Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://cpdedu.com/

windows10-2004-x64

1

Analysis

  • max time kernel
    52s
  • max time network
    55s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2023, 19:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cpdedu.com/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://cpdedu.com/
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4680
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://cpdedu.com/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2284
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.0.1809580229\934583006" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa2105cd-5a7d-4ae6-aff8-cf9e3c396de5} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 1900 212e4491658 gpu
        3⤵
          PID:2824
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.1.1266521150\45989028" -parentBuildID 20221007134813 -prefsHandle 2396 -prefMapHandle 2364 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {224c438d-8e2f-4f9e-81b5-0ffbd99aba52} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 2408 212d6472858 socket
          3⤵
            PID:3264
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.2.1431408578\950008162" -childID 1 -isForBrowser -prefsHandle 3128 -prefMapHandle 2884 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d16a8679-bd39-4e06-bd91-5d8b0809edcb} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 3156 212e7228258 tab
            3⤵
              PID:2436
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.3.171002020\1218677983" -childID 2 -isForBrowser -prefsHandle 4028 -prefMapHandle 4024 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2210d1cc-5929-479d-a526-f75fadfd22fd} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 4036 212e86caa58 tab
              3⤵
                PID:3676
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.4.911632766\1508497977" -childID 3 -isForBrowser -prefsHandle 4824 -prefMapHandle 4820 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdbc9706-b195-474a-97fe-fbb14adac46f} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 4836 212e988c858 tab
                3⤵
                  PID:2708
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.6.772546317\299526555" -childID 5 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f724fc85-5a81-4b6c-a523-2a371bcfe8b6} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 4672 212e988da58 tab
                  3⤵
                    PID:2668
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.5.1620184527\445247605" -childID 4 -isForBrowser -prefsHandle 4800 -prefMapHandle 4796 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c54a13a1-b9ae-4735-ae9e-3b2b1260aabb} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 4776 212e988cb58 tab
                    3⤵
                      PID:1216
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.7.1272124948\362564617" -childID 6 -isForBrowser -prefsHandle 5168 -prefMapHandle 5364 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0287285b-8ff6-4bda-b880-a9bd36e57156} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 2396 212e7229158 tab
                      3⤵
                        PID:3416

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    158KB

                    MD5

                    2190316ae0438877a677913fb6106501

                    SHA1

                    4ad7ac246c48181b0ea9edfe59d6173bce13e06d

                    SHA256

                    1df94a3e6101289098d506a0c02cf689391bf60358973c179f1797284f170816

                    SHA512

                    25dfb868e826c7e8d8d66d09f9dd05e17183c769ca0ba9f22052601bc24ae6873e3a3d030e37223ad30cade0178c63448a8d6fbc5ede5f5bee15d879ee67de28

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\safebrowsing-updating\ads-track-digest256-1.vlpset
                    Filesize

                    54KB

                    MD5

                    4f9ef3d3a71d4cb49e623e3f4b7b1162

                    SHA1

                    c2d65973b44b051d043475e9387fa7100514acbd

                    SHA256

                    48ae004f3c542ac764dd5a1e894918ec4b250b5c1f7209256c191cae13106b1f

                    SHA512

                    f7017204ad37ceedbff4e8b58ab4edac75748d2f36693e59ea9d9157f637d29b53c6405d994ac9fc62712f2574013e95c4817ff49229c78dcc23cac805b13ed7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    c99498b98581f0abcef792e8ce4ebf17

                    SHA1

                    0541f3c76c620b780af19b4a11893066bb6c1d25

                    SHA256

                    15e97c272179ab0bcfe87112d3084d53cf0207e4ba36a201489c8d13e0529cf2

                    SHA512

                    918dfea103263be2d7a9406d230e9a6672c0d8a5368b82fd3b3371ab556e09bf9f3e3a988b5b809fcbbc93e95639a46bc6630c912799dc05af0dc0200d7a3836

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    dc51aa013be035266a9dffbfc4dc6175

                    SHA1

                    cbc0aed109c87cdf9b977cdef173bb820cb41420

                    SHA256

                    f8963950360f9c1744c7ec97ea8579460ae401db0a2b7dec9a35700c54d697d6

                    SHA512

                    d45aef42672028f97fb7ef06a3dffb17a8692f6f429b9d3d1428b8115552b8c996c2218cc9f01e3bec519fb98da77d588b0de91a09bc9935bd1d4960ff0174f6

                    Download Submit