Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://metlof.nl/fa...

windows7-x64

1

https://metlof.nl/fa...

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/12/2023, 09:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://metlof.nl/faq/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://metlof.nl/faq/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3460
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://metlof.nl/faq/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2008
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.0.1027244935\44031888" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20730 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87514e00-8874-4018-aef3-2851e7b717d1} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 1976 22a96307658 gpu
        3⤵
          PID:444
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.1.1636406116\1026966864" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21546 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a13db01b-10fc-465b-9585-6f6dc06d0a17} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 2404 22a94ffb158 socket
          3⤵
            PID:1640
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.2.31213892\2078337167" -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 3132 -prefsLen 21649 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5340ec3a-2826-445c-a3ec-5283d92217fc} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 3148 22a992bd858 tab
            3⤵
              PID:2928
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.3.1910512297\1037252135" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 26048 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e693915-8822-491f-abc5-89ec54148708} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 3656 22a88868458 tab
              3⤵
                PID:1528
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.6.1448159382\564068185" -childID 5 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26282 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce6ffa77-d4a5-4638-999a-6e5e4d80cf10} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 5200 22a9b708258 tab
                3⤵
                  PID:872
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.5.1752465509\1841351638" -childID 4 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26282 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e4559a3-9700-4d0a-bb67-a1da97689e67} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 5000 22a9b4dff58 tab
                  3⤵
                    PID:1720
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.4.630936162\801385666" -childID 3 -isForBrowser -prefsHandle 4860 -prefMapHandle 4856 -prefsLen 26282 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4724ae9b-b21a-4157-a52f-a17d6b172ce3} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 4872 22a9b4df658 tab
                    3⤵
                      PID:3372

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        22KB

                        MD5

                        f1299642601a45ecd03eeed5ee144a93

                        SHA1

                        b2acfac66908d33ed905c69e8f5860e4addb4a17

                        SHA256

                        98e3d78abd94271f410a7e3b0b74caf5f367ed5e6b02a31d0c27b224b8d11ad7

                        SHA512

                        3221ce469647a79a34c4ba6576b0320975c044061d4a7bec4dcbc060ca9a280a4d43b070061efe17dd195083b254a0e3452468fcb65272aaaa073670f342483c

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\cache2\entries\7002E71F4F8431A3D59D2158243A0EA278856918
                        Filesize

                        13KB

                        MD5

                        f41485a33f25de1f4d125a475bc90b51

                        SHA1

                        8a2556ab25ab149fbc4b127f9f95728cdb987874

                        SHA256

                        721bcc48aacaf66003aa2926a35d3659a01ad4439c8f2f03d571b7df0cea8bb0

                        SHA512

                        9d22e11da127f92e2ba641dee6853846bcd6dea8f3f6c8634ee1e441cc9ade8bd65dbb23dda32d292757acaeaa61cdd6709d28c234f2ee4a4565292024d03c17

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                        Filesize

                        442KB

                        MD5

                        85430baed3398695717b0263807cf97c

                        SHA1

                        fffbee923cea216f50fce5d54219a188a5100f41

                        SHA256

                        a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                        SHA512

                        06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                        Filesize

                        8.0MB

                        MD5

                        a01c5ecd6108350ae23d2cddf0e77c17

                        SHA1

                        c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                        SHA256

                        345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                        SHA512

                        b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        2KB

                        MD5

                        53de74e6ea7651bb67b5e3b9a12fecd4

                        SHA1

                        ec7b83625a3cacdb43b9cda90dcec914db106f99

                        SHA256

                        52cacd57d510a5d88ff2b219f2ba3367426651ce3a98a5ac3717494238beb27e

                        SHA512

                        24c96d69852ef697a463505d35dcbb2fe66cd51883e0a0268d3ebf12ae150c93a953119c0b4523e8b2d913148c7ec1f2c9a992e8223d17ce082e08b70c5acaf5

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\datareporting\glean\pending_pings\3d95ecf0-189f-4ede-b5ca-b393bc81cbdf
                        Filesize

                        746B

                        MD5

                        52ee9f7793a870ddce37e5d26d40b642

                        SHA1

                        d57fe735d8639760e188441eb99df9d6ce81a03f

                        SHA256

                        23824ce52c8e1de684f7190245434976ba400354956d8e525a72e06036475c84

                        SHA512

                        4c418f31277c8d9fd58e7e162ffa5d69e433f537d14cbd76fa9440dce3da74ce67baff1a2ad1934ac9957661f502cb2c2a3bf018b19943dc8f1dad6e4ee3d834

