Overview

overview

1

Static

static

1

URLScan

urlscan

http://ttecn.com

windows10-2004-x64

1

Analysis

  • max time kernel
    220s
  • max time network
    279s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 21:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://ttecn.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://ttecn.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://ttecn.com
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3984
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.0.505939969\889343021" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edc7cffb-3fcc-4cf7-81ac-8b3260279b72} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 1952 16bda1f5158 gpu
        3⤵
          PID:2112
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.1.499396400\1962216107" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 21676 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c404f08-61d3-4e3c-b2f0-a0f9f9620617} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 2364 16bcd772e58 socket
          3⤵
            PID:2808
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.2.629252997\1362088177" -childID 1 -isForBrowser -prefsHandle 3236 -prefMapHandle 3232 -prefsLen 21714 -prefMapSize 232645 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {801aa74d-10d3-4ea1-b8fb-9590c69bd5ba} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 3248 16bde28d558 tab
            3⤵
              PID:2016
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.3.552997967\2093797206" -childID 2 -isForBrowser -prefsHandle 4008 -prefMapHandle 3988 -prefsLen 26294 -prefMapSize 232645 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a863e28a-d8e0-4efe-8793-74d6cf773913} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 4020 16bdf042c58 tab
              3⤵
                PID:5044
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.4.881901568\1986111417" -childID 3 -isForBrowser -prefsHandle 4584 -prefMapHandle 2804 -prefsLen 26683 -prefMapSize 232645 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf3f846f-d7f4-49ec-8c90-9f48a590597e} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 4600 16bdda61e58 tab
                3⤵
                  PID:3200
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.6.1393265086\619466748" -childID 5 -isForBrowser -prefsHandle 3932 -prefMapHandle 4224 -prefsLen 26858 -prefMapSize 232645 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6c125c5-eff6-41a9-86d8-ea8eb18bbdd1} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 4812 16bdf24b658 tab
                  3⤵
                    PID:3528
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.5.776094075\269919441" -childID 4 -isForBrowser -prefsHandle 4488 -prefMapHandle 1312 -prefsLen 26858 -prefMapSize 232645 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1f5368a-9839-4dea-bc0b-61b5dc0f07c6} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 4528 16bdf24aa58 tab
                    3⤵
                      PID:3676
                • C:\Windows\system32\werfault.exe
                  werfault.exe /h /shared Global\f3e8c72a86684020b882f9f7926491d7 /t 3644 /p 3984
                  1⤵
                    PID:4184

                  Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          22KB

                          MD5

                          89b1948c40025345be09d1ee4ade7757

                          SHA1

                          33d9e8695c412ab13a0f883e993e01cea376b1c2

                          SHA256

                          4fd6ff56f0ac4c9dd3c589ec31909fa424d9eff03bf18b1ae8358054639bff91

                          SHA512

                          620309ab6a426359a2888cf1e0a1e9f909da1cef7438e9600065e20151a7f688fd33001b6984ed5ebb132277f174a0d5efc9f23f1e8d7899c0374d420771c2a4

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          20206c5eea1045b41ee9eec566a3ad1c

                          SHA1

                          6ba0adc3080c16fa557d51a86d02ed28ac998846

                          SHA256

                          83314fee626c4c97eabff0cb9af084fbe3f87bb4cb0eb62a153b1ce27b1e524a

                          SHA512

                          43a5df4ebce1fb8d769c1f2955aeca1c0604bc8aa177f51650c68fd040969b6e7368acb86994aaf83462d436fbf4d9933be45a8188f2ba46407395eb3212b85e

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          9dd891d7337dbf0711a5535e631b79f0

                          SHA1

                          fe2e805a35e50943f67e45c885c57a4cf322b4d4

                          SHA256

                          0164635afdd1503056f15978d76593d0bf2252e2363d26f92b3cd902b229f162

                          SHA512

                          66d433d2460988bf4dfa2cef418d4d439b064bd57d69a3b7e0c17af78108c243aedb804393f6031a79160e54cd2a45d122de267ed6b60dd79258d7fed560888c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          1088d1a807543f635763fc68955243fd

                          SHA1

                          7c10aef2b35bc3e4fbe4896bd457d0e61714ff9e

                          SHA256

                          ba454522244184577e054aef9b8e91fc2f7dcd2b4119bb3e4fc59e743b5ce083

                          SHA512

                          e56d75d19d1fca9a6dc670e2f8e0c979d8c3b67dd11ca00a491816d694159c5fd6a09975cf55a6b9605149cdee050ea66b50882931df2f7d098fd75623374464

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          c764013d34d2c43177fc52aa7daa301b

                          SHA1

                          bad72573c020188c8524d1acba84260d5ed3d52c

                          SHA256

                          fb2f78adeab148f35e849795d9612e132b35222a9c270e3a9f971ce10fe04d3e

                          SHA512

                          89de9b67a06a328f3567129cb1c09a8a4832a705c84557424ca69e190d5a3447572dbab096101a5e91369b7834995ce12b4640ec48882e82c42572deb9a782e9

                          Download Submit