Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://norcalnatura...

windows10-1703-x64

1

https://norcalnatura...

windows10-2004-x64

1

Analysis

  • max time kernel
    183s
  • max time network
    222s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02/08/2023, 20:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://norcalnatural.com/3nq/rb7s4qqnss

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://norcalnatural.com/3nq/rb7s4qqnss"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4500
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://norcalnatural.com/3nq/rb7s4qqnss
      2⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.0.1279977439\1824524571" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1660 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01cf1104-52c0-4f9d-aa5b-4320d4c9b1cc} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 1776 24a855d4a58 gpu
        3⤵
          PID:996
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.1.552576495\1458472965" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 21797 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {439d265c-1ec1-4f85-9c55-717c9f9952b8} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 2152 24a854efd58 socket
          3⤵
            PID:2664
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.2.160815626\1847642549" -childID 1 -isForBrowser -prefsHandle 2604 -prefMapHandle 2932 -prefsLen 21835 -prefMapSize 232675 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a8776c6-5b7b-4b31-bf0f-d366842f703b} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 2760 24a8555f758 tab
            3⤵
              PID:3548
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.3.270585298\2143182584" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1da884e-2046-49bc-b08a-3e380911c0ae} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 3504 24a8aa30758 tab
              3⤵
                PID:1036
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.4.25312274\1786393880" -childID 3 -isForBrowser -prefsHandle 4624 -prefMapHandle 4620 -prefsLen 26795 -prefMapSize 232675 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a2ccc32-41ca-41f7-894c-89e38ffde48e} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 4640 24a8c280c58 tab
                3⤵
                  PID:3064
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.5.661054972\1622454924" -childID 4 -isForBrowser -prefsHandle 5060 -prefMapHandle 5084 -prefsLen 26914 -prefMapSize 232675 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c3c6f5d-247d-4af6-9a20-4e2ae1ba1165} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 2656 24a8e4d4558 tab
                  3⤵
                    PID:4144
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.7.402424169\1174270976" -childID 6 -isForBrowser -prefsHandle 5300 -prefMapHandle 5304 -prefsLen 26914 -prefMapSize 232675 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e310087e-5b33-43a2-8a47-46f4937b5555} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 5292 24a90c32258 tab
                    3⤵
                      PID:1380
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2972.6.1710392084\1681492200" -childID 5 -isForBrowser -prefsHandle 5052 -prefMapHandle 5056 -prefsLen 26914 -prefMapSize 232675 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcf234d2-986d-4773-9137-20b25107b1df} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" 5024 24a90a35658 tab
                      3⤵
                        PID:1028

                  Network

                        MITRE ATT&CK Matrix

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\16tg48g1.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          146KB

                          MD5

                          15ee3e9a024929bd8cb0ed99437ba7a6

                          SHA1

                          7131b1f8a7d77660b46f90c7fd9e17670ca38d3d

                          SHA256

                          98ce89ec80d5ee90826ebc8615471c202beca32c7a996d431debb13aa1cc7bc4

                          SHA512

                          315e2c4fa2fad2b7160c2121dff7222f6685aa8bb22d823372698b9b36435bbbbcb1fdfb168c5767487c280adb5beace885f45900ab0b033ede6252c2b1f6e4e

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                          Filesize

                          442KB

                          MD5

                          85430baed3398695717b0263807cf97c

                          SHA1

                          fffbee923cea216f50fce5d54219a188a5100f41

                          SHA256

                          a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                          SHA512

                          06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\16tg48g1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                          Filesize

                          997KB

                          MD5

                          fe3355639648c417e8307c6d051e3e37

                          SHA1

                          f54602d4b4778da21bc97c7238fc66aa68c8ee34

                          SHA256

                          1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                          SHA512

                          8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\16tg48g1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                          Filesize

                          116B

                          MD5

                          3d33cdc0b3d281e67dd52e14435dd04f

                          SHA1

                          4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                          SHA256

                          f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                          SHA512

                          a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\16tg48g1.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          50a42e2c8e932ae404e87d322c9a2fd3

