Overview

overview

1

Static

static

1

URLScan

urlscan

http://doxx.gg

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2023, 10:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://doxx.gg

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://doxx.gg
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5092
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5092 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1832
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3900
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1792
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.0.1280816435\894239244" -parentBuildID 20221007134813 -prefsHandle 1808 -prefMapHandle 1800 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {afbfb476-e013-4a8d-ba44-b360edeccf9d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 1892 256756fbe58 gpu
        3⤵
          PID:3652
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.1.1440080486\1078893163" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13829d46-f108-4dd3-ab1a-a0e5e170bcb1} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 2344 256751e5858 socket
          3⤵
          • Checks processor information in registry
          PID:2664
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.2.1828405060\999668537" -childID 1 -isForBrowser -prefsHandle 3176 -prefMapHandle 3172 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {faf5996f-790f-4ef1-a11e-d1ca7e769ba1} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 3144 256793a3c58 tab
          3⤵
            PID:1596
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.3.292991997\152628857" -childID 2 -isForBrowser -prefsHandle 3436 -prefMapHandle 3432 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac8ce9bf-67aa-4393-b7e4-89832538b7c7} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 3440 25668b2d558 tab
            3⤵
              PID:1400
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.4.1563067669\1526661756" -childID 3 -isForBrowser -prefsHandle 4256 -prefMapHandle 4476 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3da5b54-dab1-4a84-adb9-6a147a495419} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 1608 25677c28558 tab
              3⤵
                PID:2352
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.5.759028963\480527126" -childID 4 -isForBrowser -prefsHandle 5172 -prefMapHandle 5232 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2b6f565-1eaa-4671-a981-1807092e3fca} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 5080 256756fb258 tab
                3⤵
                  PID:4660
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.7.1705082863\739629720" -childID 6 -isForBrowser -prefsHandle 5456 -prefMapHandle 5460 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6800331c-5820-4de0-8690-530c0bc2b9e1} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 5448 2567b7d9458 tab
                  3⤵
                    PID:2608
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.6.935836544\945659192" -childID 5 -isForBrowser -prefsHandle 5268 -prefMapHandle 2772 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2548fe29-274e-4577-a886-165527050d78} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 5256 2567af38758 tab
                    3⤵
                      PID:5096
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.8.657548529\244483424" -childID 7 -isForBrowser -prefsHandle 5256 -prefMapHandle 5640 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da85499c-b403-4c20-8aaf-b2cb8b1bdeeb} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 5628 2567bec6058 tab
                      3⤵
                        PID:4404

                  Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          144KB

                          MD5

                          062c59486b66b15935becfb9e9abb9c7

                          SHA1

                          3ce746584d9d3a28030f7cdced77fc63a0709ead

                          SHA256

                          54b35b70b8ecee3c07566602b02bce28fa7b5419a46767d6db2a8a25e7bfb720

                          SHA512

                          08655a40bd1189130527bc2912c6e2f6891b4b2bfd1310e4f8e5377c8ff47a76fe4a4e7442c996cdf56677a8e033a8bc3761aa53a12b6c6be4452e7df588d399

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          f26d2ec7056df0bfb77aa7973cf99ed5

                          SHA1

                          24635593d364dca96ddfb63d61f84c4aa947d7ee

                          SHA256

                          233bd02fb9561afcb3de40206572401b13cbe185955d076f0db1e19b146ae521

                          SHA512

                          9f5b0376b29e6eee7f46351f344e76466a78993b27d53d7a1f0634fa41fdc5b7ec754aa61a999ae33ca0df7ef0b151333c09d2d57da48475bd3aadb6b1cb8ecb

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          10edb510a385d25b98ef95c354a08c4f

                          SHA1

                          196227909d735365f535e2f6bf637bd29f1ff2c5

                          SHA256

                          b582b64645aadd01c987745ee4ea2c61fe693086c92c534581c16141b16da982

                          SHA512

                          79028e378ffb14a82e8bced7e3332f748644833b106d8d42ef92a4c806cbf49d081590224303f3138bef378bf5d3902aa73fb4ff4835d3b42bd11a169787d4bd

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          57b800bbb8cdfbcd2ce9e990acd5e48c

                          SHA1

                          e3eaf67a11760f019b9243cb0484b2372a99de65

                          SHA256

                          2d5e512b35a299a1cf61f14e930acd61ca43b0febb397a83a175a20d7e04179b

                          SHA512

                          faea98ab451accff5466a18e3ced446adb86c9d290d22766effd499868d7c7e563fcaac19384b300a0606e41fc0dbf0cfe79b64ac086aa6076bb41f4ae901b1f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          a4af2322ded442edc7f73f61faea3ce9

                          SHA1

                          1af3203be0ba9461ae81431c5ebbf7d96226c19e

                          SHA256

                          e36b931f8478e31d8c2eafd77602af6c1ccb3eb38ac782af08b83de150a4e95d

                          SHA512

                          e6655f9438b3092c275080a61ed323837de2fc540cac9d7df86dc58f9375aaf2459402b027910a126a59edba6e3c98fe496019d68157e68011f97c7015b821f4

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\sessionstore.jsonlz4
                          Filesize

                          890B

                          MD5

                          3110948d8aa6e30c5a0753672ede2a37

                          SHA1

                          8fdce589aa0e0684edcf860524fd51ecbe906410

                          SHA256

                          ed6c35886c95490c91e676241849890d7e3d24bdbc00a52135dfb97a032d9180

                          SHA512

                          d9460b2064d5a8ec4073092537fb695c00d8c735e0cce01e963fb3564e55bbc151226d4ecfc7996ac2dcda1109d958e90959b6de062a0dc4ac954fe73c6c56a8

                          Download Submit