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\datareporting\glean\pending_pings\abd41e7b-d815-402a-a199-c3771b187cff
                        Filesize

                        11KB

                        MD5

                        ac00dfc60ec7e46ec8636363282c8c54

                        SHA1

                        07c8533a56291df45a6134166c94e9e6958639e3

                        SHA256

                        be6c730c0331d2bf4eb6680d2f5df5a266e540d6dcabc734dd77e16e316a73b2

                        SHA512

                        f09b86402b550f03106e52741c77aa750193690525cc1651d6ac8a9e15d1aa10316ebdc84336eec6e6c2122359e3eb35e7485898c896028db9b489512dac9cd9

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                        Filesize

                        997KB

                        MD5

                        fe3355639648c417e8307c6d051e3e37

                        SHA1

                        f54602d4b4778da21bc97c7238fc66aa68c8ee34

                        SHA256

                        1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                        SHA512

                        8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                        Filesize

                        116B

                        MD5

                        3d33cdc0b3d281e67dd52e14435dd04f

                        SHA1

                        4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                        SHA256

                        f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                        SHA512

                        a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                        Filesize

                        479B

                        MD5

                        49ddb419d96dceb9069018535fb2e2fc

                        SHA1

                        62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                        SHA256

                        2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                        SHA512

                        48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                        Filesize

                        372B

                        MD5

                        8be33af717bb1b67fbd61c3f4b807e9e

                        SHA1

                        7cf17656d174d951957ff36810e874a134dd49e0

                        SHA256

                        e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                        SHA512

                        6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                        Filesize

                        11.8MB

                        MD5

                        33bf7b0439480effb9fb212efce87b13

                        SHA1

                        cee50f2745edc6dc291887b6075ca64d716f495a

                        SHA256

                        8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                        SHA512

                        d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                        Filesize

                        1KB

                        MD5

                        688bed3676d2104e7f17ae1cd2c59404

                        SHA1

                        952b2cdf783ac72fcb98338723e9afd38d47ad8e

                        SHA256

                        33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                        SHA512

                        7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                        Filesize

                        1KB

                        MD5

                        937326fead5fd401f6cca9118bd9ade9

                        SHA1

                        4526a57d4ae14ed29b37632c72aef3c408189d91

                        SHA256

                        68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                        SHA512

                        b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\prefs-1.js
                        Filesize

                        9KB

                        MD5

                        4da54472f8437b455fa3df9aedd84df2

                        SHA1

                        3062f90248fa64ca02966a218a2d6a2e8ece2707

                        SHA256

                        65af7511e2d6bc7fcd6dd12220272bdb3eeacd5e25ef8d751aafd6c4d67eb048

                        SHA512

                        e0502ec729a363899d6414ce308f8b2e5ca3b0ba715b2016c545b27c1f6050c625d435113415a4861ae75a620b190e80cc120193808451a7a99800d6c3e7b3da

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        c20f7421d77d195d8196385713719682

                        SHA1

                        f58672479c587efeef3593fa95f35fd532074dba

                        SHA256

                        4c5d751f323465a105ed9b3d37068801fc1726fef7010136566c819709af0ba1

                        SHA512

                        b12b3a4f08435a229c6fe1ee570a6167a2d79acd77eb80dd1c4d12ad73f3febf58c8573cf36153b786128860d985f44f8c3ecabde140458038b5907cff17ac76

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        9ae613fe00d18dbb8acde90f53604f7f

                        SHA1

                        53662f8babed425a64f6ba29d912af45a09a98cb

                        SHA256

                        0c4df74201c6c980f33aa27c2bb93b194ecf62fb4682815b748cf8cbc52a413b

                        SHA512

                        a58d9807f353b7ad950f7d1b859b4b8b348bcb9152c9658d1718ee8ef7088916dea20ee526235bda1139039fe8d50008c8ce169297178cdb68a5e3347f427d81

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        1.3MB

                        MD5

                        a7612f2f16c8550a49137fef88ee9eb0

                        SHA1

                        cfcdd2cbbe487f9df037b8665e331562e99441e5

                        SHA256

                        c5744aa38abad347d2f1f9576a4565019cf04e9c6c1bba71657fd121a775af76

                        SHA512

                        a29499a3726d003bf2ea95ef7ae78574b14e87e559f1a896fd0380863621c5402a860b70084785e645e4ecd4075b5ebf4f520d95b42f5cd4dc5f4f8caa029852

                        Download Submit