Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://d335luupugsy...

windows10-2004-x64

1

Analysis

  • max time kernel
    13s
  • max time network
    15s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    07/06/2023, 14:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://d335luupugsy2.cloudfront.net/cms/files/333584/1675447923/$5t2zg4z4d59

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://d335luupugsy2.cloudfront.net/cms/files/333584/1675447923/$5t2zg4z4d59
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3784
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://d335luupugsy2.cloudfront.net/cms/files/333584/1675447923/$5t2zg4z4d59
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3436
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.0.2012490366\132008670" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8099c2d2-3842-4c87-a495-1f0385ec1bf3} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 1932 1ce2a1fb458 gpu
        3⤵
          PID:1848
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.1.1126216574\767858975" -parentBuildID 20221007134813 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a20bfb17-dbc1-443a-8c28-bd089a32a9d1} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 2440 1ce1d16fb58 socket
          3⤵
            PID:1000
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.2.1990463306\832952367" -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3032 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d96afce-7076-46f1-8339-2d80ecf2d276} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 3044 1ce2deed558 tab
            3⤵
              PID:3580
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.3.1104900677\1191480921" -childID 2 -isForBrowser -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0578e38d-d00c-48ce-9914-82f12203e739} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 4072 1ce2f677258 tab
              3⤵
                PID:2004
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.4.238814620\1402214508" -childID 3 -isForBrowser -prefsHandle 4672 -prefMapHandle 4600 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ddd3d68-3283-4cbb-8c21-2bf861988b06} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 4592 1ce2f9e4a58 tab
                3⤵
                  PID:1416
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.5.346209810\1301860922" -childID 4 -isForBrowser -prefsHandle 4884 -prefMapHandle 4888 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dc3c248-1aa7-4210-8259-6f7e84c7d135} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 4876 1ce307ebb58 tab
                  3⤵
                    PID:3012
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3436.6.1721238086\1893887694" -childID 5 -isForBrowser -prefsHandle 5024 -prefMapHandle 5028 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fe7a9d3-8d5d-4ebc-8220-b69c9c5379b6} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" 4600 1ce2c92ae58 tab
                    3⤵
                      PID:2016

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  144KB

                  MD5

                  4e5d6300ceef9cdbe6daa94b5dbbc238

                  SHA1

                  eeb23924ccfe6ef2f844f4278e0fd44ce5086e12

                  SHA256

                  7d14f825b6ac4c725013cb0a9311960f2ec46ef33ed0ccde154d7c4218d029ee

                  SHA512

                  dfedaf3d1898efd38da42fb2b63347d21143ee0cd6e0020da1dfbd4e6ff7af99c66433fb71e274719242ff211f157cc47cfdd9afc96bc493cae3cf36c3906caf

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  6b5858ee94ffac3b9d0da140546f8da7

                  SHA1

                  c5bce786b7c12a0952c5aef63ea7a0efd6f30848

                  SHA256

                  8f11c1e6ce868d6606d836e8d9478ef2daab8e7bb1879231f573ccb6a8af65c6

                  SHA512

                  6471d74eb4f4521e1d3f5551d0534cf25ef050272cb05e03458717fb657ed10e5138b0241ba544227b64bbadf09e789af782c0f707577a26a9e80bce87fc3aa6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  0497273fd419fb93b0ae85a75f518d07

                  SHA1

                  5e609d620a8899654a47b5ca375596f1f690c7eb

                  SHA256

                  c83f7a9d8e18fc2d3e4ec937a02f4daba403d3841875a9da94cc75eec4dfe72c

                  SHA512

                  8cb391e1946215c7db4f2edc71ec4b29f48b78fe5836cf780944202375f4f5bb79fa7ccc15f19ef6e8f67389d33b2089568f05d2b036abebc194c9e52f75b93c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  1984b45f201f1fd79d2154406648433b

                  SHA1

                  42f082dc6d4d43333688690bf4dfa7c7f8b618ab

                  SHA256

                  000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9

                  SHA512

                  e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc

                  Download Submit