Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://7ox038l4v25....

windows10-1703-x64

1

Analysis

  • max time kernel
    18s
  • max time network
    19s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16-08-2023 14:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://7ox038l4v25.typeform.com/to/IXZQqFfB

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://7ox038l4v25.typeform.com/to/IXZQqFfB"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1016
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://7ox038l4v25.typeform.com/to/IXZQqFfB
      2⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2868
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.0.2105804905\379409816" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20858 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1aef095c-8b69-4f98-9050-8ba761b93fbd} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 1780 1bc37fcc158 gpu
        3⤵
          PID:4504
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.1.2722430\987855254" -parentBuildID 20221007134813 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 21719 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5641335-7602-48e1-93f7-b9d8c86a468b} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 2156 1bc25a72b58 socket
          3⤵
            PID:4332
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.2.518611891\525723690" -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 21757 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fd17efd-8a1e-42f6-a9be-dc576a2897cf} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 2684 1bc3bcdb858 tab
            3⤵
              PID:4900
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.3.1694481913\1775334753" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 26402 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eae61285-7bec-486a-a1d3-e92092084e95} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 3532 1bc25a62858 tab
              3⤵
                PID:4688
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.5.1092826704\618808159" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 4768 -prefsLen 26461 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d70a773b-4f17-4126-a9c7-424a5c2bbe2f} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 4912 1bc3f1a5e58 tab
                3⤵
                  PID:212
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.4.1665504607\1296996523" -childID 3 -isForBrowser -prefsHandle 4720 -prefMapHandle 4732 -prefsLen 26461 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a668971-277c-4558-9d76-b27104661489} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 4752 1bc3f1a5258 tab
                  3⤵
                    PID:196
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.6.1841422549\2042405975" -childID 5 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 26461 -prefMapSize 232645 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f268735e-40cd-497e-899f-4f1746083f5c} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 5076 1bc3f1a8558 tab
                    3⤵
                      PID:2396

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bbvefu0b.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  77b7d89f521d9999ea47e6ade3b1beab

                  SHA1

                  cebe45c43c000c5b76e3fadce4a69cddcc8724f2

                  SHA256

                  08a0d54f3cad01787ebdda62b9bb849c0847d1548c9e6fb399cbdf8eac05ad31

                  SHA512

                  0a0bcb622f715a7fd532210b73d3eea01ce4df5d063adbaaca704a9ec3eb29a2da129f5c43f60ecd0a73f402f01d8c482c6cf2dff0993ec98aeac68c712fd2b8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bbvefu0b.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  b38fbc757197a083ef7a02036e32803e

                  SHA1

                  28ed6cc3a38a1eb10c1837dff49ff27205294208

                  SHA256

                  a3c2ce095a7bf8f5574fab0960e56efa35e9cdc39b9a59f0481c85d944133df2

                  SHA512

                  769f0da040276dd0d69d65141dac49f4932b4b889699e98e07e37e94c326641c26be977646b87e2b8e94f2bd4eae6e83844a00098ec4c1844a7f320a8d0c4dce

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bbvefu0b.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  2KB

                  MD5

                  cb0e1f0dab82ec2457f3626ced6458e4

                  SHA1

                  33019d601de033cb164e290eeb5984ce95191fd0

                  SHA256

                  d00f8556b5127ad6ab47fd34b66c464427d412b912d7df4e9f342f06952ab75b

                  SHA512

                  b47f6cbab94bf757d9196cf22a5a07b3b41eea70f47a3a8832a115536da22755545648c4c516e7df25e1754b89f7a28b8349f654826c2a2bb617ca56f46ef796

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bbvefu0b.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  192KB

                  MD5

                  0c26a7e4dfbf6567d04c1d6f30a07d78

                  SHA1

                  1b9c5d074d7abdbcdade4f4eda5b30968f84aec7

                  SHA256

                  39c56e5ff47042e68433b685ad049d2a4b656ef444ecefd5ff83bcf6fc3ea2e9

                  SHA512

                  8e769b35e4d57b464922d416cac59f5ca87bd70f7af75e22dc533a82dc381c325209d63a4729fcb786a5c85b8b7d0697314a2bffd1e9a008c8ff7b165e2d7577

                  Download Submit