                          SHA1

                          20684bffc996ded612778d85919c83b7a656b90d

                          SHA256

                          1ad799b5b393643c53abc26cb58606bd914557822363179f973da5361ee8b79e

                          SHA512

                          3506cc0546d2a481d554d7f5b483fda5a58eb5c36b34c31161b959e03c4703f5d523156ee6e91417c7df0f5ddef482da2271b242810376165503c2e14529edcc

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\16tg48g1.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          865dc68e80967d578f993bd76dea96c9

                          SHA1

                          104b4414aa76951af34776252d1c43d8087358cb

                          SHA256

                          d7c1c5ffa77995b19a34b6d7a2ab42f170fad080879644c9e52002963871eb51

                          SHA512

                          c06d6c17e21cec139c386a2b8d192e3f7a8ea430de9cec38e44c3bb66706e9871dfac034b0429a39eaa5c15b477eed634a0d29839f89a145344cabe35f459ed1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\16tg48g1.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          3fea2eec9b35b45e0db4cff8f1df392f

                          SHA1

                          70d780d51f7788a5a7bc4bab43836b5adf1cedf8

                          SHA256

                          24d4b7f5614316cd2171e168970daa5a650c4dcaea14af7a92513df74644959f

                          SHA512

                          6cb1ce039280a090e7135ba3ebca078a6f1fbce8230d4fcb6a28d5fd64bbf01531ed63f2af0dcd9cf2f596e982f5cc8dc5df00bebe379e21b3ba6286da3522a9

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\16tg48g1.default-release\prefs.js
                          Filesize

                          7KB

                          MD5

                          ebc5b57d8e033a54b1032f5833488fb5

                          SHA1

                          ea733bf72c3fa4389a05b187ecccb7ffac00ad03

                          SHA256

                          0e2933f4f0d7939397b231d05407b1a93d0c79ac8e08c173024ff483d22935a1

                          SHA512

                          3ce00ab6954fd8e1bffe8fe9f8f36ec9ebd29587b6c399963655911601ceb5532e0990aa0c9b5da9a44ca3ca2a8a9e3c931a264d5d606a2ee3f20f46f007d2ce

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\16tg48g1.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          867473276b41fc4c5dd1cfecd1e547a1

                          SHA1

                          412e515500d9e86858afc41254e229c7aba569dc

                          SHA256

                          4b7b2d5aaac996b943d287ad746954630932f601bf72e4cad8f14e6f9cb43352

                          SHA512

                          70a36db5f08fe22c47ec39f1fd8a8db7c0d4bb06f4ffb5794b4fd50efb5a0bc90ef11280f4f05dcdb2b78204ce1fc92946abf7206f426129f265ed60715ffa41

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\16tg48g1.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          2a58aef3c093fa6cdf7844498d3a3148

                          SHA1

                          c90273917c4028af3baac693bf691be8ebea3211

                          SHA256

                          4d2dd10fe048669bf604e6760f5075269239309439e7ad5ea757c00207282dad

                          SHA512

                          580f8c40abf3a7c5cd374ccd86f4f93cf3b8d48945db1df11fbc43a47113bbbad4c68c7c6251e7d9c86710256f8ae5cb809c367898044077ab4f306670874264

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\16tg48g1.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          4KB

                          MD5

                          61af289df8065e159ac858a6d88ffaa2

                          SHA1

                          20ea7e3c93e843d248226480f29d6e8a5394868d

                          SHA256

                          6f653e9c625c4eb7fe9dc1ae45595c92451e3a295eac931425d0e20e726e378a

                          SHA512

                          d17f5616d43afb8b354acf4554fd9beb0dcb560c87246bd01dc193d096cf28cba76b45b3458e502803d7901385ca573dd3ad24f3086894ba78a66bee32bb4a83

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\16tg48g1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                          Filesize

                          192KB

                          MD5

                          a9444154f5b787fb646d387f5f00e53d

                          SHA1

                          84fbedacd9e4d1e234e1fb29898eb9ea8a2de8b9

                          SHA256

                          f6d01814d0bf4ac3f08876d1e93519c97d06c224dbe2d9af1eef80f25cfe4a5c

                          SHA512

                          9a83a1a0747a9b5c1a39e10e80d4c9ec3e6b8b562dd81c0d1f62ece820331b059faf2738652512f2d777d24009728aa6ebb42b293105dddf3e4bb0ddb78a42d4

                          Download Submit