Overview

overview

1

Static

static

1

FortniteSpoofer.html

windows11-21h2-x64

1

Analysis

  • max time kernel
    84s
  • max time network
    92s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-01-2024 17:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FortniteSpoofer.html

  • Size

    401B

  • MD5

    4aa110024e461a0b9ee1d050a0b8a2a0

  • SHA1

    7d23b81689da63898d12aaf3bab6096f8a58929f

  • SHA256

    c6a54cf57a5f7eaae857848b15f9367cf89f1892787d11daf0c982a40f2d8e8b

  • SHA512

    c28b9bc6619993ac18348936261e525a8ea9587daecc0b98a6ab2c9e6ecb95fd227482df6f8f2181657c22e8cab11e0f487fd19efe0e58879bc09b1159e12371

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FortniteSpoofer.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5108
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\FortniteSpoofer.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2004
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.0.1336742309\1722760379" -parentBuildID 20221007134813 -prefsHandle 1804 -prefMapHandle 1796 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96dd0826-abb9-4e28-a489-cc996dba3365} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 1884 24b11407458 gpu
        3⤵
          PID:3532
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.1.219050064\1616584455" -parentBuildID 20221007134813 -prefsHandle 2264 -prefMapHandle 2260 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc76cd7b-baa1-457c-97eb-05316de2a3bb} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 2284 24b100e6258 socket
          3⤵
          • Checks processor information in registry
          PID:1740
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.2.1391171431\277704138" -childID 1 -isForBrowser -prefsHandle 3356 -prefMapHandle 3352 -prefsLen 21601 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb1a1239-72a0-404c-936f-a64a1a5e183e} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 3368 24b15747858 tab
          3⤵
            PID:3812
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.3.1367716299\1807133374" -childID 2 -isForBrowser -prefsHandle 2848 -prefMapHandle 2844 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {debfe1b3-5073-438b-8732-d4e85bf66718} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 3060 24b04162858 tab
            3⤵
              PID:1760
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.6.1157841344\236033979" -childID 5 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26298 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20d50cce-a380-43df-a141-6fc95f97a504} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 5316 24b17dfad58 tab
              3⤵
                PID:4840
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.5.744733791\141179101" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4888 -prefsLen 26298 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4d0bc7d-7d46-452e-b686-fe7817f1bcd7} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 4920 24b17dfa458 tab
                3⤵
                  PID:4484
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.4.1981842086\27243376" -childID 3 -isForBrowser -prefsHandle 4944 -prefMapHandle 4940 -prefsLen 26298 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83e83fbc-eb7d-4af6-a295-94258b7baec0} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 4956 24b17cbf658 tab
                  3⤵
                    PID:4856
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.7.1310976825\1970442951" -childID 6 -isForBrowser -prefsHandle 4700 -prefMapHandle 5656 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b30fa81-abb3-4adb-8ef0-84a8fab30e8f} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 4648 24b150bca58 tab
                    3⤵
                      PID:2748
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2004.8.864915483\99511974" -childID 7 -isForBrowser -prefsHandle 4876 -prefMapHandle 4128 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36104e26-c5e0-48b2-b6d5-dd950b0399f4} 2004 "\\.\pipe\gecko-crash-server-pipe.2004" 5044 24b10391558 tab
                      3⤵
                        PID:4856
                  • C:\Windows\System32\rundll32.exe
                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    1⤵
                      PID:2920

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      2df822836986e4e0b2813e41d41b0178

                      SHA1

                      b8b63b872f269091cf09426a2690730564f88dfd

                      SHA256

                      744deeb8d3b551d6387b31db5eeff1e802ded0b3399d5405ef53743a813f19c2

                      SHA512

                      1e48a8996e2647689a39c69161ff54f65f675e2f90fafce003a13b35cd5de7d5397775081fb60959fa25babaac46a7bfadd25bef3fdcf243b46a35c62c3462c0

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\datareporting\glean\pending_pings\a36ae672-3ae6-4be7-b9d1-7c51f4bf8f12
                      Filesize

                      11KB

                      MD5

                      c0890945f78383b47c89f850dd8ebcfc

                      SHA1

                      ffb91d38e8a3cbfbc01907fd12556d1cb537e106

                      SHA256

                      44985fb639684f75e5683681f5f6be7b5db943007bccd06889bfdc0c9d698846

                      SHA512

                      3c2f2ca4c5538cd39cd4726e1c0ca11ba90905360cd9c759e14243c00546a0cb5fdfb17b8fe4c31531a6a1fb9917ac86c0d498e698c51f55109ac458b6f62a32

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\datareporting\glean\pending_pings\e0def735-a25c-4798-8742-3d003373a402
                      Filesize

                      746B

                      MD5

                      a540e3363002da795bb9c25fc23f8a2f

                      SHA1

                      d4c6f9407df4a4c5e57a4af4e72e932c3999ceee

                      SHA256

                      339fa742ffb3117a91219b131b396acdc9abcfcd728dc9459fbe689befd0a978

                      SHA512

                      a8624b0dfacab1eae13c6d79cb4f994c6fc1724b062773114069143a9049119e774ba8fd2ab66dcff098e9260a1c0e4c8164e3d83449b49a92bb2cdfb778cb31

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      7453181cbbd01c5cd1f81384b591023d

                      SHA1

                      ac8a687201d4526e7ff18f13c0157bbf92d1d2e7

                      SHA256

                      b81951768fef32943d09b9373d990a4ea0c1b7aec377ffdee96501240bc48bb3

                      SHA512

                      eed60965858752a887c2d01b84bb69b214882a2b08de25dbe9dd2596295d3c95e3067f55edb8f18e4a83bad22fca3785a6625e673c50d054cefe48777942d4c9

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      992B

                      MD5

                      50677de7a8ac31731d24d7ceed7c62b0

                      SHA1

                      83db0442ef895cee538a104d35de292b253564be

                      SHA256

                      44111b42cf598b3897df7df2a1be676b681f83ef6dd282ce8dc52e6cf188dd49

                      SHA512

                      f3ebfebc1f01ed9e50668d6a1944f0682bea758b386b8f31896806453170e28f6ff29b7cbcf8dd6d45d4b567db5d2edf0bab6d83deb44dd64aca08c57548fc9c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      869be10503022f9a28a33bfef8599af8

                      SHA1

                      cc7f37e41441bc1ecd4100f2e9a28be0857e5d36

                      SHA256

                      746b051fdc05712bf7112d6465bc138426fced6b791b28295bbd973486962239

                      SHA512

                      24d9fbd190d1fc8faf24ef728b8243878601b4272afa574817a055fff8842454466585b82e3f39bbd36b3db25b9613a84859794cb93035797bc85f2f0a26da8b

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\60flkfpx.default-release\sessionstore.jsonlz4
                      Filesize

                      1KB

                      MD5

                      327b29236f5de2ef44320cc813820d25

                      SHA1

                      c7b51f62f4018849b390bf73365310ba13fc8a47

                      SHA256

                      5cc14179df7f88d0e8bda689a6609b37490269fc81db526019865b0e5663ef13

                      SHA512

                      45f50ea6dd9a974469ecc461c169af75bb9ff525517d969e2078f6839bc8c1cda5d31662ae2508b5f765e1ba3507038f6e301390e33d7147b37559ab3bccdbc0

                      Download Submit