Overview

overview

8

Static

static

8

URLScan

urlscan

1

https://durakyazilim...

windows10-2004-x64

1

Analysis

  • max time kernel
    25s
  • max time network
    27s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-07-2023 07:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://durakyazilim.com.tr/css/admine/5/bWtyb2xsQGhpa21hLmNvbQ==

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://durakyazilim.com.tr/css/admine/5/bWtyb2xsQGhpa21hLmNvbQ==
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5104
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://durakyazilim.com.tr/css/admine/5/bWtyb2xsQGhpa21hLmNvbQ==
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3848
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3848.0.144201319\972691945" -parentBuildID 20221007134813 -prefsHandle 1812 -prefMapHandle 1804 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c28cd678-6fd5-40c7-aeaa-9079742e0f57} 3848 "\\.\pipe\gecko-crash-server-pipe.3848" 1904 11d2a9dc358 gpu
        3⤵
          PID:2360
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3848.1.748624945\810907572" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 21676 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6b4a79d-7214-4d2f-908c-ceefebd2e4ff} 3848 "\\.\pipe\gecko-crash-server-pipe.3848" 2384 11d2a8f0258 socket
          3⤵
            PID:3100
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3848.2.924536138\2064061873" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 2912 -prefsLen 21779 -prefMapSize 232645 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2c771b8-7155-4b5e-ac41-b669d32c0c92} 3848 "\\.\pipe\gecko-crash-server-pipe.3848" 2916 11d2e7e0758 tab
            3⤵
              PID:3868
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3848.3.2129394632\2117295637" -childID 2 -isForBrowser -prefsHandle 3456 -prefMapHandle 2948 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41ecf5b1-17db-4a40-ad31-5d68eec83591} 3848 "\\.\pipe\gecko-crash-server-pipe.3848" 3512 11d1e25b258 tab
              3⤵
                PID:4800
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3848.4.1624471230\1599466474" -childID 3 -isForBrowser -prefsHandle 4988 -prefMapHandle 4972 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d540ac2-d725-4d02-bb82-a8833eace549} 3848 "\\.\pipe\gecko-crash-server-pipe.3848" 5000 11d30c28c58 tab
                3⤵
                  PID:696
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3848.5.1592923324\312008925" -childID 4 -isForBrowser -prefsHandle 3104 -prefMapHandle 4952 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd26120e-02b7-48e5-8fe1-0f39fbd4fb9d} 3848 "\\.\pipe\gecko-crash-server-pipe.3848" 3092 11d2f520b58 tab
                  3⤵
                    PID:640
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3848.7.1708840311\1981409733" -childID 6 -isForBrowser -prefsHandle 5532 -prefMapHandle 5536 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d879b6a4-c591-4d4f-8e54-f02e3ca1b601} 3848 "\\.\pipe\gecko-crash-server-pipe.3848" 5524 11d2e845a58 tab
                    3⤵
                      PID:840
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3848.6.761658740\608198920" -childID 5 -isForBrowser -prefsHandle 5344 -prefMapHandle 5348 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02fdd3fa-3e5f-4b3f-8225-796a7b675773} 3848 "\\.\pipe\gecko-crash-server-pipe.3848" 5336 11d2e847258 tab
                      3⤵
                        PID:5088
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3848.8.21261326\1901577718" -childID 7 -isForBrowser -prefsHandle 5416 -prefMapHandle 5356 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03fbd033-a052-486c-b89c-19d9fa4ad45d} 3848 "\\.\pipe\gecko-crash-server-pipe.3848" 5404 11d320d1458 tab
                        3⤵
                          PID:3068

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      143KB

                      MD5

                      35998bc237d596fcd093af72cda0609e

                      SHA1

                      b04fc8af039712e604d717cfc7effa7e4ead7c99

                      SHA256

                      b22be7e98652df5bf7f87df27ca35eb25d286933f18aa1596dd6499e678559cf

                      SHA512

                      4f5c1cdc8ee6ee4c74b3288e67370b59e62dd5cb0c92db7e993d3ff3458dad993b0def8225383cebcd1877e52a1228b044c2882ae3c0d79205f5d63f2aec84b7

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      1fdd9ebdf8eaf5cf14d431368d0b748f

                      SHA1

                      dd89d7571ba86ed8ce5aeea16342c7d3b3d7981f

                      SHA256

                      4505ae4ac25912983fc3f33c01cac2e4f5e132b24061b14b838b9ac9b30e14d1

                      SHA512

                      6d9906c1a13ee297f5cd6eef1280416c6cf07051b02ba8e6cdfaa73ef74c75863bc4573a0237e6c316c9112987d2f88e6552d54833d9526436de07dc3c22274d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      9faad346f1872e53149855baa2ee59af

                      SHA1

                      801f88f63991b478b61be228a376f530a94b814f

                      SHA256

                      8690c3014bbe6d3cddb34be65b25915c7c0a83573e4e94aa21b0bf70ffa05a8f

                      SHA512

                      28a7de85f6e521d23591f92e47687dc0bd7509b54ada6bf056c5ef63ddd08e41c6783f45962cf7c9b5721bbb48cae0756ad641bd4e072538fc2565823bb74d3d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      2KB

                      MD5

                      17ab47782caa9781027ca53e2e7623db

                      SHA1

                      5a4c93035c701647900becaa26663453cea5f616

                      SHA256

                      f0eb05f130cc4ca6c834f2d74f4aa95d47676f03d077668b6580530ef72e41f5

                      SHA512

                      519a3fe551f7847372be6ab9909dd4a523c7bca7222792469d5718e74cd46f314003d2ed1299d5d1e3e0135ae9e98bcf524620a4fad5605597ba507bd70f14ed

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      1a4882b5b683af3925973845edfe0353

                      SHA1

                      834b48b675d9c08e2f5936e6d64eb1da4f2754b4

                      SHA256

                      91e84778a86c14c401994e0accc33b86d6beef205c035807d1c200ba8e740519

                      SHA512

                      f0eea55a258be205f1a1a98ef4d4e948948d6dad1da580fb92faa518a572e7dab1efc521c5c85e66c22bf73e9c2c80462a9a8add30e02c35b5b0468bf7f64f63

                      Download Submit