Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://109167.io.dir...

windows10-2004-x64

1

Analysis

  • max time kernel
    20s
  • max time network
    18s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/09/2023, 08:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://109167.io.directiq15.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://109167.io.directiq15.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3248
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://109167.io.directiq15.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2224
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.0.1772410947\1571004308" -parentBuildID 20221007134813 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8742ae1b-48db-463a-9bdd-3c003c52d077} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 1888 28d29df0f58 gpu
        3⤵
          PID:3952
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.1.1282151295\732459916" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cd964af-a203-4229-826f-8c655191c150} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 2416 28d29542958 socket
          3⤵
            PID:4660
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.2.1069607385\27401400" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3036 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {557467ee-a012-4f11-88b5-fce5b2b5aae2} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 2996 28d2db43558 tab
            3⤵
              PID:1240
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.3.2076898059\893479735" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d7ed3e-1c5b-4e68-aff9-71edb6321c93} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 3628 28d2e0c1f58 tab
              3⤵
                PID:3956
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.4.1378551226\658226699" -childID 3 -isForBrowser -prefsHandle 4944 -prefMapHandle 4940 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e634077f-5168-4136-8b1d-5281b65ceef3} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 4924 28d2f7bd058 tab
                3⤵
                  PID:1644
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.6.1906938446\982021901" -childID 5 -isForBrowser -prefsHandle 5252 -prefMapHandle 5324 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df33215c-799a-4f31-9009-4c4a4415c2b1} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 5244 28d30047e58 tab
                  3⤵
                    PID:2396
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.5.188089973\1704597782" -childID 4 -isForBrowser -prefsHandle 5060 -prefMapHandle 5064 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a1db143-a734-4ab9-9190-ebc9c2f390ad} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 5048 28d3004a258 tab
                    3⤵
                      PID:4812
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2224.7.2145306879\341574110" -childID 6 -isForBrowser -prefsHandle 5620 -prefMapHandle 5624 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b239b36a-b5de-4463-9bbd-70e6e313159e} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" 5612 28d2db46b58 tab
                      3⤵
                        PID:4844

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x00o19f5.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    22KB

                    MD5

                    cf57ae992e48233b45482fee4e0518b5

                    SHA1

                    8294f660d7b2d6607deeb645b56cd13794bf8730

                    SHA256

                    13cda122cc79668947e1abfdf85b6674b9e5d6022d4fc1ee4cde5c5b277a3eac

                    SHA512

                    8ce5301addf24df1352a7f8f06402cedec5e978179c2620ed75284579924087077c8b9d52f5f83466a8c4e38445d656ccf704783bd374bc7be0b9b034732902e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    d18b051c5738c12f71aa3311a3f551b3

                    SHA1

                    59f90d07ce9e4ddeb3f0c4923e4b30d460bda367

                    SHA256

                    76517777caa8ef8f24cf66ff4c619a45acb25e814a431423f8673e3a05d0b220

                    SHA512

                    4c2855bdecb8536cdc0ca88cbd1ee24d354fe71599262a7752921dd72f964bb9f2b522a24aef3ce75cea13467be479b9727db43c3bd60d2b6cc8cdafeb3ce47b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    4d5813a741d193d9b13c1b0285072cdb

                    SHA1

                    2ef383c72672824c195ec3be760eef5042eaf37e

                    SHA256

                    894bb3cd70c93279fc0b04a4fbac665e4eb82354a928b582aca1eb6a376a7f2d

                    SHA512

                    069871d237bf477d3735bd3dce8b5cf87aaae7a58adb7b9d50db19669483adc426d82e6c5244eed9ff3963a33abb0c3e6e9d2028812bac72ce208ae1bd3c51cf

                    Download Submit