Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://gojigebn.home...

windows10-2004-x64

1

Resubmissions

21-09-2023 14:51

230921-r8k8waag56 1

21-09-2023 14:49

230921-r7fl1aag47 1

Analysis

  • max time kernel
    55s
  • max time network
    59s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-09-2023 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://gojigebn.homes/Z1p0NjJSUmJadFNRY1dtemI0cjJPbWI0SXNDSUV2WWtPVmg2ZDlsalpWK2lqY3U2dXB4d0tqRm9jUHJ3VFlTbmNrR0ZEa3E1a016VUp4RmlGSjFRVHpTQm1QdloyNklHMUE3WC91bCtvaXN2d3NVNUgzdWtXbXllTFpZVmZXcGk_

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://gojigebn.homes/Z1p0NjJSUmJadFNRY1dtemI0cjJPbWI0SXNDSUV2WWtPVmg2ZDlsalpWK2lqY3U2dXB4d0tqRm9jUHJ3VFlTbmNrR0ZEa3E1a016VUp4RmlGSjFRVHpTQm1QdloyNklHMUE3WC91bCtvaXN2d3NVNUgzdWtXbXllTFpZVmZXcGk_"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4396
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://gojigebn.homes/Z1p0NjJSUmJadFNRY1dtemI0cjJPbWI0SXNDSUV2WWtPVmg2ZDlsalpWK2lqY3U2dXB4d0tqRm9jUHJ3VFlTbmNrR0ZEa3E1a016VUp4RmlGSjFRVHpTQm1QdloyNklHMUE3WC91bCtvaXN2d3NVNUgzdWtXbXllTFpZVmZXcGk_
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3548
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.0.1224198348\1745528891" -parentBuildID 20221007134813 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb174545-cb93-4789-a357-81afab39feef} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 2008 1a60abda558 gpu
        3⤵
          PID:1648
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.1.466180658\724161167" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6838b89d-e002-4b59-8428-58127c484d0c} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 2428 1a60aaf8b58 socket
          3⤵
            PID:4680
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.2.1621790108\1445575597" -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 3044 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b0ea390-0819-4cc2-9beb-80e5869e5953} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 3204 1a60eccc358 tab
            3⤵
              PID:3340
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.3.130519451\104901760" -childID 2 -isForBrowser -prefsHandle 3632 -prefMapHandle 3628 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3043c4ba-bfd3-4fcc-8eb8-3fd5bccb4c29} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 3640 1a60fbf0858 tab
              3⤵
                PID:4696
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.4.2040545617\285021277" -childID 3 -isForBrowser -prefsHandle 4708 -prefMapHandle 4692 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4344dba7-be59-461f-9abf-3f331bbc18ae} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 4720 1a610f73858 tab
                3⤵
                  PID:2964
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.5.166091226\1349349169" -childID 4 -isForBrowser -prefsHandle 4976 -prefMapHandle 4972 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d55bbb48-eb6e-4449-83b4-82850c2c63e7} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 4760 1a610f6c858 tab
                  3⤵
                    PID:2664
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3548.6.1270408705\1918487487" -childID 5 -isForBrowser -prefsHandle 5116 -prefMapHandle 5112 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {637755c4-f0ec-4c0f-8d68-a637d78727fd} 3548 "\\.\pipe\gecko-crash-server-pipe.3548" 4972 1a610f6d458 tab
                    3⤵
                      PID:4092

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  e0276a24d0a4c729fc9cdf9571519019

                  SHA1

                  4dff0314ccda4c87a1355b003038ce28ab2b2c36

                  SHA256

                  1ba01368841166ad66fb85a9aebd87354487183b1dc3a804e8d000cd10e632f2

                  SHA512

                  94d90e5a29756e35129f3e5a9a23b0eb29aaa8c0322e0a57d432c728482f3d2d461fd82ddbef40ebbf2455fa1813aecc889b9e9a434487cc7edb3f77389717c5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  30f6dc625d61b2e8fb7302f96b3b25a0

                  SHA1

                  150df1c4d364d18e39c5af9d903e829c1842a397

                  SHA256

                  26e8e397823ddad706ffa27bcd2d8b412ee86135a8768af54d7b853198ae7a6d

                  SHA512

                  cf9f286ffeb5526a854c5e9bf1cd7ca43a1862fb762c6ac6d9cd55299b1e51832bd166dabe194f3af79a7746ed784406cd3eba2a489142ce85fdb7f0bfa5aabb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  989B

                  MD5

                  276922ac4d9c0ce515003d338c0c3d7e

                  SHA1

                  f06bd362485d03c568226c337ad460647ef983a7

                  SHA256

                  632e0adf19ed0ab5dbf35b1bf8bd3c3789bacdb32027629c62bbaee66479969c

                  SHA512

                  cf774191243f720b0d89dbe02bfee9d448aa31bbeb9255f55f5ff5e6e28501c334a074194d921d3321eef804c25d726066bf482e90fa3cc05ee87192a03d5cbd

                  Download Submit