Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://backup1servic...

windows10-2004-x64

1

Analysis

  • max time kernel
    288s
  • max time network
    293s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/01/2024, 10:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://backup1services.com/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://backup1services.com/
    1⤵
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.0.134806830\1219301285" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f79026ef-5f4d-48d8-9d48-6de65d9470b8} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 1964 2157e6e6858 gpu
      2⤵
        PID:4756
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.1.1522555048\1987052159" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 21487 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ebfa8f1-6140-409e-9bc8-b303e5d14407} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 2388 2157456fb58 socket
        2⤵
          PID:5988
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.2.509853185\1879753759" -childID 1 -isForBrowser -prefsHandle 3092 -prefMapHandle 3196 -prefsLen 21590 -prefMapSize 233414 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6279d5ab-29c4-4944-a1a9-72903a83b760} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 3316 2157e65f858 tab
          2⤵
            PID:2376
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.3.176375213\1336942304" -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 25988 -prefMapSize 233414 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff43858e-7c4e-4918-adaf-c709915da267} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 3656 2150620a258 tab
            2⤵
              PID:2248
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.6.2079925677\267652568" -childID 5 -isForBrowser -prefsHandle 5288 -prefMapHandle 5292 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8113b828-0c8c-413c-8f07-e4fba313d62b} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 5280 21507a7da58 tab
              2⤵
                PID:5344
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.5.385728194\1672316843" -childID 4 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88c985d6-ee63-4520-b1f0-5fbf0dd1ef24} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 5076 21507a7c858 tab
                2⤵
                  PID:5640
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.4.933169999\776393112" -childID 3 -isForBrowser -prefsHandle 4924 -prefMapHandle 4940 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ed0765e-da07-4950-b616-06cf4072274f} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 4952 215059b1b58 tab
                  2⤵
                    PID:3652
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.8.373056786\161765375" -childID 7 -isForBrowser -prefsHandle 5836 -prefMapHandle 5840 -prefsLen 26222 -prefMapSize 233414 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5589d909-a72c-4905-be35-0879e01b091f} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 5828 2150861de58 tab
                    2⤵
                      PID:3464
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1280.7.1616300565\1490111072" -childID 6 -isForBrowser -prefsHandle 5688 -prefMapHandle 5684 -prefsLen 26222 -prefMapSize 233414 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1ebea26-d67f-454f-9002-8fab45dc9d59} 1280 "\\.\pipe\gecko-crash-server-pipe.1280" 5696 21508620b58 tab
                      2⤵
                        PID:5308
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://backup1services.com/"
                      1⤵
                      • Suspicious use of WriteProcessMemory
                      PID:5244

                    Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                            Filesize

                            7KB

                            MD5

                            60ab10857bceb958af13cb7c0018e9fb

                            SHA1

                            9d3dfaa8b5f164c8196784b5eed7eefb72c2eead

                            SHA256

                            92d38a53db97faa205fd4304ca49f432b40327433f4ddc7e07d21a9c054f0e4d

                            SHA512

                            5f281f80b6443eff3cfa916c309142d94aa5d8592c1d8675ad5d33e21cbc815fcb8bdc0078267028c488c410995f53b46304dd2ecb0cd7512dcb0486cd4acbce

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\bookmarkbackups\bookmarks-2024-01-02_11_grVx-X3BxQbeKq7ztIKxWA==.jsonlz4
                            Filesize

                            944B

                            MD5

                            4ad200329f3da1d8db160df28c5bc015

                            SHA1

                            b5341199cb262ea6d4331510c006de7f52c77df8

                            SHA256

                            c12d2c1d66817b3ac755e4bc5102fd0c5a7f4c22d7933a6c58aec819c4c893a8

                            SHA512

                            fa6773333791df6db465816546ea37fd245537856286717c64d42b233d8403c72e19368a2626bee70ee74d46630fd008be298019817dd7d8405088c012033509

                            Download Submit