Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://jf27z.app.go...

windows10-2004-x64

1

Analysis

  • max time kernel
    16s
  • max time network
    19s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/05/2023, 18:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://jf27z.app.goo.gl/3kgnBUmYUgGgpoX39

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://jf27z.app.goo.gl/3kgnBUmYUgGgpoX39
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1260
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://jf27z.app.goo.gl/3kgnBUmYUgGgpoX39
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3280
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3280.0.2141696637\975777526" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f12efd2-6d59-4f76-9725-ab8ae144e26c} 3280 "\\.\pipe\gecko-crash-server-pipe.3280" 1936 24ae81fa758 gpu
        3⤵
          PID:3688
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3280.1.1074340282\900015457" -parentBuildID 20221007134813 -prefsHandle 2428 -prefMapHandle 2416 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b8456cb-c196-476f-81d5-bb34275e34ae} 3280 "\\.\pipe\gecko-crash-server-pipe.3280" 2440 24adb271f58 socket
          3⤵
            PID:3568
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3280.2.408486994\1969852029" -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 2944 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0ad9cec-9151-4729-ac6a-7b9aece8e329} 3280 "\\.\pipe\gecko-crash-server-pipe.3280" 3064 24ae817c358 tab
            3⤵
              PID:5004
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3280.3.888184980\2009902636" -childID 2 -isForBrowser -prefsHandle 4036 -prefMapHandle 4032 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74e7ebe0-8a66-47e5-bf75-7e44fd39cc15} 3280 "\\.\pipe\gecko-crash-server-pipe.3280" 4048 24aed628b58 tab
              3⤵
                PID:4012
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3280.6.678225611\968907281" -childID 5 -isForBrowser -prefsHandle 4996 -prefMapHandle 5000 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {165d3ca6-42e9-4fbd-97e5-91ce7caebc68} 3280 "\\.\pipe\gecko-crash-server-pipe.3280" 4988 24aee455e58 tab
                3⤵
                  PID:1328
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3280.5.1844302936\151934138" -childID 4 -isForBrowser -prefsHandle 4748 -prefMapHandle 4752 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba9dfc1f-400f-4c66-8f18-2b6ef2581e7e} 3280 "\\.\pipe\gecko-crash-server-pipe.3280" 4840 24aee452b58 tab
                  3⤵
                    PID:2840
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3280.4.588169171\732293223" -childID 3 -isForBrowser -prefsHandle 4568 -prefMapHandle 4168 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5db57cf7-70ce-4c2e-b1b8-08cadb2f0485} 3280 "\\.\pipe\gecko-crash-server-pipe.3280" 3936 24aee373258 tab
                    3⤵
                      PID:5072
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3280.7.1205054899\1707717379" -childID 6 -isForBrowser -prefsHandle 3288 -prefMapHandle 3328 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a342d07-8a05-4048-9ad8-c49ea486359b} 3280 "\\.\pipe\gecko-crash-server-pipe.3280" 3352 24aee671258 tab
                      3⤵
                        PID:3872

                  Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          153KB

                          MD5

                          8cd8d4969e45f8f78e2e3ad259649c11

                          SHA1

                          50f9fbc14fa03067f6d1be1e23994a3c3c333205

                          SHA256

                          7b8a43acd491b3b6ba8447c94a7eaf83d10e25b17027ba908f798fcf9c21e216

                          SHA512

                          a2c622ad7b964599b1dcd3bf68b1acc5ea9640ed04c73def0ab6350fef86a3a1c423757c3431bfa8ece52ca746a6673db3149f526b36a9325b17cf9736ffdb2a

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          7d312b07474c5aa0a89f009b1f2e0969

                          SHA1

                          3b98e738f82795caff3c1aa176751558504b9547

                          SHA256

                          8f6611fef55c0877e86b0d2f516f94d72c629c2a64b31564b1bf448ec25a29c0

                          SHA512

                          ce3a3c74dc22b101c563b63651af5b287b4d96b413f14c69b2b2036d32e176ca16ad5463c65e941ffa2ebc44aa28536c1f7bce24692df33c4a0a898547c92e05

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          1984b45f201f1fd79d2154406648433b

                          SHA1

                          42f082dc6d4d43333688690bf4dfa7c7f8b618ab

                          SHA256

                          000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9

                          SHA512

                          e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc

                          Download Submit