Overview

overview

8

Static

static

8

URLScan

urlscan

1

https://recursing-th...

windows10-1703-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24-05-2023 14:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://[email protected]
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4076
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://[email protected]
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:500
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="500.0.1253252988\1618059384" -parentBuildID 20221007134813 -prefsHandle 1636 -prefMapHandle 1628 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {847409a1-4f99-493e-9f4f-c4cf5d4dd2b7} 500 "\\.\pipe\gecko-crash-server-pipe.500" 1716 1eda22a5758 gpu
        3⤵
          PID:3908
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="500.1.1908303124\1165422126" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21749 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77c303fc-d08b-4103-9cba-5f75ede6775a} 500 "\\.\pipe\gecko-crash-server-pipe.500" 2168 1eda100e258 socket
          3⤵
            PID:4200
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="500.2.1452142241\748449310" -childID 1 -isForBrowser -prefsHandle 2784 -prefMapHandle 2844 -prefsLen 21832 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f80e24f-3550-474f-b517-4da35cdb457b} 500 "\\.\pipe\gecko-crash-server-pipe.500" 2828 1eda5138b58 tab
            3⤵
              PID:4640
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="500.3.1507308230\1269728820" -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b751bffd-96d9-4b25-8afc-2484639934ba} 500 "\\.\pipe\gecko-crash-server-pipe.500" 3684 1eda52dcc58 tab
              3⤵
                PID:4532
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="500.4.1066425696\289563073" -childID 3 -isForBrowser -prefsHandle 4612 -prefMapHandle 4556 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5063dbb0-f876-471d-84a3-d5aed4432683} 500 "\\.\pipe\gecko-crash-server-pipe.500" 4632 1eda76cc358 tab
                3⤵
                  PID:1224
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="500.5.846561484\1632875140" -childID 4 -isForBrowser -prefsHandle 4772 -prefMapHandle 4776 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {130d7106-7663-4b5d-b851-74313cdc0c8d} 500 "\\.\pipe\gecko-crash-server-pipe.500" 4644 1eda76cde58 tab
                  3⤵
                    PID:1816
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="500.6.1094708204\2043169210" -childID 5 -isForBrowser -prefsHandle 4640 -prefMapHandle 4684 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d128c9a-cbdc-4860-8360-74e379d29cbf} 500 "\\.\pipe\gecko-crash-server-pipe.500" 4984 1eda7961758 tab
                    3⤵
                      PID:2476

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  147KB

                  MD5

                  970ad66bbfad2a8b153bc83593bf54a9

                  SHA1

                  06c8c2c845f58a963d73b96561156daf1762cf3f

                  SHA256

                  fdcaef6aeafeadd79507d70c63ef3c223cbc3893569016d27fd1ceb7822ff2cb

                  SHA512

                  cb9fb0de76d78c25f54c5c982aea06c3c1eaff49a685899527d9222e583dd522d3fa53a0fa7553f74c421bb059e40ba38f2849d39c008e6e07a2d2fae78e4c42

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  c205c8a6591363331cd60c7286ad4ac1

                  SHA1

                  7d4c89374e88116484984f5d0b5df0d59aa63ecf

                  SHA256

                  81db871d08aa9e5a991e6e04e462d416753cb92830860bca520d0c73d69b07c0

                  SHA512

                  fd09bd9b7d42c6bfa6e508c071d0a67caba2437ceb56e0088cbf72e85690619ba9e7a81f2bc9956405a93210e2c46b8ec4bbf5aa7341f382457a5926ab9cd7c9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  7d9ec7a5f6701efed35ed562c4367b7d

                  SHA1

                  9d1eb1edb3f0d336160201a93830b972dac08d7e

                  SHA256

                  a2900a745d2d93d87983cba4713d2175dce8aed4d41a03ed1274bf81fdeaac11

                  SHA512

                  f8c524c89bc85f76a30bd30a3a9ace9d3c7507797a3986881c7412d216898d7b587135eb5933422a2a295dabc718942fefce93438ad35440741119b4767ee8ed

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  ecd3cf6a238245b578669b44f90cd822

                  SHA1

                  ad69a37494217b5898ef7575b47bcc3d54b784be

                  SHA256

                  a7327d18374fa8fe5a4f0e08dfd14dbfeb041357b9c627d59fbc3f15bc308e43

                  SHA512

                  f167952efaf3e3c853ed50832461b79119f9d0848e2bbaeef9c53db80f9fb0a1c68c185a2d5a096fdb94bb709ce9b2a1b09351192027501a284eadda76ea56e6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  643cd63a8abcd7eab522adb4d02ae609

                  SHA1

                  942172af5063027de9d7cf192afdb4bda2d525f9

                  SHA256

                  1986ca783bab9b41c6b6318739e11fb4f3e0dbf96656597c947f7300985b2060

                  SHA512

                  9622b7aaf84f8dfe272987e0c76ced9ddf9588fd51838e32b71a81129fbc5ce77c1180439887dac3cd37c4964a0fc180f1a0026eb2eb8f31584abb38e65e14f4

                  Download Submit