Overview

overview

1

Static

static

1

cb.html

windows7-x64

1

cb.html

windows10-2004-x64

1

Resubmissions

06/06/2023, 12:41

230606-pwr5jseb7y 1

06/06/2023, 12:38

230606-pvbfeaeb6z 1

Analysis

  • max time kernel
    72s
  • max time network
    74s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    06/06/2023, 12:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cb.html

  • Size

    134B

  • MD5

    afa7cdec7c7649151eb92b2126e24178

  • SHA1

    5d4a07b841839da350d82272313556b744d44a3f

  • SHA256

    844b100bce5dabec0254edbebf2fbd002774e4828f186b794fa86bd440f8ef9a

  • SHA512

    fcffd14656e97a49c26c2322171590f1d03b9a16937c14596ad9b01c8caf5d8cee63247e4a7357ee4eed6ddd460ce0c214785815941b7c916e91371d3cb7b7ca

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\cb.html
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\cb.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1940
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.0.1343579025\35606322" -parentBuildID 20221007134813 -prefsHandle 1192 -prefMapHandle 1184 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af77a181-28b8-4e92-ba0e-b461d6673094} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 1280 12ff3758 gpu
        3⤵
          PID:532
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.1.1471567126\1002570865" -parentBuildID 20221007134813 -prefsHandle 1480 -prefMapHandle 1476 -prefsLen 21751 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67338ac8-41e8-4eff-bbf5-8f9ccb1e8715} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 1492 e72858 socket
          3⤵
            PID:1132
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.2.2093370050\729526382" -childID 1 -isForBrowser -prefsHandle 1920 -prefMapHandle 1936 -prefsLen 21899 -prefMapSize 232675 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03d89404-f54a-4778-b2b7-886719a7ad8e} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 1816 1a6e0858 tab
            3⤵
              PID:1808
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.3.864924207\834287911" -childID 2 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 26564 -prefMapSize 232675 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {75913577-eb75-4fb7-af4c-c8e9e8830c87} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 2976 e61c58 tab
              3⤵
                PID:324
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.4.1571641529\588734508" -childID 3 -isForBrowser -prefsHandle 3540 -prefMapHandle 3000 -prefsLen 26798 -prefMapSize 232675 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ca08ef6-1d9f-41ea-a70e-47e14f6f7b17} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 3288 e68458 tab
                3⤵
                  PID:2404
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.6.1360278746\559321130" -childID 5 -isForBrowser -prefsHandle 3552 -prefMapHandle 3564 -prefsLen 26798 -prefMapSize 232675 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4aa373b-3286-46e0-8963-751cd7cf989a} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 3676 1d60f158 tab
                  3⤵
                    PID:2428
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.5.1147949906\497679762" -childID 4 -isForBrowser -prefsHandle 3340 -prefMapHandle 3336 -prefsLen 26798 -prefMapSize 232675 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28ce024a-f176-4ff4-b911-287364786367} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 3588 1cecb658 tab
                    3⤵
                      PID:2412

                Network

                      MITRE ATT&CK Enterprise v6

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\81ei91hh.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        148KB

                        MD5

                        c6389caa5909054e1d805d43673229ac

                        SHA1

                        bad99ae4a77a08b3fc4639b77283b18119127358

                        SHA256

                        273fcbe6478dd53de038a7d1cf57fd52ee741a899273a12032708e8a1a6ea875

                        SHA512

                        d82a3dab9922f07329940db8d69d2640550b8cd776788c4425960dac2ecb357b42fdb23e235f20fe8919d682af0999ce66b5428ed2de1915e243716df1f7c965

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\81ei91hh.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        287079c0a70882ef8bb416820d8184ad

                        SHA1

                        67f9835b12c37eee8e6d0e00dbc303d8f7d9a772

                        SHA256

                        cdce500c9efcf5aaa92013a70429d0fb43331c7f28472a7186f8079e510b91b1

                        SHA512

                        05048711b5b6c658a6f7c522d33e0260b25f7ba970bd129adba232d68c82ca018fee195022a880972204f5d4566cbb89f2d4063741b0df1aafa8e8bf7d5795b8

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\81ei91hh.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        b3687879061bc5e4e08316dfaa8afa96

                        SHA1

                        c6f687cf8a6c5fbddc5f14fd781f21dc552bc235

                        SHA256

                        e85494d0effb38c23844cf9dc1e1e43d16b711d171e50ae431194c1fc3dfd422

                        SHA512

                        88938abb2400e319e5f6de5ca91862663e0faad4937116108bffa9e0bf317b3449607310d0e823c854128c3511e31ebfc744ef4cf58e04e95106bcb9e9f55fc9

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\81ei91hh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        184KB

                        MD5

                        fb732ab90ae806de2a908ea466074728

                        SHA1

                        384b71583a2741ec314d2f1a6f04a715ded9dbb0

                        SHA256

                        149d40bd736f752eb14a352c83abf35a2affe987c7f0aa4af0add7b988b49132

                        SHA512

                        b5fe272d713cd5a97bbddcb960cbe068603d67ba1a7ec48dcee80b9495e5cae0a21222df7bf9481fa42c7f5419c1008344aac4680e057d4e62c48566e3754a71

                        Download Submit