Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://amatok.com

windows10-2004-x64

1

Analysis

  • max time kernel
    61s
  • max time network
    61s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/09/2023, 22:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://amatok.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://amatok.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://amatok.com
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5024
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5024.0.2058287828\2090020387" -parentBuildID 20221007134813 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c240a4c-58d0-4eb4-91c9-39a0171d4c8f} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" 1992 145536d1458 gpu
        3⤵
          PID:1308
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5024.1.537662122\1064506218" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf56a635-ecd6-4718-946a-c3ab17fbbc27} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" 2416 145533f3558 socket
          3⤵
            PID:4500
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5024.2.657208970\367609067" -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 3116 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27c95f0e-98ab-4912-81db-c6ed4bbe025c} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" 3108 14553663d58 tab
            3⤵
              PID:1276
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5024.3.165551776\625948251" -childID 2 -isForBrowser -prefsHandle 3884 -prefMapHandle 3880 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1825369-45be-49cf-88d6-d123a717c46a} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" 3896 145587f2858 tab
              3⤵
                PID:4220
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5024.4.1449434878\812599277" -childID 3 -isForBrowser -prefsHandle 4808 -prefMapHandle 4784 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15e18221-275e-4ebe-afa9-4696a990c9b0} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" 4528 14559984858 tab
                3⤵
                  PID:2088
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5024.5.1002440162\1868856872" -childID 4 -isForBrowser -prefsHandle 5032 -prefMapHandle 5040 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a60bcbe2-3a93-4c97-9565-58ae44844425} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" 5080 14546c6bb58 tab
                  3⤵
                    PID:2004
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5024.7.686553650\771354773" -childID 6 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24692984-4263-4fc3-b586-762f6129e210} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" 5352 14559bf2858 tab
                    3⤵
                      PID:1892
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5024.6.860403014\1637641622" -childID 5 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {400c7cd8-9efa-40de-9834-3852fc38eefe} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" 4848 14559982158 tab
                      3⤵
                        PID:1792
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5024.8.1397615930\645272326" -childID 7 -isForBrowser -prefsHandle 5924 -prefMapHandle 5932 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {856b5335-8a89-46c5-9796-d822cf7cb850} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" 5900 14557029758 tab
                        3⤵
                          PID:4044

                    Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\activity-stream.discovery_stream.json.tmp
                            Filesize

                            22KB

                            MD5

                            346d951d645c89026cba548ea82578eb

                            SHA1

                            b054cf3f6463df7375f4bd7fb1cbfdd4432b9129

                            SHA256

                            2f2d7a11401eccda263d3acc4b7d9e6b707086ccae6f761f5e0bc1445f77573c

                            SHA512

                            975a68ff989ae27b26c6228bf8816b58ff4df7bc5cfcff6078cb3ff083609955f1ce669bf1638f5aa8b787a85174a5ba03c3e0a31120d962c98660081ad63ff1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\entries\58A756A796A86993036E1F0F79183245EE2ABF58
                            Filesize

                            13KB

                            MD5

                            8e3e79ef1794381d628e3eb426502c32

                            SHA1

                            334465d505274ae1ca9fca2cc9c29ec0608260a2

                            SHA256

                            08ae0862b48280666a720e59d5966a0c69070f99a7519577b866e45e7ecc86bb

                            SHA512

                            7e7a9e61c1522cb834dbce7596d7cdd8d27f76541e5d9950df4eb8e9f2605d7bbfd2242f9e8d38a8f79a15842a73704ad15a4002d404edbbc021c1f279adc3d0

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                            Filesize

                            442KB

                            MD5

                            85430baed3398695717b0263807cf97c

                            SHA1

                            fffbee923cea216f50fce5d54219a188a5100f41

                            SHA256

                            a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                            SHA512

                            06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                            Filesize

                            8.0MB

                            MD5

                            a01c5ecd6108350ae23d2cddf0e77c17

                            SHA1

                            c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                            SHA256

                            345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                            SHA512

                            b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                            Filesize

                            997KB

                            MD5

                            fe3355639648c417e8307c6d051e3e37

                            SHA1

                            f54602d4b4778da21bc97c7238fc66aa68c8ee34

                            SHA256

                            1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                            SHA512

                            8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                            Filesize

                            116B

                            MD5

                            3d33cdc0b3d281e67dd52e14435dd04f

                            SHA1

                            4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                            SHA256

                            f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                            SHA512

                            a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                            Filesize

                            479B

                            MD5

                            49ddb419d96dceb9069018535fb2e2fc

                            SHA1

                            62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                            SHA256

                            2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                            SHA512

                            48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                            Filesize

