Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://substack.net...

windows7-x64

1

Analysis

  • max time kernel
    53s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    22/11/2023, 14:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://substack.net/tv/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://substack.net/tv/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://substack.net/tv/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2620
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2620.0.827203809\764015012" -parentBuildID 20221007134813 -prefsHandle 1244 -prefMapHandle 1236 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c43e20a0-73a0-47dd-9d55-23a0e285e33a} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" 1308 120f4158 gpu
        3⤵
          PID:2328
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2620.1.565707011\1549476307" -parentBuildID 20221007134813 -prefsHandle 1512 -prefMapHandle 1508 -prefsLen 21799 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ae1bc7a-8b90-4e7b-b68d-52887ebc59d7} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" 1524 e71058 socket
          3⤵
            PID:2624
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2620.2.1265183290\2059908448" -childID 1 -isForBrowser -prefsHandle 2228 -prefMapHandle 2224 -prefsLen 21837 -prefMapSize 232675 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2549481a-6079-4093-9a2a-f6d4cc08ce7f} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" 2240 197a2858 tab
            3⤵
              PID:2608
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2620.3.775382422\632692287" -childID 2 -isForBrowser -prefsHandle 2888 -prefMapHandle 2884 -prefsLen 26482 -prefMapSize 232675 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {250ec068-6a0e-4d71-9446-fae57423425c} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" 2900 1c658558 tab
              3⤵
                PID:1368
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2620.4.390593907\1901109944" -childID 3 -isForBrowser -prefsHandle 3744 -prefMapHandle 3740 -prefsLen 26541 -prefMapSize 232675 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de2c21bd-8b40-472d-8bf4-a077d4ded63c} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" 3756 14581158 tab
                3⤵
                  PID:1812
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2620.5.1892905136\1952972693" -childID 4 -isForBrowser -prefsHandle 3860 -prefMapHandle 3864 -prefsLen 26541 -prefMapSize 232675 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d22a22a-7e99-4d08-96c6-29fe0b941442} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" 3848 1e5a0c58 tab
                  3⤵
                    PID:692
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2620.6.578569545\331339207" -childID 5 -isForBrowser -prefsHandle 4020 -prefMapHandle 4024 -prefsLen 26541 -prefMapSize 232675 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6288a5f-52a0-4271-9174-01dbccc7e967} 2620 "\\.\pipe\gecko-crash-server-pipe.2620" 4008 203d1b58 tab
                    3⤵
                      PID:1692

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jkbp0wxn.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  62dce0527e908912947c1c51b92584ee

                  SHA1

                  294c4c88d4a7c4897e407a7ac418230103127377

                  SHA256

                  037cca18fac7115c666c492c70ee4e64dfd4194a88c8c16f45faa5d9f348f391

                  SHA512

                  1b04b9a59ec4e8e574db5324d5c6ee70c33a0bbbb1b987929171564d32dc091a4ec3197678dc1dfeedf400b9f903720b1309aa8363ccc80d01b1a082efd54e9a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jkbp0wxn.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  6203c348d6a942015a6ae29ecbe6fbf6

                  SHA1

                  42116d1303625f442c3547de9d3f478176d0c52a

                  SHA256

                  67d985bcab3024ed3731ff9ad822e26726af31e267ee521a45ca9263999404fb

                  SHA512

                  21545bb0ff991db023b71ef8135f231451648a397b1ed3fe62da729c535905a4cede27cce55bdf0781783f9588a59fbd1a42a0b59cefb98c3ddaf1ac21bc2d6c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jkbp0wxn.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  10f3e2b918c4346a75acfb536b6f4467

                  SHA1

                  cd78951e62599066eeb98f91efc3f5477265eb81

                  SHA256

                  383c9c862ddbb69d9a50c3c80a8d32c2de35eba3620ae1e2fe4bf2ca5b31ff4b

                  SHA512

                  a779994968e6ff76761d31fd5ff31b4f3414b442a7f9258570d688a4e47ac097847b90ee472fa0a3e62639dbc3004591109840d44b15893fe9e6de41c3e883e8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jkbp0wxn.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  983e6e665f66a56735a0f5f782d19ae9

                  SHA1

                  b0cc1371ba2ca64b046827512e5f8699a4d041b8

                  SHA256

                  96a6310d24566584cb4e60a04cb58e5cb6fcb393a9e66b844f4392ad4b0ed9b8

                  SHA512

                  a71963eb3f8f9d1b6ddcf297923487c94acec7d104226f487faf4f0a3819c1626808861dc47cf9d12394f206bbdfefc720071d521baf3b8ab29feae6c364c022

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jkbp0wxn.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  47KB

                  MD5

                  8ed7ce811cd65360f5e7c62c1e2e2193

                  SHA1

                  9a2cb879f8a94c2c9019406a7cbd77f330e07b2e

                  SHA256

                  0014277074c50f2f2e2e9a615a541ea9d9016d03eff4733e300e255cf5a690f8

                  SHA512

                  18de7cbe64341747f8a4d5d963d2980353fd30d510aa9868b332659d68b0087555f7b1f636641e72494fd2ce2f72cb17c0a9e52d9d4b2713ae54bb5a35876f52

                  Download Submit