Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

6

Analysis

  • max time kernel
    2s
  • max time network
    15s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-07-2023 19:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1HC7AZi-Qo-N8HtA9KwHcGZW46hYbiyM4/view?usp=drive_link

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 61 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://drive.google.com/file/d/1HC7AZi-Qo-N8HtA9KwHcGZW46hYbiyM4/view?usp=drive_link
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://drive.google.com/file/d/1HC7AZi-Qo-N8HtA9KwHcGZW46hYbiyM4/view?usp=drive_link
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3732
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.0.1644792556\982123459" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19fd9675-cd5e-4951-adb2-bb28e9ff9165} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 1932 2416d1dc558 gpu
        3⤵
          PID:4428
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.1.1435923365\358658304" -parentBuildID 20221007134813 -prefsHandle 2328 -prefMapHandle 2316 -prefsLen 21676 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b589cd18-295e-46b7-8d79-7687a80ec9a6} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 2356 2416d10b758 socket
          3⤵
            PID:3796
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.2.587038946\901014207" -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 3016 -prefsLen 21779 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26bc6618-7123-4b5f-bdd3-24f944f04e10} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 2992 24170fdee58 tab
            3⤵
              PID:2112
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.3.1415213289\982929769" -childID 2 -isForBrowser -prefsHandle 3772 -prefMapHandle 3768 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3565f051-0160-4771-a941-d44b4345439e} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 3784 24171d5e258 tab
              3⤵
                PID:3344
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.4.956054093\1985958186" -childID 3 -isForBrowser -prefsHandle 4692 -prefMapHandle 4688 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69db32dc-9067-436d-b19d-ed72a1a32392} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 4708 24172e06758 tab
                3⤵
                  PID:3788
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.6.1172369965\98835709" -childID 5 -isForBrowser -prefsHandle 5144 -prefMapHandle 4728 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e72d46d-6236-4ee9-8a48-ad93cb4bbe7a} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 5136 2416e722e58 tab
                  3⤵
                    PID:3388
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3732.5.314507640\1875847050" -childID 4 -isForBrowser -prefsHandle 4904 -prefMapHandle 4992 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e061fa97-6ddf-4f5b-af33-4265660b775e} 3732 "\\.\pipe\gecko-crash-server-pipe.3732" 4900 2416e724658 tab
                    3⤵
                      PID:5108

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  152KB

                  MD5

                  7d4454b8ca2dff78de1384fafa00fa7e

                  SHA1

                  04c05f77433b36b1c332a32c34eb630a4ce50078

                  SHA256

                  f139076b6bd449d4af4e1fab0b2c9f517cf30ffcd09395a554574b0b3ddb1edc

                  SHA512

                  7ae958464aafeb8b74a3638626327288205dc807f344ecbe08d37e9351af43bb43e0dafb3b52ccc45fb14d4f9f112c9acc286661853647ac83d921c15a7b8b0b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  89858bec29d9854f00056ff0aced8b2f

                  SHA1

                  54b728ccb95faf417b8d2c50f38b164aca5ce947

                  SHA256

                  2f821b1e5157c075134ae8641f2c979b331bf521bf4a6e418119a653cfb2ffb7

                  SHA512

                  c35c45ce22635a7e815d73789eac5360bdccd44ce317f0baa10542e37c050511cc38b14e4ed2e07ca2407c86a9d1dfe00c22cb8726a8f09950a515b838f81879

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  44c13def14f86cf742b2d66f69867d51

                  SHA1

                  d0852137ecb58dae8e33eceb25a959b66cad1115

                  SHA256

                  b6252a75fc0c72d0b56087a3c275e4a40b11c65b982ef122689a9b7b59766431

                  SHA512

                  66f8f3d0f901a18c5bf54329dec6451bd796621b4b46aaf42bc3c143be540c6d445288db7e32c54c2805cc224e50d514009edaa94960027ea2ae185ffe8576a5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  37a1be42416c72cf902261ed6cb67754

                  SHA1

                  71a1519f2202dbfad089cabdcdc853617a32f0f7

                  SHA256

                  161f356ea424faab9d3e631374492f82a6ca43bfbaa93c34cd5d0a7e7ad638c6

                  SHA512

                  b2ed43d4829c6b4aecfb70ee2d7de1d04f374fd7359b0cd41fa0b54d9dfaad9cf70b70794a82baa3d54f32dcd1b51a143aeb14af3d10a663318b79ce210bc2d0

                  Download Submit