Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://buscaepi.com...

windows7-x64

1

https://buscaepi.com...

windows10-2004-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2023, 19:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://buscaepi.com/control/assinatura-colaborador/41344/1/42B532309D38F3580AA6D4F26EF48970/410531

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://buscaepi.com/control/assinatura-colaborador/41344/1/42B532309D38F3580AA6D4F26EF48970/410531"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://buscaepi.com/control/assinatura-colaborador/41344/1/42B532309D38F3580AA6D4F26EF48970/410531
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1060
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1060.0.1769299254\870976079" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d958b45-f46b-4983-b3a7-1c28fa58bc12} 1060 "\\.\pipe\gecko-crash-server-pipe.1060" 2008 228f89d3d58 gpu
        3⤵
          PID:3756
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1060.1.1273006437\1176644475" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bcd2ef3-5ac6-4491-ba79-bcecf26bed59} 1060 "\\.\pipe\gecko-crash-server-pipe.1060" 2436 228f86fde58 socket
          3⤵
            PID:2152
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1060.2.974090120\1132512542" -childID 1 -isForBrowser -prefsHandle 3100 -prefMapHandle 3096 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {592912a0-113d-4f8d-8c88-46e007af2cc7} 1060 "\\.\pipe\gecko-crash-server-pipe.1060" 3112 228f895db58 tab
            3⤵
              PID:4064
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1060.3.1453375845\1805604621" -childID 2 -isForBrowser -prefsHandle 3320 -prefMapHandle 3432 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ae03180-d851-473c-a71a-857f15f1c14d} 1060 "\\.\pipe\gecko-crash-server-pipe.1060" 3720 228e4d6db58 tab
              3⤵
                PID:3088
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1060.6.367113692\2029834664" -childID 5 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa6316ab-5058-4fc6-aa9f-ab8944fe0870} 1060 "\\.\pipe\gecko-crash-server-pipe.1060" 5200 228feb12058 tab
                3⤵
                  PID:4908
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1060.5.559445305\2012719925" -childID 4 -isForBrowser -prefsHandle 5028 -prefMapHandle 5032 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a11dcbd-57ba-499c-ae9d-74e1d7281cc6} 1060 "\\.\pipe\gecko-crash-server-pipe.1060" 5020 228feb12958 tab
                  3⤵
                    PID:1044
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1060.4.1486495822\2013681365" -childID 3 -isForBrowser -prefsHandle 4880 -prefMapHandle 4876 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28acc1f8-9880-4f83-8616-b71c6fabce38} 1060 "\\.\pipe\gecko-crash-server-pipe.1060" 4888 228feb11158 tab
                    3⤵
                      PID:2812

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0gvgzt9.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        2KB

                        MD5

                        11c8b492fbea73a4aa1d771d760c20a9

                        SHA1

                        131ee33b41bd71c2e81a1c8815d872835cba417a

                        SHA256

                        ddc3f706dec48ac7723cdd16574101c216197dd413b0146c9d8cda1ecaec9fd2

                        SHA512

                        341fe80a18875b7ef7abdeb8673422e69c48919df67be30f3ca10972e86c8d15f253288dc71d0ae0d9b3ee597eb494792394ef7dcaaf43b61e445d90062b5ede

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0gvgzt9.default-release\datareporting\glean\pending_pings\53d05d8b-e6e0-4f47-aca5-00414473a595
                        Filesize

                        10KB

                        MD5

                        5722d6b6fc9453f1994f0459f9ec588c

                        SHA1

                        c4239ea32fb14cc3ca3680fb91f61e9a65d9e9cc

                        SHA256

                        5136a65791011adbe38196e4c8932894c0f54450bbccdc67091b04e4005d3286

                        SHA512

                        497608e3ff1fdd84e68261cfa5c68ff52859024a7b6ec8d655ff4b393ede07a863c7ab7d754011b6619ccd324032f1d1b56b48f1a92bda9cf50875452ba876dd

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0gvgzt9.default-release\datareporting\glean\pending_pings\f9b20bfb-db18-48f7-a72a-47b3f68f7e2e
                        Filesize

                        746B

                        MD5

                        87c98484558a1228eea134a325af1595

                        SHA1

                        64807fc25bbd13a5b568d4482b0877195cea4606

                        SHA256

                        0d90b316ed08344384527a8eb566b15ec74888e13e675472204ef485c1e9291e

                        SHA512

                        34a1dab25b636ea5ef4ddc01c039e47d3b07f2194680af1758f6b6251cbba6831122cde6f40ed63e562d7e122d774ac8e2046d4470d7753bd3a6497e6f038821

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0gvgzt9.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        c6472c293ba39b4584c92e41f9cfe969

                        SHA1

                        b4efc79167d229f94cb7df40ac45ae9eadac05a1

                        SHA256

                        73183aa3e315ed90bdfd38810cc1eeef7edb3a36aa2a00144b3c8008d1298a22

                        SHA512

                        8cb08a017db8034ae89959e3f229691fe12d31320211057b33616501725cf7e7d21056c2b985d3e22f6358d6ba85c2c373833dba9366425555d12e4eba0f96d8

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0gvgzt9.default-release\prefs-1.js
                        Filesize

                        7KB

                        MD5

                        b0e39b3d6036c51e1bb63ab737a30afb

                        SHA1

                        ca20441b0a17ff4e9138331b5db0c226070a01c7

                        SHA256

                        af762a92a8164b97f9c7b7a3ce45368bf095bb3e85682c5233542d6ca5f3781f

                        SHA512

                        67b7be538a3a832c60f31e85ef1229f1af36d1ab83da467c0b57745a2f0b647d9a067831476da87a26b93fec6b38a2be34a6903e7807496fc9f90a3b9a737f8c

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0gvgzt9.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        82ae66450c48133a23b3a56f2818d588

                        SHA1

                        a5972f78a0eca22bac05ca61dd0cffecca899d9d

                        SHA256

                        68fd614b9b20e74b2a2671330500294ee2acfaeb672961557280b953ac384c7d

                        SHA512

                        2da60cf51ba0f2cd3cbcbfa67548726fc6b0f1b55d9b10605f03f5e9dda6f5c76c7b3c2d865adfa9b03973dcc1b350881b332641cc6b0c0da5b3a9da74f7f7f9

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0gvgzt9.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        990B

                        MD5

                        a25ebcc5279bf53c579ed9daadad0fe0

                        SHA1

                        de964f81c09de35d6106bb4a73caf822fb1f2c20

                        SHA256

                        344073e1cb3c554130dd59252229dc28bad15a61a1722219b55d3ff9a851d15d

                        SHA512

                        8d91f520e1ff7ae541e1f1f9ed39b3be1b3317c21bd22a2d15c4d05d405f28cafcd5581fb591fa5315051fd8d5c3b7a3681a56e5210eb0d312547dfc45d032f4

                        Download Submit