Overview

overview

10

Static

static

8

URLScan

urlscan

1

http://154.197.48.40...

windows10-2004-x64

10

Analysis

  • max time kernel
    87s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/08/2023, 18:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

Score
10/10
phishing

Malware Config

Signatures

  • Detected phishing page
    phishing
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://154.197.48.40/[email protected]&url=http://pall.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://154.197.48.40/[email protected]&url=http://pall.com
      2⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4272
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4272.0.1541738210\1672290545" -parentBuildID 20221007134813 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bddc026-42fe-4aa5-bf66-e456655c6e40} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" 1992 1cb423d7258 gpu
        3⤵
          PID:2188
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4272.1.424072390\878025697" -parentBuildID 20221007134813 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e82d2fa-6701-4468-b3d8-881dfdfe8b19} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" 2180 1cb41b3fe58 socket
          3⤵
            PID:3100
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4272.2.1378969856\1809092452" -childID 1 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 21792 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95c3a3a6-9e92-4cc4-887a-e0d1a7dfa484} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" 3440 1cb461e3358 tab
            3⤵
              PID:1484
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4272.3.900907184\1305649181" -childID 2 -isForBrowser -prefsHandle 3020 -prefMapHandle 3036 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c83127b-8f97-43f7-afcd-cd75342d536d} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" 3008 1cb2e468158 tab
              3⤵
                PID:2888
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4272.6.1903153679\422372685" -childID 5 -isForBrowser -prefsHandle 5312 -prefMapHandle 5184 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44f6249d-3511-4391-a886-225df6747f86} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" 5388 1cb4a50db58 tab
                3⤵
                  PID:2572
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4272.5.445870962\876851543" -childID 4 -isForBrowser -prefsHandle 5092 -prefMapHandle 5096 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10e426c0-d8a9-4001-a76a-45a4f53ab7b4} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" 4980 1cb4a50d858 tab
                  3⤵
                    PID:1164
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4272.4.1040617653\1067976671" -childID 3 -isForBrowser -prefsHandle 4944 -prefMapHandle 4940 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b09e6da-86cc-43c5-9c35-ef1712b17a2c} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" 4960 1cb463dd958 tab
                    3⤵
                      PID:1288
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4272.7.1686171071\1540385585" -childID 6 -isForBrowser -prefsHandle 4408 -prefMapHandle 4264 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54c31b1c-9e8a-46ac-a534-bd9d9f5900c2} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" 1656 1cb2e465c58 tab
                      3⤵
                        PID:2300
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4272.8.953280228\1402783605" -childID 7 -isForBrowser -prefsHandle 2908 -prefMapHandle 4724 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3429d1f-4a23-4ade-9021-e33a85ab2484} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" 3140 1cb4bf90358 tab
                        3⤵
                          PID:4788
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4272.9.1018780246\632717763" -childID 8 -isForBrowser -prefsHandle 6344 -prefMapHandle 6340 -prefsLen 27232 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d526135f-d006-4160-9f23-14bafbc8046d} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" 6352 1cb4c9a6b58 tab
                          3⤵
                            PID:3424
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4272.10.1544519365\95869512" -parentBuildID 20221007134813 -prefsHandle 6572 -prefMapHandle 6344 -prefsLen 27232 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59bfef41-185f-4c8f-b906-7e008407d18f} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" 6508 1cb4cacb858 rdd
                            3⤵
                              PID:632
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4272.12.880121829\1958834834" -childID 10 -isForBrowser -prefsHandle 10412 -prefMapHandle 10408 -prefsLen 27232 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a4386ed-e17f-49d0-8f18-b57b8e6919a0} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" 10420 1cb4cda0258 tab
                              3⤵
                                PID:5252
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4272.11.309174361\721553487" -childID 9 -isForBrowser -prefsHandle 6572 -prefMapHandle 10560 -prefsLen 27232 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1077e168-4f75-4e96-84fc-99cc845a6afd} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" 10556 1cb4cd9db58 tab
                                3⤵
                                  PID:5244
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4272.13.1623226323\1141893369" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 10360 -prefMapHandle 10344 -prefsLen 27232 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39ab1abd-52b7-4a54-ae2d-262bebc32536} 4272 "\\.\pipe\gecko-crash-server-pipe.4272" 10368 1cb4d10bf58 utility
                                  3⤵
                                    PID:5636

