Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://urlz.fr/nYIm

windows10-2004-x64

1

Analysis

  • max time kernel
    274s
  • max time network
    310s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 15:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://urlz.fr/nYIm

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://urlz.fr/nYIm"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4108
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://urlz.fr/nYIm
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2152
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2152.0.410416172\1826409646" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {670e765a-43de-4b76-b28d-aaa8875f14f3} 2152 "\\.\pipe\gecko-crash-server-pipe.2152" 1960 1434def7f58 gpu
        3⤵
          PID:940
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2152.1.1394332991\10091724" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {381b1a86-04ea-4cbc-be4c-b1b7a1ac4aec} 2152 "\\.\pipe\gecko-crash-server-pipe.2152" 2384 1434dbfbc58 socket
          3⤵
            PID:4468
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2152.2.354949094\170260529" -childID 1 -isForBrowser -prefsHandle 3192 -prefMapHandle 3204 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff237bf0-7295-40d8-b6b2-dc68193196a2} 2152 "\\.\pipe\gecko-crash-server-pipe.2152" 3276 1434de5fd58 tab
            3⤵
              PID:116
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2152.3.1641019843\702694489" -childID 2 -isForBrowser -prefsHandle 3884 -prefMapHandle 3880 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e64dba6-4885-44b6-9a3e-5a81de105f56} 2152 "\\.\pipe\gecko-crash-server-pipe.2152" 3752 14341467e58 tab
              3⤵
                PID:3904
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2152.4.496460747\1852179009" -childID 3 -isForBrowser -prefsHandle 2832 -prefMapHandle 4676 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83f7f7fc-f41f-40e8-b63b-ce4c269db76b} 2152 "\\.\pipe\gecko-crash-server-pipe.2152" 4788 14353e66958 tab
                3⤵
                  PID:4452
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2152.6.2076654287\1322592760" -childID 5 -isForBrowser -prefsHandle 5144 -prefMapHandle 5148 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc813f9f-66c4-43ba-9f4f-193e1468d164} 2152 "\\.\pipe\gecko-crash-server-pipe.2152" 5136 14353d54658 tab
                  3⤵
                    PID:3484
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2152.5.424253413\879339113" -childID 4 -isForBrowser -prefsHandle 4936 -prefMapHandle 5008 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90c88ce3-0052-4a5d-8ebc-d687c5369e66} 2152 "\\.\pipe\gecko-crash-server-pipe.2152" 5020 14353d52558 tab
                    3⤵
                      PID:4188
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2152.7.1500306334\226314067" -childID 6 -isForBrowser -prefsHandle 3352 -prefMapHandle 3364 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a64134cf-e140-4d6c-9da5-e18513f83199} 2152 "\\.\pipe\gecko-crash-server-pipe.2152" 3316 14353c3b658 tab
                      3⤵
                        PID:4104

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    22KB

                    MD5

                    05dcae246c35fc8bb5db5f3c4f2b3086

                    SHA1

                    2a12777f782e94d346e0b266fbdcda5e4212c59e

                    SHA256

                    1e4ed9af4cc671683a1c4873ce9c08b899a9c2d083bdfbf2e0fa4ed9849da39c

                    SHA512

                    eb5d6be348dd7e82eb30829b9092beb93529e0c39d93ac7e3721ac38625da67fc39f3057643643ca9d1d2c8c4035d4ec3ac3060dd41b651164fe7132de341bdd

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                    Filesize

                    9KB

                    MD5

                    e0ed4ee5189f103712233ad1d8f0f320

                    SHA1

                    83672abf4ea58fbb18ebc1336732838aecf98dba

                    SHA256

                    30e4ced8cb8a2f5c576bdae6379c7c07c3af0e5b14d546f2389904107162bfc8

                    SHA512

                    9fbb7f296fda67aa488f8aa30989b84330376a36583d155716b33275bb376e5ff6e7c0c649a11d57e19dc1608ea9277e291953b287736d89c9065df776632390

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    72f3d953509a2bfc0de579c1ac3e8c8d

                    SHA1

                    5f140f3dc41811a04526add823f17281e3ce27a2

                    SHA256

                    899efd5a3981a84d1fc0a720ef807868926a21db922dd7833bf9ff9a077c3392

                    SHA512

                    f097c6a9db80863dc36ebc0cfa3eaa34395f807dc0b9b3af24e2b733bbd3b7c7706f6adf1439c000e4a527d13b6ae2887903e11a0a50f966155e6f5c9fa60a72

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    b2b31b45572de26821e87f43e0ba9227

                    SHA1

                    e258bae4feb72111f11952c76c49e29c9fe39e54

                    SHA256

                    6b73390c3b8933e1c2a7fcda3e641da9aa8da1630c205dce1768be03b00e47a4

                    SHA512

                    5a76a50396b5f209b2e6a68d5d47874e63d828fb06c69fc4de0340effd5052a4ef46ac774edc51b3b1d8ea631b8271aa811f40bdf36b3281b096f73263546e0b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    4KB

                    MD5

                    fb787f4ede63178e6dd3459bcae00704

                    SHA1

                    1edc451c2f5ea8bb74f1250486188d8c256900cc

                    SHA256

                    5f774309d3632263472d9829f086f2c935540bb7c577846e47de1b8e8aea5080

                    SHA512

                    80e632774100e3ff91f24cee2bd7d6877bbbe0437a108863df79b8b817511a19e98ca3be40332ae9539f82ab8b6177cf7db819ead26869b02db3305e20f19377

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    4KB

                    MD5

                    e77b680abf56bd871ea403d5bbabe7f5

                    SHA1

                    1d62bb2ababc4958124a760001987f9c928c4da5

                    SHA256

                    16fd4dcdda1b6d2f1674886a79d0373688692e93f4ca0e9929d3e0a096bbd232

                    SHA512

                    a9c0d0e03df73bdafd44fe64f8d9999f0b3e8e43336f0a292ed2279cdc72bde2e23c47ab9bfc5e16a4574304b13dbf37fec7d152036d3a306253237488ecafb1

                    Download Submit