Overview

overview

1

Static

static

1

Página de...7.html

windows10-2004-x64

1

Resubmissions

05/10/2023, 15:52

231005-ta96fscc2z 1

05/10/2023, 15:40

231005-s4ljhscb3v 1

Analysis

  • max time kernel
    36s
  • max time network
    41s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2023, 15:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Página de Phishing_Caso_28617.html

  • Size

    2KB

  • MD5

    b4510ae8bd05ad763b3c94a8932d2c03

  • SHA1

    167ca70294531b67babfb30502b336904f8f7591

  • SHA256

    d7f4ca70a278f820f9df4336dd5aaab2e59556c99137f9347c63ede1673ece96

  • SHA512

    9504817dad8d8927166682ac4ee5e9e4d5d38c615dd9073ec6afda91f62965005e9d7953b142d3e2f2e50d4c574ff18e522a8f1edadf9de9b8d45fad7cd9b87c

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Página de Phishing_Caso_28617.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3816
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Página de Phishing_Caso_28617.html"
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4584
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.0.1340345144\1972941999" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbfb5bbc-e7cb-40d4-aa6e-f12352f274df} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 1988 21c0cb93058 gpu
        3⤵
          PID:4140
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.1.1172559001\2035048394" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80e5d2cb-4cf6-4227-aa58-595aa3964d3f} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 2412 21c0b446558 socket
          3⤵
            PID:636
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.2.1617451249\874962958" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 3036 -prefsLen 21792 -prefMapSize 232675 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9ca5c74-dfc9-493b-8ed0-65d79826adae} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 3028 21c0f8e3358 tab
            3⤵
              PID:4064
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.3.1938017929\961863381" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fc10603-c374-4bfd-86c4-b156c5f17eb4} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 3588 21c10098758 tab
              3⤵
                PID:1224
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.4.1977915171\54275928" -childID 3 -isForBrowser -prefsHandle 4964 -prefMapHandle 4932 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb3a4b14-78da-4cf8-ab45-cf3f9d52cd35} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4976 21c12653258 tab
                3⤵
                  PID:4968
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.6.941393405\759530302" -childID 5 -isForBrowser -prefsHandle 5212 -prefMapHandle 5208 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8863313b-bedc-429b-afbd-e396109a765a} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 5204 21c12cbc658 tab
                  3⤵
                    PID:4028
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.5.374138383\1827736468" -childID 4 -isForBrowser -prefsHandle 4932 -prefMapHandle 5152 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce2c4d33-fa4f-4463-8a82-bb50a3e9d4e1} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 4988 21c0e50d458 tab
                    3⤵
                      PID:4156
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.7.1627070993\1797986026" -childID 6 -isForBrowser -prefsHandle 3144 -prefMapHandle 3032 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ee8fa48-47c5-4ea3-912b-f93341cbeabe} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 3260 21c124c6758 tab
                      3⤵
                        PID:5800
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4584.8.660378076\1360008313" -childID 7 -isForBrowser -prefsHandle 2976 -prefMapHandle 2968 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f53fbc8-68fd-434d-a5ee-26abc9dfd34a} 4584 "\\.\pipe\gecko-crash-server-pipe.4584" 3196 21c0e361d58 tab
                        3⤵
                          PID:5124

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      23KB

                      MD5

                      6e9c2adfe8f071fe328d044e77cc95d3

                      SHA1

                      8d6fa4b525cd2bbf85bdc8ebd89a6c003c3c4407

                      SHA256

                      5b2c8eacb976b0aeb8c2b4f3ebd7b12c3a75c7e39cc684be598379ff99f973eb

                      SHA512

                      2e507383bc5f56543701f413b6ba8eded911a5e5498a4d8c373381fccf1a6bccbb2dc8564ae7da5eb51478da5a1b1282ff2405652757444ab8d06a99c59be46b

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\doomed\15885
                      Filesize

                      8KB

                      MD5

                      00da8bd391cdee01a891399047c0d715

                      SHA1

                      39e598722e46aca1d69a3a79e6a4ea6e492a3135

                      SHA256

                      2f040fde3b61e897f19fe342a4fde7b61970ad2396415d8d6d65ac8ab266b69f

                      SHA512

                      2673156816df3d7457006a48c6fc7b89698f6317a110c0eaa3a97448bf637199e46e1dd8ac549980d8629bf0cfcdff955e820f07f13d3bd5df2363b712963a3c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      40bc5a9f072df599e637bed44aaed4c9

                      SHA1

                      69b40690facb17ebdbe154d50bdb5eda7e798268

                      SHA256

                      630769897498df1056d2c6b5fefa55aea4eeb14c07acb75b42dfae0bb584094c

                      SHA512

                      be026d06e55fb8f3b69b9f07e64e40a44b5709707db37b87f98e68ae3b259ab5c9674d865cd41013c3cc94f3ddd7885c67a97cdb2a0e0eb212da347d442f0545

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      81aa64eb3bf8a4aa10de634190cb0814

                      SHA1

                      578f289f2b5a8b0d2a3ea7bd40f089cb56874647

                      SHA256

                      4193ce05ae0e793bf85c8411e63dd83ce53836a20177399e5e296849ff5b24dc

                      SHA512

                      4d7366cce337b222154d15319d000f04f6dcf6737ed1ef0b2dc78891ba40024c51bcc48aced8af84e1e2a67b4fe9cfd7513331b5278bbfb7c1aa3816be4e4695

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      8e5949c824bf837bc8fdfcd2c3391915

                      SHA1

                      5699faff7e9be0bda632f5bb9606ec3586b023c6

                      SHA256

                      dd123945767f9fd70e0ca9dff5613cc896021b7328ed161aff7782e29d1911bb

                      SHA512

                      89b047eeafa3622c9f8ccfeb801a1e8ff58d49cf048bea534a1a74ffbf9bc9e60634ab20bdea29b2abba3ed714d15454c36079db4fd46c05e1cfd1fdc1ea534d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      9KB

                      MD5

                      f5e6931dae8f2c5e8482f635154f9568

                      SHA1

                      c94d33550fb6d49840bb7f35ef4cfd5118b2e610

                      SHA256

                      7befb7d74b6a1acdfd2f52a539ee928954191fa416113f432c346d5ee9cf6940

                      SHA512

                      09c77aa4e79a63c09bf8fc40638d7d081b167d15452097e8de443d8cdba22beec1e8ef0187f3cf2615d93b2879cb60b4c96b2273636bc7e4d809e982963ef834

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                      Filesize

                      200KB

                      MD5

                      f61bd3c85e2fece1db915c1179cf2a5e

                      SHA1

                      9fdb26aa5fe880e73c3b5dcddabbf8119ab2aabb

                      SHA256

                      c4cea2507d8f94c61aad70831e02ca40c59e847fa42890e6bb8ab1791e063b4d

                      SHA512

                      10dcea5d7addf796e3935f6073e44cc3c55094dceaf04cee5948d8798ca81c592179e8b656e9a6a13423031e10ca6067f9bb432d9b71c2b06ee700f0f9c1ad56

                      Download Submit