Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://simplivity.p...

windows10-2004-x64

1

https://simplivity.p...

macos-10.15-amd64

1

Analysis

  • max time kernel
    67s
  • max time network
    73s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2023, 16:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://simplivity.page.link/gBMb

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://simplivity.page.link/gBMb"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4564
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://simplivity.page.link/gBMb
      2⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4416
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4416.0.956429916\556508798" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1904 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83999d4c-a70c-40bd-920f-5f22789f51f5} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" 2008 26a695db258 gpu
        3⤵
          PID:1100
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4416.1.1455198835\803748333" -parentBuildID 20221007134813 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35ced2dc-5be8-4342-a2c4-61ef29f14555} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" 2432 26a5ca6fe58 socket
          3⤵
            PID:1764
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4416.2.1332015721\1282719292" -childID 1 -isForBrowser -prefsHandle 3132 -prefMapHandle 3128 -prefsLen 21792 -prefMapSize 232675 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e5e8481-a9ae-4e41-b3e0-1ef72081402d} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" 3004 26a6956d958 tab
            3⤵
              PID:4512
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4416.3.1053946491\1462962146" -childID 2 -isForBrowser -prefsHandle 3852 -prefMapHandle 3848 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {161614b1-2c5b-47e9-920d-3cafb0423c4f} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" 3864 26a6e304458 tab
              3⤵
                PID:1832
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4416.4.479587304\1520793716" -childID 3 -isForBrowser -prefsHandle 4844 -prefMapHandle 4836 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0b18832-c2be-40ae-9b85-52d559b75afd} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" 4832 26a6bee9f58 tab
                3⤵
                  PID:2248
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4416.5.1508308620\884871505" -childID 4 -isForBrowser -prefsHandle 3248 -prefMapHandle 3252 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de579ff7-2bab-4bad-84a1-52049de9daae} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" 3260 26a6ec04158 tab
                  3⤵
                    PID:3360
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4416.7.2127115845\1010301615" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d4787b6-817a-4126-98f2-02f8ecf1d60e} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" 5364 26a70454358 tab
                    3⤵
                      PID:2020
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4416.6.317052111\183559143" -childID 5 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c20c027d-e22a-40eb-bf67-cc86f4e1a871} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" 5180 26a70453d58 tab
                      3⤵
                        PID:848
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4416.8.1970766322\471528719" -childID 7 -isForBrowser -prefsHandle 4996 -prefMapHandle 4992 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af935efb-ae6d-4e1d-8fe2-b1419c2ebd1b} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" 4988 26a6f95be58 tab
                        3⤵
                          PID:2420

                    Network

                    MITRE ATT&CK Matrix

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      22KB

                      MD5

                      e12d86980473fb6a53af7e6e6133e52e

                      SHA1

                      fa5aa431382f7e0d51e4f6c69b90c6329defbdca

                      SHA256

                      8e3624191aca4202ca985c9f68603b0fd015850ea5956ea7ed37ccb00006b935

                      SHA512

                      097485d23deb2a8b995547c1d4691d56f3d479e622f63b3fe6630cb1a70ee22527ba4fcfaa87700d4e2d60f839f61d11e53ab7fe86196469b49dfae1d20d40f0

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\cache2\entries\70DBE5F90BD35EEC6D4A07D16DB46EC38E379124
                      Filesize

                      13KB

                      MD5

                      53d3b0a13d199a8553860273e007943a

                      SHA1

                      037a9ce3c9c1308a3ddd2c94f31abb9883cbdeb1

                      SHA256

                      f9cda9947bf423d1fc89d9cc2775193e9807d5797eafc35607c791b7b9187f86

                      SHA512

                      006ee16d348579ffb7248f111ae928bb1200ed366312d39bc275252f3df578da34dd9dbc271c6f98f8849a248dd1aba7280217ce5a48ed55775b0e257c800ca0

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\cache2\entries\FCC030F57940296B4C989D2C74BA07DCC70A995E
                      Filesize

                      13KB

                      MD5

                      7e5af0a5164d0de899065aacd1298055

                      SHA1

                      b30b027857d96bf8b7b01f9793811661d7c0ed87

                      SHA256

                      a69ee89d361dedd1f4de3f39ac0aa5021923849c52e24b8573477b37af1c0e73

                      SHA512

                      0ee450dd904555884f8bdababb8e210a394dc1833ad9583bf8b416151ddcfa889ad8510524908d8f6e15598543cd55ea2091dda2bf835418bd1d79b8887c92b7

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                      Filesize

                      442KB

                      MD5

                      85430baed3398695717b0263807cf97c

                      SHA1

                      fffbee923cea216f50fce5d54219a188a5100f41

                      SHA256

                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                      SHA512

                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                      Filesize

                      8.0MB

                      MD5

                      a01c5ecd6108350ae23d2cddf0e77c17

                      SHA1

                      c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                      SHA256

