Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://innovoteam.o...

windows10-2004-x64

1

Analysis

  • max time kernel
    51s
  • max time network
    50s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-08-2023 08:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://innovoteam.online/

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://innovoteam.online/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1020
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://innovoteam.online/
      2⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1696
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.0.196568800\1217518019" -parentBuildID 20221007134813 -prefsHandle 1636 -prefMapHandle 1892 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e6785bd-6c44-484f-9e77-e634035a4ba9} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 1980 20fffe05e58 gpu
        3⤵
          PID:3332
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.1.653743598\1723818651" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3611d11a-72a7-4f61-b8bd-f6a50ea83b8b} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 2404 20ffeafbd58 socket
          3⤵
            PID:3708
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.2.322625974\1309539747" -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 2944 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37f52582-08cc-4fe0-832c-d27792bfddd8} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 2948 20ffed59058 tab
            3⤵
              PID:2264
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.3.1062111633\220919601" -childID 2 -isForBrowser -prefsHandle 3684 -prefMapHandle 3680 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6a2eee1-4db3-4104-a9f5-b043e794c907} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 3692 20fef668458 tab
              3⤵
                PID:4888
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.4.725570933\1573114993" -childID 3 -isForBrowser -prefsHandle 4696 -prefMapHandle 4692 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30e77f8d-1f26-40bf-855d-4f6755e5d574} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 4708 20f898d5d58 tab
                3⤵
                  PID:2368
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.7.402017326\1709894872" -childID 6 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af6aeb90-51c5-4c3d-983f-0c2eb4fe667d} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 5388 20f8a3cb358 tab
                  3⤵
                    PID:2476
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.6.285537106\441303158" -childID 5 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab5e8b75-9460-47c9-b8dc-b99d9216b11f} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 5196 20f8a3ca758 tab
                    3⤵
                      PID:1704
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.5.69788105\65935776" -childID 4 -isForBrowser -prefsHandle 5048 -prefMapHandle 5044 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82d08aa1-5e8c-4fd4-a570-d1a3f5e824aa} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 5060 20f89de3f58 tab
                      3⤵
                        PID:3120
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.8.635056162\447558752" -childID 7 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73e21235-7725-47ae-adee-2844605df304} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 3032 20f8a93fb58 tab
                        3⤵
                          PID:4880
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.9.1530257755\638088529" -childID 8 -isForBrowser -prefsHandle 5764 -prefMapHandle 5768 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {455b1fe9-c26a-48b1-b22c-fcaee8cb4447} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 5756 20f8a44d958 tab
                          3⤵
                            PID:1964
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.10.831050936\1628814589" -childID 9 -isForBrowser -prefsHandle 5416 -prefMapHandle 5668 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfa1e7e3-153d-43d6-a8b8-cc35b8004be1} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 5672 20f883d4258 tab
                            3⤵
                              PID:3712
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.11.194058262\1837768360" -childID 10 -isForBrowser -prefsHandle 5112 -prefMapHandle 5100 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d54fcd1-7c62-4850-a591-a93ba943a5d3} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 5140 20f898d6958 tab
                              3⤵
                                PID:4764
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.12.419003112\1348575140" -childID 11 -isForBrowser -prefsHandle 5696 -prefMapHandle 5240 -prefsLen 27017 -prefMapSize 232675 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36f724e4-45c3-4e72-a439-f12644f4d1e0} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 5208 20f89c18858 tab
                                3⤵
                                  PID:4720
                            • C:\Windows\system32\AUDIODG.EXE
                              C:\Windows\system32\AUDIODG.EXE 0x4e8 0x2f4
                              1⤵
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4352

                            Network

                            MITRE ATT&CK Matrix

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\activity-stream.discovery_stream.json.tmp
                              Filesize

                              147KB

                              MD5

                              cbe0514920bb47505e8e9affef950357

                              SHA1

                              17191bb6d523bc4b54ac4426eca7b278f1e9aef7

                              SHA256

                              287c822f6dc0d35cbb7f912394e4f5c0eeecf0fd3b002607318a141953cbfe85

                              SHA512

                              bbf5a57908300ac7741c76aa0ac0e9e3afc1418d974e65ee02780724e4bc8e5b65f22077269948ead7ca9b2fe56c0237f7c46232aa961e34bf84f18471caacae

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\cache2\doomed\31
                              Filesize

                              10KB

                              MD5

                              6b118ebb343218951dd14ce76a2971a0

                              SHA1

                              886ea452fa2898cb1e7c2a58d4bbb275bc034b25

                              SHA256

                              bd175956df6aac6dd7553d8b05fa38734cebded8e6bc31e8d822b6334a6f8de7

                              SHA512

                              35ea770266323fb680051caf7e6535a2163925a4a66e54e1c9fe10ca52cb1745441c5d282a42b1639f3476f85b27b4ffd6a7912366baeeb85c1de310913d0994

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\prefs-1.js
                              Filesize

                              7KB

                              MD5

                              6b087909de637b5d9a2a0f2186a2eef9

                              SHA1

                              007aa1f993249d10376497036ded189870365077

                              SHA256

                              a7ed9b2100d914e590fbe0882fef9a9c6362c66b96b482a2f03505d21210ee0d

                              SHA512

                              4d16c17e282062fc86105ac8961d3d2a36a937f99801e7001bfdaa7c0560c8c797c2942e90750b670e7512b64c914b451797ac6e8309a7382301950355c47b05

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              0604d88e1eb35ddd4103b353e41635e0

                              SHA1

                              0afabfe8b78b52799a7383ddc0cf62c3764d253f

                              SHA256

                              31b48273a0ffda24768b177d89b1bbc30c794ebb8304753d8a9911ee9cee7a70

                              SHA512

                              9b0f3175f57ba392cf5b6b36a2f58eb6e9c24a52276780fa523286b58faba715b50b8e1c8771e23b3daa930614f2f6f6ea771df0f9d9dca31aca25c1b4e0d5d3

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              2KB

                              MD5

                              5ff98a5f651114fcd1065399d80f8275

                              SHA1

                              67cde6cb830939d9b93ab8ca747469688c6021ee

                              SHA256

                              f678cead74b1652e9bb12d4bdd86f6cc73313489d79bc39e77de3ce4a29d6d96

                              SHA512

                              8aef44b9e4e5399af095d44fcbc5f2b6c6e3d1ded721c3063129b9b585642fd24ba3855d9bfbb33045e2608ae24c4e9be8421b3b2517ea835ecdff61030552c9

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              1KB

                              MD5

                              8af848942c2c2d73ef831847de24e5ea

                              SHA1

                              7c34395fe530ad2e1b8762b67e87e764d3814fef

                              SHA256

                              a5de73c4151895bf359f36d377507d30e648c6a6543e0a1782ed0f17f249cedb

                              SHA512

                              6ad31708c477ae9b77769065b37728ac5bb024815eb7253d83ebfe2e3754ea9ed843314c033f19a8c5cb1afc293be1b71bac4e22d56bfc527dbea155efb1f3d7

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              3KB

                              MD5

                              f7c51c6cddccc7df0376b24df16c9142

                              SHA1

                              abee3c346fe84064c875542ac77a747416f1846e

                              SHA256

                              67b3b3b8671200ea3d6c0f48393964a26388d5a27db0872946574ffe3bdb2542

                              SHA512

                              5707e080a0f4cb435da3d2fb0b6a0f3e230cfdd4d27d91f2fec0df922cb84c62a9c7cb56eeb0b090a9d7f3d27e1cf6e8af6ca18b26a8dfcb4f6e2e8879a2d3de

                              Download Submit