Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://videosprofitn...

windows10-2004-x64

1

Analysis

  • max time kernel
    578s
  • max time network
    589s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2024, 18:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://videosprofitnetwork.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://videosprofitnetwork.com
    1⤵
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5076
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.0.356747405\468850685" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b8f79c3-326f-4448-b45b-2b5be9f00ba6} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 1964 1e25fbd6958 gpu
      2⤵
        PID:3288
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.1.436487659\1606486423" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2344 -prefsLen 21487 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed7b0fe1-f981-4040-9ef5-1b80667518e2} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 2388 1e25fafb158 socket
        2⤵
          PID:2588
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.2.278019564\1914761042" -childID 1 -isForBrowser -prefsHandle 3356 -prefMapHandle 3352 -prefsLen 21590 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6157d0ea-47bb-4473-9033-b9c395ed130e} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 3020 1e25fb5ee58 tab
          2⤵
            PID:2864
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.3.1213976897\1502325896" -childID 2 -isForBrowser -prefsHandle 3716 -prefMapHandle 3712 -prefsLen 25988 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de6fec72-bba8-47d5-867b-4b54b7a56ca0} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 3724 1e2620f7d58 tab
            2⤵
              PID:4136
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.5.1697454140\717526473" -childID 4 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc4ac970-10d9-4c36-b3ea-67df904e8d48} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 5124 1e265c29d58 tab
              2⤵
                PID:3580
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.6.1204414343\2073632120" -childID 5 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cfbdbc9-83a5-4d19-b6f1-087d179525c1} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 5408 1e26696e558 tab
                2⤵
                  PID:4220
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.4.2099001149\1675344781" -childID 3 -isForBrowser -prefsHandle 4984 -prefMapHandle 4952 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a60192db-6c1f-44b3-9861-0d689eb15b46} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 4996 1e253362b58 tab
                  2⤵
                    PID:4600
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.7.2138765432\640101954" -childID 6 -isForBrowser -prefsHandle 4976 -prefMapHandle 5700 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11259457-ff8d-4076-9088-e3f8803280d8} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 5720 1e2634c6e58 tab
                    2⤵
                      PID:2496
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.8.1811653713\1318077345" -childID 7 -isForBrowser -prefsHandle 5064 -prefMapHandle 4624 -prefsLen 27266 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b60990d4-0988-426f-8216-deaef39a218b} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 5436 1e267655558 tab
                      2⤵
                        PID:1248
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.10.565179591\481933940" -childID 9 -isForBrowser -prefsHandle 9796 -prefMapHandle 9792 -prefsLen 27266 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {042766bd-8f7e-4e5e-bb18-ab37768cf26e} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 9804 1e268a35058 tab
                        2⤵
                          PID:5244
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.9.1257504278\765368659" -childID 8 -isForBrowser -prefsHandle 9944 -prefMapHandle 9960 -prefsLen 27266 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29b9ccdc-394f-473e-92ee-e2fbadde500c} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 9168 1e26898b258 tab
                          2⤵
                            PID:3920
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.11.1016511502\1223624375" -childID 10 -isForBrowser -prefsHandle 9796 -prefMapHandle 9572 -prefsLen 27266 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8107668e-f3e6-4c80-8478-b2af24686ec6} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 9532 1e2691eeb58 tab
                            2⤵
                              PID:3696
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5076.12.2023244091\1957739717" -childID 11 -isForBrowser -prefsHandle 8936 -prefMapHandle 8940 -prefsLen 27266 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e09ddd78-ea52-4aa1-b03c-6b126d4f3f81} 5076 "\\.\pipe\gecko-crash-server-pipe.5076" 9004 1e2690f5858 tab
                              2⤵
                                PID:4796
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://videosprofitnetwork.com"
                              1⤵
                              • Suspicious use of WriteProcessMemory
                              PID:3316
                            • C:\Windows\System32\svchost.exe
                              C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                              1⤵
                              • Suspicious use of AdjustPrivilegeToken
                              PID:5584
                            • C:\Windows\system32\rundll32.exe
                              "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
                              1⤵
                                PID:5804

                              Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                      Filesize

                                      442KB

                                      MD5

                                      85430baed3398695717b0263807cf97c

                                      SHA1

                                      fffbee923cea216f50fce5d54219a188a5100f41

                                      SHA256

                                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                                      SHA512

                                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\broadcast-listeners.json
                                      Filesize

                                      204B

                                      MD5

                                      72c95709e1a3b27919e13d28bbe8e8a2

                                      SHA1

                                      00892decbee63d627057730bfc0c6a4f13099ee4

                                      SHA256

                                      9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                                      SHA512

                                      613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\db\data.safe.bin
                                      Filesize

                                      2KB

                                      MD5

                                      d34f712fd6b3cb77355675981169b5ef

                                      SHA1

                                      00c385729e8a73dc011380df6076740e49ed7fa4

                                      SHA256

                                      cd35a7d3770c4de63cf6ab89cd97d2ffe3c914cd5e9ddeb7454df3f6f34f9525

                                      SHA512

                                      b23b289dfb8de716d721d0b38551ad9e854db4480523aa25927bc206dd643b67ad02ee5605b53f80ff67d0f497ed02aad5d76b3ada8683b3c1af69991a90e534

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\pending_pings\31c3a864-e5ea-44e4-8a5f-c613d1918dc3
                                      Filesize

