Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://inxeption.co...

windows10-1703-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    162s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-10-2023 05:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://inxeption.com/terms

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://inxeption.com/terms"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5068
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://inxeption.com/terms
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5072
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5072.0.1295292666\1276015924" -parentBuildID 20221007134813 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ac4736e-3c16-426d-9e0f-ed3f4299d5af} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" 1828 1e1637d5758 gpu
        3⤵
          PID:3708
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5072.1.1881772682\182644554" -parentBuildID 20221007134813 -prefsHandle 2192 -prefMapHandle 2188 -prefsLen 21797 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6382402a-28da-43c9-82ac-dbdd5c2ffd4b} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" 2212 1e16370cc58 socket
          3⤵
            PID:4416
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5072.2.129318837\496621431" -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 2700 -prefsLen 21835 -prefMapSize 232675 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ac94b2a-8896-4343-946c-246bcc557d5f} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" 2688 1e1678d0558 tab
            3⤵
              PID:3540
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5072.3.999192112\1195406599" -childID 2 -isForBrowser -prefsHandle 3448 -prefMapHandle 3444 -prefsLen 26415 -prefMapSize 232675 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e57c42a-7bf5-4b3f-b8a4-5c3099cf1e48} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" 3456 1e151462b58 tab
              3⤵
                PID:3176
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5072.5.1439504630\580375478" -childID 4 -isForBrowser -prefsHandle 4416 -prefMapHandle 4412 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a541e83e-8ec8-4d8a-be4a-07b7ac95a355} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" 4452 1e169b79558 tab
                3⤵
                  PID:2996
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5072.4.1089897101\263183021" -childID 3 -isForBrowser -prefsHandle 4188 -prefMapHandle 4372 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35f68500-1d03-46c6-beef-44a088767092} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" 4408 1e1678cff58 tab
                  3⤵
                    PID:3076
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5072.6.746765047\301348064" -childID 5 -isForBrowser -prefsHandle 4804 -prefMapHandle 4808 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25d1c60c-2076-445a-9264-d0a8738f3c36} 5072 "\\.\pipe\gecko-crash-server-pipe.5072" 4796 1e1690bef58 tab
                    3⤵
                      PID:3420

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcf0uwfs.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  b8204f82a700f7d82523a6f847273c2b

                  SHA1

                  ce8bb17a5dcc01fea4f947092aa624855b5ae7a7

                  SHA256

                  3a6a0e31eb7474837a7216b45afad8cf266fa485a8979d526d4dabf211b0e4aa

                  SHA512

                  bc0bd865eb68754d03bbb1cc874dc0fc9503b3ad38d155fadf6b5cbb4df3c3cd07e5f0fe398e316871cd602ff1e4ea9a8e57bac92d70c8d55799cdaa92d9dc22

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcf0uwfs.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  0fecd8ffa7e6570ecdd52f7590c66971

                  SHA1

                  9fbf17acf70cfb286865bc493f75589ebfaf4e2a

                  SHA256

                  8467c1aac4f33d04caec276b2e7d2cccdec9954bf6bac7260b26164baf3e240c

                  SHA512

                  b10e875d9f21310fa05de529b9f1d1ad87509e6b6e3fbd844706c54921bab197379cfa351ba16a0b2de2b805198d3817556c5a442e811044344eba08d2daaa56

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcf0uwfs.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  6f4587d5592c1a79adc5aa9c7d043bfc

                  SHA1

                  6b1e737b937587374c4566740db193ee9df3024e

                  SHA256

                  607445a96d4df538f7e2ef8f07a91b9ec1bce05027d1835cc48210de45f94914

                  SHA512

                  dcba1f00279e98e0347f8fb4983c47d0698e21112ae3d0f827a1c6b471ad33c961eac4d7f367051191b70a5fb19a1fde7836dc7c316bce403b7a33365662900e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcf0uwfs.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  2ab168d89e639c086fda2e98b2e788e2

                  SHA1

                  56615d995f953ccd41d8c4112d90920587c2ca82

                  SHA256

                  bdc5a7cc5dda314cf70cb45e7a360c1856dd85db8ef0709c03c151c435c40204

                  SHA512

                  7e52c95a1baab35a4338a0fe2d577655ed6dd7a1e74b3201d3010fb66330972cd954ab371f176e52ae0bf69cc880a5ecf27eadcb212cff4da0ef3ea5f97daed0

                  Download Submit