Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://accountpayab...

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2023, 13:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://accountpayable.helpdocsonline.com/ID3320067

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://accountpayable.helpdocsonline.com/ID3320067"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4296
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://accountpayable.helpdocsonline.com/ID3320067
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2952
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.0.2122683439\683564831" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f776160-d64c-4e7b-8cfa-a9a6e6a0628e} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 1956 1923d8f2e58 gpu
        3⤵
          PID:4692
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.1.738879690\1608414203" -parentBuildID 20221007134813 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fdb2b2b-4484-432b-ac59-d0717e96df27} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 2372 19231176e58 socket
          3⤵
            PID:676
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.2.293011139\1064902586" -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 3108 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6f50b33-9f59-42ad-8c39-04cfda7acaac} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 3124 192419ca058 tab
            3⤵
              PID:3180
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.3.1587786360\1890711045" -childID 2 -isForBrowser -prefsHandle 4052 -prefMapHandle 4048 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d3bd39b-f0bf-446b-8c19-e5d56721c6b6} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 4064 19231166858 tab
              3⤵
                PID:3924
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.5.730333179\319440370" -childID 4 -isForBrowser -prefsHandle 4668 -prefMapHandle 4664 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85d9030a-5c5f-4e0f-806c-0a5af4dd1cc4} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 4808 192412bd258 tab
                3⤵
                  PID:3596
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.4.517371648\1126795674" -childID 3 -isForBrowser -prefsHandle 4656 -prefMapHandle 4648 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a75d6480-72be-4dc9-8a14-975247bd8c02} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 4636 192404f5358 tab
                  3⤵
                    PID:3968
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.6.833612327\2081952361" -childID 5 -isForBrowser -prefsHandle 5096 -prefMapHandle 5100 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bd292df-9464-498d-9bff-0fc6dff3c504} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 5020 1924205ae58 tab
                    3⤵
                      PID:4032
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.7.1211598007\1210395182" -childID 6 -isForBrowser -prefsHandle 5216 -prefMapHandle 2836 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcb5dfbc-9413-4050-a8d4-b16556ee528d} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 2736 1923116b258 tab
                      3⤵
                        PID:5736
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.8.929821048\1874479813" -childID 7 -isForBrowser -prefsHandle 5788 -prefMapHandle 3212 -prefsLen 28133 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc8ebeb6-e505-4f24-b195-764ac516372b} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 1596 19244cb1658 tab
                        3⤵
                          PID:5504

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3tq1igo7.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      23KB

                      MD5

                      5d670fed10b990c8140acca2d7ee7e0a

                      SHA1

                      e691c22df3aac9105dc38ed8737c209c261db7bc

                      SHA256

                      04e773bb4bf7ce71f9edb08aa393fc19ca90d8803e8bc431bf886a95dadfb325

                      SHA512

                      4f086b5a591c540b6f2274f345821804fa1e04ab7818e5b8acb383a6ab2639a3b9a29c66a1153c5439bfdb24f8bd9c341afaeda71f4e26e5d9da0347e54f4658

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3tq1igo7.default-release\cache2\entries\51D52D298316CD3F9A90A40E946BB34EFA1BFB72
                      Filesize

                      13KB

                      MD5

                      eafa7c6082faa211c39efa181de96583

                      SHA1

                      fb9f691d7299eec57f7301fafc698896c8e43bed

                      SHA256

                      a1843d991e3401433d0fb956b1889e18497a335066ce8510650b716751a8aa14

                      SHA512

                      954429cdfd2867e28e3e4862a24ed9e2fd3a40cd7b8a7ee16d4b185c6f1c113bfeab9ed42c93c92c959018287d1b4623aa4fe46c36b768354608d230283f4180

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                      Filesize

                      442KB

                      MD5

                      85430baed3398695717b0263807cf97c

                      SHA1

                      fffbee923cea216f50fce5d54219a188a5100f41

                      SHA256

                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                      SHA512

                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                      Filesize

                      8.0MB

                      MD5

                      a01c5ecd6108350ae23d2cddf0e77c17

                      SHA1

                      c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                      SHA256

                      345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                      SHA512

                      b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                      Filesize

                      997KB

                      MD5

                      fe3355639648c417e8307c6d051e3e37

                      SHA1

                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                      SHA256

                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                      SHA512

                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                      Filesize

                      116B

                      MD5

                      3d33cdc0b3d281e67dd52e14435dd04f

                      SHA1

                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                      SHA256

                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                      SHA512

                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                      Filesize

                      479B

                      MD5

                      49ddb419d96dceb9069018535fb2e2fc

                      SHA1

                      62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                      SHA256

                      2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                      SHA512

                      48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                      Filesize

                      372B

                      MD5

                      8be33af717bb1b67fbd61c3f4b807e9e

                      SHA1

                      7cf17656d174d951957ff36810e874a134dd49e0

                      SHA256

                      e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                      SHA512

                      6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                      Filesize

                      11.8MB

                      MD5

                      33bf7b0439480effb9fb212efce87b13

                      SHA1

                      cee50f2745edc6dc291887b6075ca64d716f495a

                      SHA256

                      8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                      SHA512

                      d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                      Filesize

                      1KB

                      MD5

                      688bed3676d2104e7f17ae1cd2c59404

                      SHA1

                      952b2cdf783ac72fcb98338723e9afd38d47ad8e

                      SHA256

                      33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                      SHA512

                      7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                      Filesize

                      1KB

                      MD5

                      937326fead5fd401f6cca9118bd9ade9

                      SHA1

                      4526a57d4ae14ed29b37632c72aef3c408189d91

                      SHA256

                      68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                      SHA512

                      b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      b21d4e436bd1114227c1aa2e1d464840

                      SHA1

                      9e1b4703e2eed427131245d08eee5bca63add0d3

                      SHA256

                      bf349bfa368ccba987cbf00c6153cce281e248ee8f11806550d620c444a41646

                      SHA512

                      c8ce1fbbc90528a5637adb416d2d2d88d5c17739c46c7d619d9b0df5fe00985751af75bf6418d3a484a94794cd80d089e85bfff9f4bdfd57124087704f7d14db

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      a3cdd497c4ecaf2da45d4048187380c7

                      SHA1

                      d360415645582ff1a5cc19d7bdce978868021999

                      SHA256

                      88ecf018cff8bf01524ebd1ab05ab0ead3d175f9d111cfdeb0e97c381f526f1d

                      SHA512

                      04c24bc097cb997f8a39c69adb68654271f6893556bc50503d44ec2cd26a235fb12962c0b2f798e9f1aecd42e5c376e85c0e029c2435e439b17ca180118a3858

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      c4c5cd240565abe355a562c03841015a

                      SHA1

                      97d21afd325756a64929febc04ff54ecf163ed90

                      SHA256

                      c6fde38a4d0315eb968d119b3cd229b3a9a68eca6bee7764b8f480f120d6d55b

                      SHA512

                      49183df99f4387e755579703fc11853f9cd9f050f6f4ad4060b2a7b629884880039d9cd283921a9c3588e0452a72ff997c92d30a577030d190f70637fa270b5a

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      2KB

                      MD5

                      b01b84a6b26ad8cf11ddc3029d1f85a2

                      SHA1

                      b336f75ffecb8103a29abd85d455b9f1ad7305bf

                      SHA256

                      019fe2840f10ff6bbd974a648c14d5960bd9409744aa6d2c92779d2f8a563e54

                      SHA512

                      175d3f29eb5f870da6c6dd60366e18ed0a572ca7ac35959c12fdcb99d6e207da830dd591580db89f31999f0e6ddced4f6ad1c0b847afdc6c6a51bd3881392fe6

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      4KB

                      MD5

                      74ba71e162052d6370e6dc0be9ad3d4b

                      SHA1

                      5d6f2c270b6470fcd117ab469d2b40021e34fab6

                      SHA256

                      10c5346c57072127053bd17c1ae114d1ad92cd848ace2cf6885b1d0918ba6414

                      SHA512

                      2e8501a2036e5fd1d5f2d18c1ae5ced950e4fd6444010e1beb3d3471a79edbbec2d8ec4fb88e43fd25177e6a695a6730c6ecd061833967279b1d52409f8d5f3b

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      2KB

                      MD5

                      a2e19432935227daa2220060a46930e2

                      SHA1

                      cfd2384cfa5dca27661690a5a32a981156bf6395

                      SHA256

                      27b27527b09d7c7e16824724ba06f65aafe1d590d35befef8fc7b20276840558

                      SHA512

                      90f098385a9ecadb97c86d8545a374f87bf37bc678a12ce997cb3c7536269dac53a6656219f6894bfd365e04450cea286a72e3b446bb1aec9de5d3ca80e11d9d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      2KB

                      MD5

                      c666b66853c1439995d4c535207c47dc

                      SHA1

                      1ea459289d241bdb9058d8c693d42ff1b60b757f

                      SHA256

                      b45a32c10b8e1fa3de454151b36d6e5e2532dd94ad97ba340326fccbcfee3090

                      SHA512

                      b955d2e5f86449d90be8efd57a60ade8d3707faac53ce7da233941a4790af9bca4a24d92063ba8b74b12b5023e14723334ec7819c237f49e093eeacf0ef357a4

                      Download Submit