Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://c2hct122.cas...

windows11-21h2-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    258s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10-01-2024 16:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://c2hct122.caspio.com/dp/e857d00020dec1a10f6541f6a925

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 61 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://c2hct122.caspio.com/dp/e857d00020dec1a10f6541f6a925
    1⤵
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4548
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.0.402159461\407847260" -parentBuildID 20221007134813 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec41a0e9-0930-4ebe-9dda-dc5425c78dd1} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 1856 20030bd5b58 gpu
      2⤵
        PID:1324
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.1.1812590541\1835633176" -parentBuildID 20221007134813 -prefsHandle 2240 -prefMapHandle 2228 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bfeccdb-3f56-40f5-9d96-5dbcb1d970c2} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 2252 20024972258 socket
        2⤵
          PID:4224
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.2.1303472628\25924022" -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2868 -prefsLen 21666 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65a23c15-93a3-44d3-b52f-6dff5bb89cab} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 2940 20035ddc458 tab
          2⤵
            PID:1356
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.3.333166248\1023714387" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cd5d5a2-3e35-42bc-80c8-cc2d10674f75} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 3532 20036d07658 tab
            2⤵
              PID:396
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.6.1319505193\844590711" -childID 5 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b66afa4c-ac05-428f-8804-06d2fde063bb} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 5284 20038245558 tab
              2⤵
                PID:2152
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.5.143018511\428475321" -childID 4 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {211d213d-d114-41a0-8edd-0c86aea6fa10} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 5100 20038244f58 tab
                2⤵
                  PID:2464
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.4.2049603461\707152224" -childID 3 -isForBrowser -prefsHandle 4968 -prefMapHandle 4964 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {264dc724-5d49-4bfa-8bee-0b4637f5b1e4} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 4976 20038243a58 tab
                  2⤵
                    PID:1860
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://c2hct122.caspio.com/dp/e857d00020dec1a10f6541f6a925"
                  1⤵
                  • Suspicious use of WriteProcessMemory
                  PID:3752

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads