Analysis

  • max time kernel
    17s
  • max time network
    20s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-06-2023 09:43

General

  • Target

    https://ipfs.io/ipfs/QmSyDbR2nuBPKW6WqLXxE5ShWXBuytHfyPQv6qcZLVdCkF#fuck

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://ipfs.io/ipfs/QmSyDbR2nuBPKW6WqLXxE5ShWXBuytHfyPQv6qcZLVdCkF#fuck
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3576
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://ipfs.io/ipfs/QmSyDbR2nuBPKW6WqLXxE5ShWXBuytHfyPQv6qcZLVdCkF#fuck
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4388
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.0.572665097\1233169657" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38d4a787-d634-43bd-807f-0b0884b4ac7a} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 1932 1eb4bde3058 gpu
        3⤵
          PID:3384
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.1.1526808825\1784290663" -parentBuildID 20221007134813 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65ebdaf1-496b-48f0-b299-0b1c0387187c} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 2440 1eb3ef73858 socket
          3⤵
            PID:4788
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.2.1891444219\559510074" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 2924 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9bec9fb-84d3-4f6e-b14e-a811479cfaf0} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 3084 1eb4fcf0658 tab
            3⤵
              PID:1212
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.3.224290234\2025922390" -childID 2 -isForBrowser -prefsHandle 4056 -prefMapHandle 4052 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fe9682f-3b09-4520-839d-6b6db368f982} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 4068 1eb3ef6f858 tab
              3⤵
                PID:3372
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.5.82020418\1483630587" -childID 4 -isForBrowser -prefsHandle 4968 -prefMapHandle 4964 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c1e84f9-bca3-4398-888b-71b85b41d3e5} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 4980 1eb5107bf58 tab
                3⤵
                  PID:2460
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.6.1239013968\627561918" -childID 5 -isForBrowser -prefsHandle 5152 -prefMapHandle 4980 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8373f0b2-536d-4257-bd42-8053bc8eb60e} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 5064 1eb52475d58 tab
                  3⤵
                    PID:2508
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.4.1694306728\1260038150" -childID 3 -isForBrowser -prefsHandle 4692 -prefMapHandle 4524 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cd027f0-2d2e-4dcd-840a-fc6563f27a55} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 4728 1eb3ef61158 tab
                    3⤵
                      PID:4676
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.7.1885968724\2028133042" -childID 6 -isForBrowser -prefsHandle 5444 -prefMapHandle 5564 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b556efb-7d59-4f3e-a3e9-0dccd46ab811} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 5576 1eb53428f58 tab
                      3⤵
                        PID:4960

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp

                    Filesize

                    133KB

                    MD5

                    ff15a3b0f41ab54a9cd895e1e0ad4f08

                    SHA1

                    42b604472b3008f464e326e665bcdacf701b2741

                    SHA256

                    77b7ef4dc4f6ad0ffd34b73756a7ba0e0bd75c0fca30c870fda7d8f8fd8d1f31

                    SHA512

                    4471b213d10a18be08acbb377329739138cd2c74f9012a6ed23d074c507e26000d38e9e7a9e879ee1b5094e87931271d3f7a4d65027dbd0d449bcbd63e55d7df

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

                    Filesize

                    6KB

                    MD5

                    18c1f65bb045a360292834bc1c14a6c1

                    SHA1

                    50e8dee3d9ea8c7d530f38bbab4c98e942022b24

                    SHA256

                    22c63c3436458d243c86f20e985e7b4e9e5a412d7cb3ccaff455a35c064533b1

                    SHA512

                    0a1f0b8fee9a6591f3163dc3b8f72ce9854d9c3f0d941c079469bb27e6c93fc2a6eb7eda617bff58efba93902b48a6244de68841425cf79008e5beee2758e0b2

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js

                    Filesize

                    6KB

                    MD5

                    1984b45f201f1fd79d2154406648433b

                    SHA1

                    42f082dc6d4d43333688690bf4dfa7c7f8b618ab

                    SHA256

                    000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9

                    SHA512

                    e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc