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0fuzji1n.default-release\broadcast-listeners.json
                  Filesize

                  204B

                  MD5

                  72c95709e1a3b27919e13d28bbe8e8a2

                  SHA1

                  00892decbee63d627057730bfc0c6a4f13099ee4

                  SHA256

                  9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                  SHA512

                  613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0fuzji1n.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  024c6fe18df82522164511c697474338

                  SHA1

                  152f2037990159375f4846bec398c223ac5e6ba0

                  SHA256

                  2bf01fd3c6c1e12236d23ad9d41fc04528bd1af72be08efb6ea097f4c8f64bb2

                  SHA512

                  071602ab881eef19d5369f88a8aaf0194f931c8a013088466c5b493f600a7ab914693899e37dd84e30e380b25c4faf674616ea09b76f89465cec406b5ffde225

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0fuzji1n.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  934B

                  MD5

                  c4f004ce1acf57bc66a255853865d541

                  SHA1

                  573b526925da515159e16e94fb3f68edf1e674e7

                  SHA256

                  c204283010b7b55e979d30fae78035cb3ff830451542aefb1fa4dac9016d103a

                  SHA512

                  7193a9474001fd1741a2f28243d5dca4936716bfbdd7092096c33d4f8ff89975c1941861a65ac2358bed633401f03416ff1b67f06b841d49bce077415c70996a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0fuzji1n.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  7ec31b0cf77ad91d89ba864b7e5e29ac

                  SHA1

                  b7a88594dcce7f0fe1cc9ae9362c58d1a16f1993

                  SHA256

                  38ce562826eb2c710ae62b9d0549e85da8b68bf11118b37d98df11a0696849d5

                  SHA512

                  6571d2a2d570d6e78e2b36667dbc20f53ff7b9f5f431f557aa1d1ec0bb7456e3c884b402a898ed69db94da0a8f70125ed15f30067d673e64e4dd46187b140983

                  Download Submit