                            372B

                            MD5

                            8be33af717bb1b67fbd61c3f4b807e9e

                            SHA1

                            7cf17656d174d951957ff36810e874a134dd49e0

                            SHA256

                            e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                            SHA512

                            6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                            Filesize

                            11.8MB

                            MD5

                            33bf7b0439480effb9fb212efce87b13

                            SHA1

                            cee50f2745edc6dc291887b6075ca64d716f495a

                            SHA256

                            8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                            SHA512

                            d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                            Filesize

                            1KB

                            MD5

                            688bed3676d2104e7f17ae1cd2c59404

                            SHA1

                            952b2cdf783ac72fcb98338723e9afd38d47ad8e

                            SHA256

                            33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                            SHA512

                            7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                            Filesize

                            1KB

                            MD5

                            937326fead5fd401f6cca9118bd9ade9

                            SHA1

                            4526a57d4ae14ed29b37632c72aef3c408189d91

                            SHA256

                            68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                            SHA512

                            b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js
                            Filesize

                            8KB

                            MD5

                            99d65179fda6a2f7aa5defc4e935b6ed

                            SHA1

                            a1609fd04b28dd5d8f4b4d37f424ec2a1f1efe8e

                            SHA256

                            84a8d966aaee761b96d9cdeab6b702f516474230e7b1fea6c26918974442d6b9

                            SHA512

                            a4b86e0e13679686977c80185612fc914db0e79b6e41677ddb6042c4f16fcd93dc73eddeaacc08128c4dd2a1d75439aea5db5cf6c727b541226b6616a17b1c53

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            d00a58fe02fafec8b912e152e94e7a83

                            SHA1

                            687f358445f194a3844bf739e9c7b2de54cc29fe

                            SHA256

                            179d3141dee5307599706c6f1d30962356c95a4b30d0239d9af0f193ac548ab0

                            SHA512

                            af2667790d8da2adcfe8cb2ea29ae7a8b7130f0830f91f585dfdb5816c1f254dfe29561865834734bb52bc2d3fd645381803eba348b23abac761712ee14a4045

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            e01d5474ccfd2127df7ec1a1a74eb28d

                            SHA1

                            0bebc432977361e6accdc7649acf12f582c68460

                            SHA256

                            bbe326850a1be9199cd563b650a06db14f0a90c646cd14ac95f44bc82e9b0a7f

                            SHA512

                            8bce2364b30462d839f62ddf678db56a6b5a6802472de0e6d792b30e39fdf1f592e17451d21e17630e202dfc12a0ef8f7b7a32217da9dc0e7632a0c300b945c2

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            9579da077a7bee62d50778d1e428cd76

                            SHA1

                            6974b26a50ace27ebde3445456bb054e0d0fa172

                            SHA256

                            0da0389280dbda8288f91a5b9014f2fc5368310e5e750273e1843671f4aab4af

                            SHA512

                            9316064bdf2de0e3901af96b5006bacfe32b0140ff936789f2cb0d3808b1eef92ab9f0d46058623df15b657ff53da44f6babd3e71801c15586428510dc8dc755

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            1KB

                            MD5

                            8b46832e2b358868cbfd048316ddba73

                            SHA1

                            cfc358e9a02055151ecd465550927441da010a5e

                            SHA256

                            9abffd442e00395a45698c277e80022f8cb80e0c56ecabee28f0a9472c33b25f

                            SHA512

                            84f3f15b7e2b1fc8ce1dc50c38ef0bfe121b4c010bdc3394e2c4ccecb4636c3d8d7e75083ea1579e8dd60ff67498c3a40673cc4ef74bc31cd191f946464fe6e8

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            1KB

                            MD5

                            ccd09180d6d7f98fdbee0e91b64336cc

                            SHA1

                            58b1cf0b6484d34ad321df9f8d9a6080222fae42

                            SHA256

                            4ce24970ae92a860a8a8a3d7034b0b8c51e8fe854404232b362d951be50b365f

                            SHA512

                            29cdbfd56406546772db8ea2387c5b40fbe90c06b17bed349515f0746bd14acacd201ce9cb7f55593c0b4d490a59f4e62e5b3039b00ecca80140993b29c376b5

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            1KB

                            MD5

                            e17e8a6d272636177f7b761e9fedb46b

                            SHA1

                            471949422ead88d8dc7db0df84ac18d83c705a2c

                            SHA256

                            3fa29f0b31ea210030a918a9a32d2e5e4e4a3515c2f02d43efac8e8ca3ecb848

                            SHA512

                            f762bfcbcf97263f593387701ad79b795631802a5c932c1bb38845a4c09c2cf2841d1ffd58437e16e25134db2f293e497ef0d30378e664be62a377179b9017b9

                            Download Submit