                              Network

                                    MITRE ATT&CK Matrix

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\activity-stream.discovery_stream.json.tmp
                                      Filesize

                                      151KB

                                      MD5

                                      15ccc9e7353ff57aa56d877623ecbf87

                                      SHA1

                                      f2aa7a0b9d1e57ca59371ed03fa045ec460a20b9

                                      SHA256

                                      bced4e3067eec4d30a9c7a563e4eadeae07fc12aa26c5b7d01a7c6ee319f24ad

                                      SHA512

                                      37243d33d404f9cec85678b07aa92ea582524239a9e1bbc03d0572c6cc1791293021886817cdba75e3f26925d85f452a30960f0be3ff01d6a332ebf269b756c5

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\cache2\doomed\6645
                                      Filesize

                                      39KB

                                      MD5

                                      2628288eb9e05884ae398b26e0cd2ea3

                                      SHA1

                                      b997c42d057e4f36b6d8d6151a358a15313b79f4

                                      SHA256

                                      939d3bcb631abb75b8ad0d08d5c8b0684163e3d239a8ba3182047e3799077c74

                                      SHA512

                                      8ead32ed63bae2fe708ac8e100ad32511d27b721a37f88a3f603adf3920f0d10c54b5b9909c24d855c0ade27eb0f42200e5e25aea39b266c9a8cf6df701372a3

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\cache2\entries\3C4E35460D5689461CD83278B7B0ACC7DCDC491F
                                      Filesize

                                      7KB

                                      MD5

                                      60f7d9756f70991b78d81b073a74bc81

                                      SHA1

                                      b417ff9fd5a3af1e5450cf78700fb20af3203bd7

                                      SHA256

                                      b5e61d998aee46dbff3dd746a4633999a71a16844c9be19c3ec15af64a0d1cfa

                                      SHA512

                                      c961b743d4ca713fc60e629a85147e89d0722f6bfb6568c1b3ea29766e07d87a733d3f392868692ee0b456aa6794d90f4ab8221e40a8c0f831666b0b9c6e4db6

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\cache2\entries\C3153B57948486198947E29C96DE7638702C3AC2
                                      Filesize

                                      22KB

                                      MD5

                                      d9e1d21fea048cb2e5c270b958d63d28

                                      SHA1

                                      59babecafc942c0c66413ff5563e4c7ac72fe19f

                                      SHA256

                                      1db50b6661ed1e48f77409a4458bee41e71407a72504d6c93987669a0abbd728

                                      SHA512

                                      ba8fdfa7a90f1184e04661d3618e914eb62e1f9cb9d34dc6f935f65afeb362795ed1a1fb4b4dad1d07f82125ed9c7bac3061663188f080fda7209bef46e80407

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\prefs-1.js
                                      Filesize

                                      6KB

                                      MD5

                                      b003a2926e352471c7c7e7c965c0fede

                                      SHA1

                                      3536310a119e9494fe813262ae27cb28384f287e

                                      SHA256

                                      bb33f03caff93723bd742c776577c9b5d954c87c1d7446a268b575366379e4e6

                                      SHA512

                                      a0a984d3913dc5bd91c16fea25fd1d1f9dc6323494ef4c2d1c5f341a1e97d8e4e1778ffdb13d89b94c7decc5c8fb7e73948148af2afe5bd4155191201d16250f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\prefs-1.js
                                      Filesize

