Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://myfave.link/...

windows10-1703-x64

1

Analysis

  • max time kernel
    74s
  • max time network
    79s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18/07/2023, 10:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://myfave.link/s/34b52c261b9

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://myfave.link/s/34b52c261b9"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://myfave.link/s/34b52c261b9
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2944
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.0.298849225\1799306814" -parentBuildID 20221007134813 -prefsHandle 1680 -prefMapHandle 1664 -prefsLen 20858 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9324042-225b-4fe9-8543-e9f6a6fbff65} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 1768 20d96623158 gpu
        3⤵
          PID:4148
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.1.1314416636\845779698" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21719 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc266e26-2317-42bb-b7a5-b10d62902bd6} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 2140 20d8a470458 socket
          3⤵
            PID:2320
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.2.889072555\376809607" -childID 1 -isForBrowser -prefsHandle 1528 -prefMapHandle 2892 -prefsLen 21757 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59e07c00-543c-46c2-8748-4ced3f0f07ec} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 2788 20d99717858 tab
            3⤵
              PID:5116
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.3.1396855070\1899425282" -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 26402 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ede68f6c-14f3-40fe-8232-bba8d7261d5e} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 3620 20d97f7b758 tab
              3⤵
                PID:1560
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.4.1842634989\1759507227" -childID 3 -isForBrowser -prefsHandle 4812 -prefMapHandle 4848 -prefsLen 26636 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28d51996-1796-4111-9198-e2de21820822} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 4836 20d9ca46258 tab
                3⤵
                  PID:2476
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.6.1526029761\106808565" -childID 5 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26636 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1760f6e-ef17-49d0-8656-65fa6613ea83} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 5164 20d9cb16958 tab
                  3⤵
                    PID:1192
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.5.1320411956\1410399792" -childID 4 -isForBrowser -prefsHandle 4976 -prefMapHandle 4980 -prefsLen 26636 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a018967c-7564-4697-b4df-33a6fde017a5} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 4968 20d9cb15d58 tab
                    3⤵
                      PID:2892

                Network

                      MITRE ATT&CK Enterprise v6

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9laesmh3.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        134KB

                        MD5

                        4e60eb3a653b15b138b4677868983f3c

                        SHA1

                        00abd98c1ffdfa9eece56d60e2ad92b74f4cbfd7

                        SHA256

                        0df90059395e1a8e80cdef3a013e1f8793334a39cb76af6a4632dc24402f6b9b

                        SHA512

                        93c5598fc1ebedb2cf5ac8743240d0fbc72baedf0ed49c0a567df5b1d220a34c55d1248f3ca984cf5d7ae5d7c62366e7b5b3e6668d61f3903903180a90cee3e7

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9laesmh3.default-release\prefs-1.js
                        Filesize

                        7KB

                        MD5

                        cb09704bcdbdfca4cd80010507cf4110

                        SHA1

                        89f8c0a0b5806b78cb5f684b85a38e6251e62828

                        SHA256

                        b20b791b62ffe68037c3b3e72e71ab7a98916a216c464a39366e924c832317c1

                        SHA512

                        033c28f26942824a9d2d9f18b36635828e66349c90491a851c5b1e58a455ff46dfb116cc0be81e0a8dc1e7ec933a0df781a07e27410c6ed088a9db02817790bb

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9laesmh3.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        996B

                        MD5

                        2bfb704e642c87c7617314a0ee1a4cbb

                        SHA1

                        da24ac15a65f2e4779f40c35a55c7cc1e21a8fa2

                        SHA256

                        2dde521ffa32d26d6b6077a7fa763caf00c4db561d8e7667a92a893def4a79ec

                        SHA512

                        5a442221228edf05ce787c40332f7c2f0684ecc2029b618f225fb431e2f92811468fa968be503fba84dbaa3ad454e79bdab4470a0fa27ab4e57a1d17c8ac7364

                        Download Submit

                      • C:\Users\Admin\Downloads\IMNIMNINMINMINMIMINIMINIMINMINMIMNIMINMI####################INMINMIMNIMINIMNI.97Q0_Jd9.doc.part
                        Filesize

                        25KB

                        MD5

                        0bafd1b6efa0472067dc243c3001eea3

                        SHA1

                        065a6d2625bd5bbb5200b22510d2dc043c85d2f0

                        SHA256

                        db3faed8140a81bfeb2e70fc2d87412f7d1a1629b21f22a43783649eda2ef387

                        SHA512

                        36d2353a06227b0d4c4aff0038927e409ee69a42ff6e871f2955c6783b2b4dd229ee27e4d5f6cab1e8df14c234fadce95c2af0ecc0c0da1bbcc80659ec64ad79

                        Download Submit