Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://padilhacarvei...

windows10-2004-x64

1

Analysis

  • max time kernel
    47s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2023, 07:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://padilhacarveiculos.com.br

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://padilhacarveiculos.com.br"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://padilhacarveiculos.com.br
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1372
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.0.296019214\1197560626" -parentBuildID 20221007134813 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {49f21542-4679-4778-b85d-5e6955605879} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 2000 19890fd4158 gpu
        3⤵
          PID:2336
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.1.1786395138\482112773" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f957c4f-7d73-47cf-b4cd-77d8bed3f878} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 2432 19890b3f158 socket
          3⤵
            PID:4988
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.2.1420317140\1269745638" -childID 1 -isForBrowser -prefsHandle 3280 -prefMapHandle 3336 -prefsLen 21792 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c2d2f59-ff80-450a-8e1f-5c04a03643ca} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 3308 19890f5ed58 tab
            3⤵
              PID:1160
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.3.1332152308\1128372357" -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {799a6818-3c90-4677-ba17-32d795c14a14} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 3636 19893af4e58 tab
              3⤵
                PID:2384
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.6.237223086\1313663707" -childID 5 -isForBrowser -prefsHandle 5348 -prefMapHandle 5352 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6980efa-2223-4a97-b0c7-f0c7f2ababe4} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5340 19897884f58 tab
                3⤵
                  PID:1544
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.5.767991495\2036306221" -childID 4 -isForBrowser -prefsHandle 5156 -prefMapHandle 5160 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61f72f4d-b781-408b-8776-7d8163e89b6d} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5148 19897882558 tab
                  3⤵
                    PID:3976
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.4.686482430\404653143" -childID 3 -isForBrowser -prefsHandle 4536 -prefMapHandle 4940 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf86e89c-22c5-4b33-bcde-343e883d5766} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 4496 198975db858 tab
                    3⤵
                      PID:3544
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.7.888412340\263810588" -childID 6 -isForBrowser -prefsHandle 5348 -prefMapHandle 5352 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6975cb01-ca4f-418e-bb02-7c497bf8b864} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5572 198952a3658 tab
                      3⤵
                        PID:2864
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.8.1999836283\1429895165" -childID 7 -isForBrowser -prefsHandle 5188 -prefMapHandle 5808 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f6c2ca7-a7a4-4dbf-a582-2ed1728da711} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 5876 19898e12258 tab
                        3⤵
                          PID:3640
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1372.9.551669592\1854472108" -parentBuildID 20221007134813 -prefsHandle 6100 -prefMapHandle 6096 -prefsLen 26577 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3578912b-1096-4dae-99d9-94c311082f91} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" 6108 1989296c258 rdd
                          3⤵
                            PID:1644

                      Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\activity-stream.discovery_stream.json.tmp
                              Filesize

                              155KB

                              MD5

                              b036e027ff1ad173e909c7aeff43517e

                              SHA1

                              a7229bc92723ab42d4e2faed96ed579b85cb1cb7

                              SHA256

                              ce37225f546c21524d07de2aba027a6dfe8874b09a3b0a0d72156f922f7a53d6

                              SHA512

                              c5e604f3bc3354d810e243f695efcb45d9ac1dff6e34a5c1610e27dd0d94350756163f87795536ad66d5e5c199857940e5072dc92bf7dea3d684d93fb3194d65

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              64ae41bf8eaa089a0a86118fbf609045

                              SHA1

                              eb563453c80085a4caaac9b7d620b398b78755ee

                              SHA256

                              03ee354c3732ec3c99f6a53db90d8bfd0cea6c2226a932e746f7a902ad340c61

                              SHA512

                              0afe8962915f12a4761780c22b52faafbe391ba498006b10c346c17706c96e5e2215fa2694c17adef627fb446138bc5f8e8f72c202328ded650a143111ba0042

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\prefs-1.js
                              Filesize

                              7KB

                              MD5

                              f7a1bf93470898b419582c97de09c5bd

                              SHA1

                              7eacd722888e11a1eea2a4dfe9be54645d1daf7e

                              SHA256

                              3df4c9fd5f23794d3ed4242e1b4ebb65a8764d2aa193bdd2e939be23a308df5f

                              SHA512

                              c2712e4ddf73ce80c9872a466f62994f11d6aa840da101a79fc472d34e80f050ab45ae0e07707a2eeaabae549487241686c3d9d09637bf674401b0658b4aad8d

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              2KB

                              MD5

                              7d694bec6687624fc06a43c27064fa66

                              SHA1

                              387a41b4fe7a1eeadf8fba59a1395c9db6fdde90

                              SHA256

                              c77913b7dc21c35239e280eb9297212c0b33a52388bcf005e49a47d1f2596361

                              SHA512

                              ca95549c9af2855999ed5bb6e412dc109ea5423d4574b43b8b870f8328527150f2256985e85b9f5ae87700f344444ba4604f91b377c44e76dbfd45bab52edd15

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              2KB

                              MD5

                              cb697c311754e8267e1632115d48cc6e

                              SHA1

                              4d8f3743b384732e7aa3b45dbf81e1740fc21d56

                              SHA256

                              c97af0130d388eb5ef4c396edcaee21c9d3be4d532a91df15d56955d89e28593

                              SHA512

                              08dc240c209bf62e6cb134f704eabf04cde2c3f9762a83cfdd74d92621c0f5846bc8da29a12243b049c01f8ca163417a39f6c9900b2ee5ba7e73ee2914efb029

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              2KB

                              MD5

                              3e41b527517fae0128305cdb31f3f75b

                              SHA1

                              7ab673664c951640a440359314d98af7159cab3b

                              SHA256

                              370e164a03dc8b3eed9c2afffbc0e8a45efa85d2195940fb892ac1f3418f71c3

                              SHA512

                              7f049eca6830b0ef373c0a6b04118346a86beaf28ea7847a54e12a0f8801bf6dd08dda6bea94458029a3d72adf850b8776b78f555921eca68e611fa3914665c5

                              Download Submit

                            • C:\Users\Admin\Downloads\mvic.js
                              Filesize

                              14KB

                              MD5

                              0f7de89f54c9c004755b78444982674a

                              SHA1

                              3ef1a9c5326b09e2df02e5412f0cf92558ce9e5c

                              SHA256

                              b852596012f52d10ccf61fd68a84f1c99cfcaa0232ce970be2e1da49f40fb09c

                              SHA512

                              5d85d22f8f73b2f3c28e87b4a233e6ee4de88bbd13da8e39da663f9cba4b352bad6815779ac81c502f2fe6dc6c1f919e4d8f1e262409722d17529d2e28ff4f79

                              Download Submit