Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://amatma.com

windows10-2004-x64

1

Analysis

  • max time kernel
    92s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2023, 23:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://amatma.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" http://amatma.com
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" http://amatma.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3052
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3052.0.2089323010\498703997" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b132d550-879e-4f50-be70-495eae14661c} 3052 "\\.\pipe\gecko-crash-server-pipe.3052" 1900 128bc9c3858 gpu
        3⤵
          PID:2020
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3052.1.1628165657\1185029249" -parentBuildID 20221007134813 -prefsHandle 2312 -prefMapHandle 2300 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b04e2e5-861b-445b-b45c-c876fe9c41f2} 3052 "\\.\pipe\gecko-crash-server-pipe.3052" 2324 128bc8fae58 socket
          3⤵
            PID:1504
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3052.2.2040083558\1814896437" -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 3132 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8eff04bb-c421-4860-8d2d-001ed4132a79} 3052 "\\.\pipe\gecko-crash-server-pipe.3052" 3144 128c08e2e58 tab
            3⤵
              PID:3092
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3052.3.925930212\1211227199" -childID 2 -isForBrowser -prefsHandle 3832 -prefMapHandle 3828 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c40ce877-8f74-43a2-8751-4d4a850efcc3} 3052 "\\.\pipe\gecko-crash-server-pipe.3052" 3844 128c19b7b58 tab
              3⤵
                PID:5024
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3052.4.63947913\759651262" -childID 3 -isForBrowser -prefsHandle 4768 -prefMapHandle 4764 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {292a9670-0a28-4972-a5bb-86408fcf5d96} 3052 "\\.\pipe\gecko-crash-server-pipe.3052" 4776 128c2fc7e58 tab
                3⤵
                  PID:4800
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3052.6.2139755571\113558797" -childID 5 -isForBrowser -prefsHandle 5032 -prefMapHandle 5100 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbdd0ee4-35e3-4022-a2f1-fb0f679f7689} 3052 "\\.\pipe\gecko-crash-server-pipe.3052" 5108 128c2fc8d58 tab
                  3⤵
                    PID:4812
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3052.5.1561162364\1214522800" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 4932 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6af94fde-1a85-4c33-a69e-7573ef5965b2} 3052 "\\.\pipe\gecko-crash-server-pipe.3052" 5012 128c2fcae58 tab
                    3⤵
                      PID:2488

                Network

                      MITRE ATT&CK Enterprise v6

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        154KB

                        MD5

                        93e448ea70899c2cebbd9c1ec66cefbc

                        SHA1

                        a4eab4596170ca6054bedaedef368cb6217b0fe5

                        SHA256

                        5ff091ebbd54ebc3f3c03a417045884f56bb90655a394166ae0f87e905c1e1ea

                        SHA512

                        e57fc74786988d6b77e450422bebf504dc307a5b97501b9296f430868b265dd7b8161507f84ae34c1b0f8156b640faf4056f3abff85c5514a23aee463e991fc3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        edcc085b9bc93fb3184da0914a866991

                        SHA1

                        9fda0882a4a24a335cd138fe1d0950a102a8a18a

                        SHA256

                        cbff00eddb224502fcfccbbbc4b6bc4a335163af7ea55381e6e21d263179fcdc

                        SHA512

                        23aafd64f1351196accbe104021c8d55a5f6dd12646c7f351167bbd0b8c42639f249ff3a3dd63f2c366a6a4cddd9ddcdcdb9a5f29777f854c64e74d601dff611

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js
                        Filesize

                        7KB

                        MD5

                        572e745e8c5f084d5fb6efa8b49b7dfa

                        SHA1

                        e2714511cc58cf9f43d3d266c75eb0aa25ed70d3

                        SHA256

                        37c8038db46e51fb26fd62563ab56c8c6412750b2a96d8415ba42917be48193e

                        SHA512

                        83bab70c18c38662c544b1f4d0cdb53e872186217e6e5cd553bdd8be5fc0b6456e16186042d131e676139bd4f6c9f543facf8c94f5f478ee68c2d522bd8ada01

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        8e7979a3bb5029590607581f78bf9206

                        SHA1

                        afa554821e55630a69e1ae2a6dd0ed52d0c83853

                        SHA256

                        118ee42233597d2c198839dc9867405afbb5e95affced628099ad833c87d8cc7

                        SHA512

                        3f35e47a15b0d41321a896e8c0a5ea0f546b111a4b9d06dec2b9762f74e2969ba8a669d42c66e0c112731dda04ef4fd0ecf0dff7c483546edd0c90d3d413b487

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        d5283dd0a480973efbc6c737a5401cb4

                        SHA1

                        90cd322f71170e1cad184c05272573555849763d

                        SHA256

                        6fd5dd666228a691f9c59f6eb807ec5c503796b02a11469d5ea95a9389c253d7

                        SHA512

                        c5241d82d1323451efdb764f9fbc0a2606eb6be38ce0f791314a3069fa9ff5a7d759318379e45f81269a8aa77b1728c94eefba13e61e92049e8b21ce343d783f

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        fbd2b925da994af325834057c9c0e936

                        SHA1

                        e1926dfd9f6db9d70597abf2f9ce7c4b9da7335f

                        SHA256

                        64a4b9324602d5f741701701969b49175e45118ee723a333c4a85c40b85c0b13

                        SHA512

                        384e98ded0ab9aa6895c29c10fc64fe56062e27357a97fb02b057301cfbd3bcd2d83bbeec37b880cc9422ca5782114e56c160aff97e99fa2470e319d537073d3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        f2de70439574c95816f3dc8ed1f9e8a1

                        SHA1

                        96619e51188ccc089c2e3cfee88f7e34ea338249

                        SHA256

                        d5219196366155b8c543d844a58bf5b771e0c5d04780bbca2bd2a652887edc09

                        SHA512

                        451330a2b44401f9279df986ca13319160d14aaa5310f46fb4eefda457e9f2a498b24991c2c9cd2045d369089d7d901d2d57144757102846eef4064eadbcc5cb

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        50b4614c6776a566ff7279442217b28f

                        SHA1

                        0e84aec78290cc3f5b895b3e6d0aec98786aadb2

                        SHA256

                        cbf9becb704015ba2e5dba1881e992e71e30af98265acd4d95de9fec886f1a0f

                        SHA512

                        7e5daf820becbe2c151ac3f83b014b7446f32f2c77608a236b7955cfde89836b2fd9e39e4e3c8cad46a3e356e8104a309335115dec364500e1422a70a594b5e2

                        Download Submit