                                      10KB

                                      MD5

                                      83f8a220efd22b5919fca7b178f14672

                                      SHA1

                                      af4466997572892ae9fc2f677e1d7fba97976cf4

                                      SHA256

                                      a8c45a328f72dbdbc5dfc38dc85d151bb2bc7ce144765d06350b5add967a64be

                                      SHA512

                                      4b682f2a214a6481972c6e33b94cb692bc62668b629b005c933f1245e2326ffefb562332c40a96cf1540b0ebf2df01bdfdec695f3d5bb00dec47769bb190864e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\pending_pings\e991b5b5-e02d-4b64-86d1-5536b4e02136
                                      Filesize

                                      746B

                                      MD5

                                      cf530de8768c035397cfcb5ab1c3e730

                                      SHA1

                                      30c11bfdbbdc7001e8b10238a1349852b2de948e

                                      SHA256

                                      699d4df99404907805f7815f9cbf4d19d72d31c689cbaab7550aa9ed70a99e28

                                      SHA512

                                      18c54bf973671ae078f7e6c742614b63a8f9e0114d2fba37b2916ed43eaa8fb92d8248c7ab54f4aee43597e707e843b68175a476cf3c113407bf4eb065c9305a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                                      Filesize

                                      997KB

                                      MD5

                                      fe3355639648c417e8307c6d051e3e37

                                      SHA1

                                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                                      SHA256

                                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                                      SHA512

                                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                                      Filesize

                                      116B

                                      MD5

                                      3d33cdc0b3d281e67dd52e14435dd04f

                                      SHA1

                                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                                      SHA256

                                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                                      SHA512

                                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js
                                      Filesize

                                      6KB

                                      MD5

                                      010263c522086902d566007f7311170e

                                      SHA1

                                      65c50a4322b014e8dc7b16e6de2abb11f98ac55b

                                      SHA256

                                      876c155395b7ae434e5bddfba18913be995d1b5f73cdf6c0085aa8f3a74a026a

                                      SHA512

                                      ea1afe5d7c2a20fd8cbeeaaec741f2cf248d03a9653bf8aee1c137892443ad0cee8e21f71acfc0b5de04e721ec32930261e6cd9ab05ab05125f0593893df0e57

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js
                                      Filesize

                                      7KB

                                      MD5

                                      6b750d02a5116b9a9652e8f856b9d2ed

                                      SHA1

                                      5fb40460d28700a48bec48c23c75d6959e17f49e

                                      SHA256

                                      81418f8f06d77dcbb799a5e5e1e9930051fd73b996595752b03ba5a4d71bdfbf

                                      SHA512

                                      2a9182b659cb7882a42bc2efe56090e68c3f08a07c87992db8e1b258f8cc5ffa7aadd8e20511f412016a31e428689eca2f24ca5c33624b0db84ee5b4603912eb

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionCheckpoints.json
                                      Filesize

                                      90B

                                      MD5

                                      c4ab2ee59ca41b6d6a6ea911f35bdc00

                                      SHA1

                                      5942cd6505fc8a9daba403b082067e1cdefdfbc4

                                      SHA256

                                      00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                                      SHA512

                                      71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4
                                      Filesize

                                      4KB

                                      MD5

                                      a451c8a931439f376abcb0bcf4167834

                                      SHA1

                                      a61e7fff7d6316300b15a53625abb3f5fda687e9

                                      SHA256

                                      ffdddd1d121ee980bbf3379c1d92a5da5fe55784f5be2555cb4dee1a59385c70

                                      SHA512

                                      3541f6b3856c9f4f52fe709e38aa2125040aeee4161decd2ecfd34e7a022933e32bee4dfee748fa85e07dff97c567783d604bed525ebd80d9c8342c5d9e7790c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4
                                      Filesize

                                      4KB

                                      MD5

                                      15796906ccdbbeb8f0150232c5b2039f

                                      SHA1

                                      d234aed04ec2d56009ee36ddf71bae6238fdc443

                                      SHA256

                                      1e3bb05759ae4042030c0d0eb88d79cd74a364b1db04c41a557a839e39f6677a

                                      SHA512

                                      fbef2ec9c64aaa0ca69953bca0b4e743d7106b680d7305912687df71460713fb7ac850a64324bda626b73b402a8d0f34affb7a92f4fa623902acaf60dab9eadd

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\targeting.snapshot.json
                                      Filesize

                                      3KB

                                      MD5

                                      9dc68f0670c9d4c34eacdc0751070514

                                      SHA1

                                      dcfd0f92336cb0fa05c50d06345729e3d676e29e

                                      SHA256

                                      d33c6d19c67e11d876eac46da6feeabf449f40c28248eb62b8fc8b32fe952e0b

                                      SHA512

                                      52d4753ef50906d0f0dd68474db6da5a643144446697b419197167071cfcb1b95f234ba5bdd12ce1afff925055029eb678b47114aaf4599f18dbe5f2cb8d363c

                                      Download Submit

                                    • memory/5584-648-0x0000015DEC4D0000-0x0000015DEC4D1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5584-647-0x0000015DEC4D0000-0x0000015DEC4D1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5584-645-0x0000015DEC4A0000-0x0000015DEC4A1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5584-613-0x0000015DE4040000-0x0000015DE4050000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/5584-649-0x0000015DEC5E0000-0x0000015DEC5E1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5584-629-0x0000015DE4140000-0x0000015DE4150000-memory.dmp

                                      Filesize

                                      64KB

                                      Download