Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://monograph.no...

windows7-x64

1

https://monograph.no...

windows10-2004-x64

1

Analysis

  • max time kernel
    5s
  • max time network
    8s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    02-02-2024 17:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://monograph.notesnook.com/65ae68e4898989ecd6cfcfd1

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://monograph.notesnook.com/65ae68e4898989ecd6cfcfd1"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://monograph.notesnook.com/65ae68e4898989ecd6cfcfd1
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2136
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.0.2027461719\1408286527" -parentBuildID 20221007134813 -prefsHandle 1240 -prefMapHandle 1232 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c13aa0f2-3915-455d-9824-e0274ba3dde1} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 1304 118db858 gpu
        3⤵
          PID:2820
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.1.1233546605\1693761408" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72618719-4cc6-458b-a75a-ab68bc9c4c02} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 1520 e70a58 socket
          3⤵
            PID:2632
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.2.408853249\417369942" -childID 1 -isForBrowser -prefsHandle 2148 -prefMapHandle 2144 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {294f847a-730f-4cfd-9fcc-83a610894646} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 2120 199bec58 tab
            3⤵
              PID:928
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.3.1615204167\81414700" -childID 2 -isForBrowser -prefsHandle 2068 -prefMapHandle 2076 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f2227ed-9500-4eba-bd35-9844181bbf6d} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 2856 177fd558 tab
              3⤵
                PID:2768
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.4.242036346\589597966" -childID 3 -isForBrowser -prefsHandle 3600 -prefMapHandle 3596 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb10378e-30d3-4131-97a3-d208901a2652} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 3616 19975258 tab
                3⤵
                  PID:1724
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.5.887060596\1809788643" -childID 4 -isForBrowser -prefsHandle 3720 -prefMapHandle 3724 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45ede63a-0c4c-43e8-abbf-e661aaa75587} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 3708 19975e58 tab
                  3⤵
                    PID:2540
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.6.1801036066\1726666389" -childID 5 -isForBrowser -prefsHandle 3928 -prefMapHandle 3836 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22d0ddd8-a3a0-4413-8168-ed5a46fc2af2} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 3840 19977058 tab
                    3⤵
                      PID:1940
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.7.2133284596\334856754" -childID 6 -isForBrowser -prefsHandle 3956 -prefMapHandle 3812 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af634768-8994-4eed-9160-31de9a10666c} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 3968 188b1d58 tab
                      3⤵
                        PID:552

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    01214a299da6da83395181b731aad132

                    SHA1

                    310376eade312ff2ad0b375f8ddc6b1ebb005c64

                    SHA256

                    2076cb8336890ee1c68840e3993a0b1fe4bd263a6ffcc895102edd4ba38b38a4

                    SHA512

                    5aa028792245ccd54ce13738b29b88c696815796376ca826d94f5a4cc1bd707e84bfe484fd7fb94e95d610e869eab398abf56a263af30d1a3c8f17137e6a4a92

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\pending_pings\6238e9db-57f2-4ec7-bb91-2339b3a9f0da
                    Filesize

                    13KB

                    MD5

                    3e2bb88321107883c1f7a88ff4945c8f

                    SHA1

                    2d565858d61e4686acf7fae58da3ec489490f100

                    SHA256

                    b63cebc7bbd2bf8203ba87661e196a58d24aacd0a0f58c373359e5f3ba50b250

                    SHA512

                    2bb0de2fd3581fb20c34321c2b23317f75acfc4a6485f273ede387f0f4fe30a27c99f3a413c33f66ed4909f3f6cfa7305ac8a3770c41a85b3ed33f74162555d1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\pending_pings\e07041cf-b96e-474f-a473-7424da45b40f
                    Filesize

                    745B

                    MD5

                    b1f956e92a9aff284d2129cf75a3b995

                    SHA1

                    edcdc54aef4c69168d92f72aec05fe248c00582e

                    SHA256

                    2197f129ed9233a3d0d4ee89ac8acd8dcb0ad27ac0e082ee9633bda23d40b826

                    SHA512

                    3f3d73906229300b3f3cdb8d7abc58dfc1141479e467582fe003a6c76d7e8da60c2bdd6331d581080fb3e2aa0d5685c0b3e48632dbc1991245f9913758c22db8

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    b4d52987f058dcad347847f529980908

                    SHA1

                    591a93865bf57281415bd6bd6399118a836bb66e

                    SHA256

                    61b9aa62d210754f7e73797035dc3413ee4d0928b98204e8541a0b8f538f4c5c

                    SHA512

                    0aa70028e4b98d8d7ce588c92a1436611275deb449e756167a1269597898b1dbe40e0d13eca900a26c206170a234a670f6e3cebdc310df0f0f4555ff975eabe3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    184KB

                    MD5

                    be1aadf6c82748bad5d680c324e56135

                    SHA1

                    0f1189804221d7a26cfab86d023fe7d75ff78e3b

                    SHA256

                    250457a4be807a6d8536e57f4a05449a6219bfef351cd07ab85250097090e884

                    SHA512

                    27b10aa37046a7220476a36585a37276d6451c94b8e73a98f2cbd75b1c3c3a2fbc1f5a70a414c60e9f2a19f255e7eb82cb23c7a056f5ff869399024b99418977

                    Download Submit