Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://official.lec...

windows10-2004-x64

1

Analysis

  • max time kernel
    18s
  • max time network
    20s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2023 13:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://official.lecreuset.com/4FU3-1J9WN-68OGNY-1DAS2Y-0/c.aspx=

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://official.lecreuset.com/4FU3-1J9WN-68OGNY-1DAS2Y-0/c.aspx="
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4920
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://official.lecreuset.com/4FU3-1J9WN-68OGNY-1DAS2Y-0/c.aspx=
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2316
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.0.1428688403\1275112395" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d261756-deb4-4657-81d3-4f0a25520a00} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 1952 1f0c8fd7058 gpu
        3⤵
          PID:4600
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.1.1905172663\1145889873" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a96c55e1-57f5-4a24-a39b-75724f3b03d1} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 2416 1f0c8746a58 socket
          3⤵
            PID:1000
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.2.1370346353\239971766" -childID 1 -isForBrowser -prefsHandle 3100 -prefMapHandle 3000 -prefsLen 21792 -prefMapSize 232675 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {999e6ab0-c541-4fa3-8c12-44491548e453} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 3108 1f0ccad5558 tab
            3⤵
              PID:2736
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.3.1115472851\2102868413" -childID 2 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32885743-0236-4a87-a186-e4130a961cb1} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 3916 1f0bc362b58 tab
              3⤵
                PID:3184
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.4.1593974536\1946504702" -childID 3 -isForBrowser -prefsHandle 4936 -prefMapHandle 4280 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2a4754f-c9b8-46e3-b07c-5a2ed89157d4} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 4940 1f0cf895358 tab
                3⤵
                  PID:4240
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.6.564016062\1059966368" -childID 5 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55008169-4438-4c49-abda-1d1f83433be0} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 5384 1f0cf896858 tab
                  3⤵
                    PID:2592
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.5.2070860314\1663591425" -childID 4 -isForBrowser -prefsHandle 4940 -prefMapHandle 5152 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3b5cbb8-567e-4787-ba9c-1a7c2f667508} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 5256 1f0cf894a58 tab
                    3⤵
                      PID:5096

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  151KB

                  MD5

                  3de4beee7c7245016c0d66458648f02f

                  SHA1

                  e41383458a67ccb585c01c92c31ff579124990ad

                  SHA256

                  e97c95cead5a00a6a87f0e753cf99d136ed00232cfbb47b8cca2f3c71d86d29b

                  SHA512

                  d38793c7f02c3e0239b3feea501805a6eac59fcb175790868ffe4c2233068a717bc7d4fb735d3314469f16eaedb7ac3faa5057e4e63826004d96c61d819faf5e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  2d157baab469eb4667d451e6af3983b1

                  SHA1

                  c4ee80813a71ec2d90bb0efad1cb49c14c9826fa

                  SHA256

                  c3b84fc19ce795c4b215eb73d2a0835da9f96101fde1d2c17a7d507b428adbf8

                  SHA512

                  915bb805b5d8e8a8e9206d9006f7c8e99a17b8077a6d0c5fb18f1efd5a9c774a2d23f0ec40df6d308ed21724cad9254afc1bb406335f4bc706ec115eec835331

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  c12eb88d3c32eedb95c1cb242ce65881

                  SHA1

                  d47f7d9a4ef2b1c50a173381b704db47baa40e73

                  SHA256

                  d1c68719597ddab1be55d8eae2eabec0e2777620a70bf4f821c2cb3bc403ea27

                  SHA512

                  ccfe0d13d36bb6516fc98d64cf1920412e8c63b66b690b9b2cebcaa8cb8460876d76eb6ed81fecdfd3b21c90f381e893ba62e43761f92d0152992ef9d39b8279

                  Download Submit