Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://send.safer.tg

windows10-1703-x64

1

Analysis

  • max time kernel
    13s
  • max time network
    18s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02-10-2023 05:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://send.safer.tg

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://send.safer.tg"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4408
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://send.safer.tg
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1620
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.0.407667034\1000106332" -parentBuildID 20221007134813 -prefsHandle 1680 -prefMapHandle 1672 -prefsLen 20858 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64a32e18-f18d-486e-9272-8a4701d20ad2} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 1760 210f28d2b58 gpu
        3⤵
          PID:4896
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.1.204676376\1581022786" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21719 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d722af15-7a52-4d86-a733-4398010fc678} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 2136 210f2805358 socket
          3⤵
            PID:1504
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.2.11905426\673198500" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 21757 -prefMapSize 232645 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31ab2a4d-a8f8-4b5f-aa32-c0f3d871adcf} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 2636 210f66df558 tab
            3⤵
              PID:788
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.3.1695229804\574407331" -childID 2 -isForBrowser -prefsHandle 3548 -prefMapHandle 3544 -prefsLen 26402 -prefMapSize 232645 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aec6e011-5b50-42cc-a203-412a63ec8b63} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 3560 210f529b458 tab
              3⤵
                PID:4500
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.4.2088491236\91922197" -childID 3 -isForBrowser -prefsHandle 4636 -prefMapHandle 4656 -prefsLen 26461 -prefMapSize 232645 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b6c77c1-dede-47b4-89b0-ff27dccaa1cc} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 4640 210f8c61058 tab
                3⤵
                  PID:4840
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.5.1816996759\701337828" -childID 4 -isForBrowser -prefsHandle 2612 -prefMapHandle 2980 -prefsLen 26636 -prefMapSize 232645 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1908b05-1155-4990-b32f-73a228c451cb} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 2864 210fa0db358 tab
                  3⤵
                    PID:4544
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.6.1570759009\1797181448" -childID 5 -isForBrowser -prefsHandle 4800 -prefMapHandle 4928 -prefsLen 26636 -prefMapSize 232645 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {015f06fe-3798-4098-bf7e-c2b62fe6da28} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 4916 210f981b258 tab
                    3⤵
                      PID:4256
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.7.1801046262\1328423395" -childID 6 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26636 -prefMapSize 232645 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9019d0f3-adf3-443c-b352-2616003e6ce9} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 5104 210f981eb58 tab
                      3⤵
                        PID:2548

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k1y5d1fh.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    22KB

                    MD5

                    badf10cbd9d473cebe7ac66bab9d24dd

                    SHA1

                    5f6072a3ff2b4e42ed3646f9da36b50423021025

                    SHA256

                    2af0e10fbbdd9ac52401f67395136dcd58fae542a592de7723475306746b921a

                    SHA512

                    24e089697ecee970b42a1ed3e4365189278a990a8ba411b8684fdd442d29d6bedc7cc542a3f705455d4536497bac30c272fd6bfa825d4b5c6935b5c7aa31fa70

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k1y5d1fh.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    fffd1e7c6fb7938aca0c9affcd5eed6f

                    SHA1

                    6efd13be6f5ba81f5a7d26e6ab9a69278f377233

                    SHA256

                    2c41e3f6ebc12256ce39368e79580049da1adec8988706c4f1a2d658e3a72bb1

                    SHA512

                    bb811de38c0f7a6833f85a9513469f1c3de6a2a3a82ab07eaadacb6d4dccc15fb010962277ea4d50500530318458cd07cbcdca5fcba8d1b88854af8d104a4077

                    Download Submit