                                      7KB

                                      MD5

                                      cfa1701c564864ec89dfc279bbd8d466

                                      SHA1

                                      f93c03317b8ab9fa5bb1ecb016ab9341d06eea6f

                                      SHA256

                                      df0cfbeef7550aafb0505780737f27ee097fc896ef847db2bedb824bdcd35c0c

                                      SHA512

                                      5c73fbffc1d3aa9ce9595495d68dc44a07d0c198f245fc411149be4db99528fc695f5461cecebb6bab57ad6e63f1845daae99eb0a3984143f39d2f130f581358

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4
                                      Filesize

                                      2KB

                                      MD5

                                      e4d02cd9b98a85d41909a5b66c047887

                                      SHA1

                                      8107616a87e3fe44ff7e2cf5e14d0a725d3815f0

                                      SHA256

                                      87912331112b1dc0ca61ff2ff2ac7a1b325c8bfa13a48802d41851a734c830aa

                                      SHA512

                                      960c389a352e8986e2df8a6b0220974e203470ddb3edbd11fde3f8c1f9997010c72216096b73cff20fd5166749bce88ac8b959317827a24e78343daa126c2622

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4
                                      Filesize

                                      13KB

                                      MD5

                                      99c7c06f4723e7e1198cfe2ab0a682a9

                                      SHA1

                                      62affd79ac9a7fdba88acd5859d4de98d62c454d

                                      SHA256

                                      6725fc407f4f484c0cf0f29fa73932090d86b163932e3565d45698273ee32cf1

                                      SHA512

                                      0d63decdf53205aa61463f91140984abe6931928da8c714a19b883c788b7d78a51f9ee5cf4a5ce995be305e4a4acadc0ee36c00ff7c5994582047155775f6294

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4
                                      Filesize

                                      1KB

                                      MD5

                                      94dd2007d7697eaa053f182a93965015

                                      SHA1

                                      c0a73ad823ca33387277fa6d8f8f5bca6147bcf7

                                      SHA256

                                      640a3d93b89d2e1e71b6bdbf3fd61b4a2c1a7258347aa6bad4ef05285facad42

                                      SHA512

                                      0c7dd9c4fe016e0031d8683f76c2e18ede0d2ef8ba0781f5084150b1587f7a9e86bd02f3a890c580c2e1874847ff43c149aadcd43513ea3b1c24d5b532caec3f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4
                                      Filesize

                                      12KB

                                      MD5

                                      59e3df7fc6c17f5640293fb300b6a582

                                      SHA1

                                      e2b2f56222ca3d5da11311a9c4622b1e09e850a2

                                      SHA256

                                      ed2ffa2336e5a6ead16fb06359facdf1494c65c3ec8e31e467028dcff3ee7e40

                                      SHA512

                                      420e769ccc63f616547ee7dbdfa09d10c75ae4fdfb67df9fc58430d5e9e7007c88955704943d4806cc4989313016ff9bea7718ab888222728fb986094ce330f3

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4
                                      Filesize

                                      39KB

                                      MD5

                                      5d3da17f9a59d1c1e95330aab276bd01

                                      SHA1

                                      b05dd34101909189146b36b81ad3240d6a308d75

                                      SHA256

                                      0cf54e2262e001365e91be1f218beb828d43e1f643d729c80fc539ecc402803f

                                      SHA512

                                      c5a11a2fef5903a741ebeaeb5796f4437e74e25e02c708a5667f5218cb08da9e6a3d2fb12f705ce95c7aaf77e7ed79229089beae447fb586a6d290327536ed9b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cpall.com%29\idb\3723906452LCo7g%sCD7a%tba4b9aes.sqlite
                                      Filesize

                                      48KB

                                      MD5

                                      a51fa998436c17017cbd3520a9e02a3d

                                      SHA1

                                      0f073dc82dbc8067d20738ca19c3078f5f512a0b

                                      SHA256

                                      e98d7120d7808e6b85b40fc84c08634c33714983e3ad6b503209e6d28a5a1db9

                                      SHA512

                                      2d376766661f12832c127d7f2802ce5187c31686603dc00f94eefcb542ef572e7883530253f46635c8d2da165b037cc16e65d43dbb4691e5fdb7f14aeb9880e9

                                      Download Submit