                      345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                      SHA512

                      b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                      Filesize

                      997KB

                      MD5

                      fe3355639648c417e8307c6d051e3e37

                      SHA1

                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                      SHA256

                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                      SHA512

                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                      Filesize

                      116B

                      MD5

                      3d33cdc0b3d281e67dd52e14435dd04f

                      SHA1

                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                      SHA256

                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                      SHA512

                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                      Filesize

                      479B

                      MD5

                      49ddb419d96dceb9069018535fb2e2fc

                      SHA1

                      62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                      SHA256

                      2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                      SHA512

                      48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                      Filesize

                      372B

                      MD5

                      8be33af717bb1b67fbd61c3f4b807e9e

                      SHA1

                      7cf17656d174d951957ff36810e874a134dd49e0

                      SHA256

                      e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                      SHA512

                      6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                      Filesize

                      11.8MB

                      MD5

                      33bf7b0439480effb9fb212efce87b13

                      SHA1

                      cee50f2745edc6dc291887b6075ca64d716f495a

                      SHA256

                      8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                      SHA512

                      d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                      Filesize

                      1KB

                      MD5

                      688bed3676d2104e7f17ae1cd2c59404

                      SHA1

                      952b2cdf783ac72fcb98338723e9afd38d47ad8e

                      SHA256

                      33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                      SHA512

                      7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                      Filesize

                      1KB

                      MD5

                      937326fead5fd401f6cca9118bd9ade9

                      SHA1

                      4526a57d4ae14ed29b37632c72aef3c408189d91

                      SHA256

                      68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                      SHA512

                      b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\prefs-1.js
                      Filesize

                      8KB

                      MD5

                      47a77edfd4a76f8917c3340aea2ed037

                      SHA1

                      50d5e9dccfee2edf9a6b9aba703aa62e0e0e214f

                      SHA256

                      bbe5dff2ba992a142cd723cb550cf2b20818e4783c53d73c3c33015401840a0d

                      SHA512

                      d46e8f113cef002cd880776b1c682c91417c0f47a4f0c0c63f98bedbc7c6a376110e635fccb402fa6c9e26a79ce29c8646c9df040fe114ff58c52ac55b53901d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      1b981ed9450652acdc2fbad083985a10

                      SHA1

                      b498de21de9a1dc4201b799d752bb785318e8005

                      SHA256

                      edd0aef2445e41ce172d1026901fe207f348234f71e6055b7814d07b4db20abb

                      SHA512

                      80c2c60bf91a307cef455c2fa06885a6fbecd3fc64633e9212985124142a446ba7282d19c2e7e71720b69239991b2b003d5edc0f605165206156ace94aae863a

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      d5a9f3ff9bfd48dbb4a9f9cb7d2b5da7

                      SHA1

                      5bbbbbda611e3fdc5e8f7e5718a746b54f7599ca

                      SHA256

                      82c99f4ad58ff5c3606ad8a8231e868b7c7ef190a94ffc54e445db93e630aeed

                      SHA512

                      8e8e86290e6893fb8c7aefc728741330ffcec35a5785b5525d05dd2d1ee827ff959010691cc607619ebfaecb1ea3e137a1524627237a9ce991f4c76f2ae1166b

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      1e35c0880c8ed0c1a28548afe74d6b66

                      SHA1

                      95adbac32b7435d7683141dda97afd0a8dc52cc9

                      SHA256

                      dae1438b936800cfa42114bf012721b8c1b34fb8267b037acea9245ceb64fe2f

                      SHA512

                      a116dd830f02bd48e7493c8f9794eabd7f9f98686bbd4f66ea1fa1f458ae1ef8d0a75b0139a58902e09c31ae1c473a9d67ce603a32320b0e0e76214acb32da93

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      2KB

                      MD5

                      17ee2da982c12666c916158780de7534

                      SHA1

                      51fd8962e63728fd844cf22b38184d0f16cdd6b3

                      SHA256

                      b90655777d26db99cef340e914de4f48749ba01203f4b2869f53bc15d7e94e5b

                      SHA512

                      eaf29796d1c4e9f56c12c9e8330ee0177f70c7a08ae9279fb28eb5be1ef700d367cbc13e2aa47c8017896e6b089d59de8f480ed5633200a117a9d938da384b4d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rzyhfx4n.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                      Filesize

                      192KB

                      MD5

                      1760269e247a563a7d107743e65b44cb

                      SHA1

                      8252c27de30459f318d111e2ecd36bafe3bb7a72

                      SHA256

                      1ce38d586e73063d3904cc7706c9470f4efb96d7a1ec786adf91268c5ee1de40

                      SHA512

                      d3e4a9c97e0c03b465e0e4765d423271d8ec702c1c5fa9a0762aa3aef7f119033daca4c5a8915edf8913dedb0ac3ef20440f27cd336857f1057ef924ae81227f

                      Download Submit