Overview

overview

1

Static

static

1

URLScan

urlscan

http://quantrixp.onl...

windows10-2004-x64

1

Analysis

  • max time kernel
    272s
  • max time network
    279s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2024, 16:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://quantrixp.online

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://quantrixp.online"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3588
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://quantrixp.online
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3168
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.0.844410460\351013761" -parentBuildID 20221007134813 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {552a4300-4b70-417d-a59b-56454ab8b696} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 2020 201d68f4c58 gpu
        3⤵
          PID:4612
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.1.649914266\222336105" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a598be32-f803-4523-9f01-570a45da9cc9} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 2420 201c9e72558 socket
          3⤵
            PID:1992
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.2.689304156\1260748152" -childID 1 -isForBrowser -prefsHandle 3232 -prefMapHandle 3228 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c302c7ff-14ff-4d8c-afcf-dc42e6393ff6} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 3240 201da6cf358 tab
            3⤵
              PID:4960
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.3.1892387380\412885684" -childID 2 -isForBrowser -prefsHandle 3956 -prefMapHandle 3952 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32a22ad2-9a0b-401b-bb98-f1fd938179e1} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 3968 201db99ab58 tab
              3⤵
                PID:2208
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.4.862217121\1160745804" -childID 3 -isForBrowser -prefsHandle 4960 -prefMapHandle 4964 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {670cefbf-9da4-4d3d-90c0-1d549cb71429} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 4992 201dcc9ef58 tab
                3⤵
                  PID:3064
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.5.1842459677\61809099" -childID 4 -isForBrowser -prefsHandle 5116 -prefMapHandle 5124 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c7bfbbb-ed59-4798-a0a0-b5efcb47e39f} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 5012 201dccf0958 tab
                  3⤵
                    PID:4544
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3168.6.430012551\170632451" -childID 5 -isForBrowser -prefsHandle 5400 -prefMapHandle 5396 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce2965e4-b84c-4ff5-96d7-00a47c7556de} 3168 "\\.\pipe\gecko-crash-server-pipe.3168" 5408 201dccf1858 tab
                    3⤵
                      PID:1592

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eypn1lcs.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD
                  Filesize

                  13KB

                  MD5

                  901a18a7e8c60f44bdb1459fe8b2520c

                  SHA1

                  50770e4ada338e83a6675573bd9438b023144d09

                  SHA256

                  ae55c6a066a2444185d9a3a7cdf4f9a365ac3096a31f61e60e62ceeb9366d59c

                  SHA512

                  cddd9eebfbd9ebad72eb55bfe61dd970cd90c2655d0ecd6666019e0878af05190a77838b53e27b2c41e4e20859caff50a1962102a1727a314b941cc336fe7d65

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  7.0MB

                  MD5

                  ee7264d9532d0df77df5c2d0fae2e87c

                  SHA1

                  fc92ec232a221bd46f243fa19e8463a647b2dada

                  SHA256

                  0fdce458a9981da6c3fb3072ea7056c79f59e85bcae1e05becb6fdafec8a5b34

                  SHA512

                  d2293b1e5541b461ad64a5fd2f179c75ba09ab3e33850302684583f39d774aa028752ee75653b5eca845cf957f6a2d58242a3a3e68e4278149997e78ca1ec2f7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  5KB

                  MD5

                  e5021c9a5cc08cacb818304c4d3ff86f

                  SHA1

                  23edf86774431bb900a96450375505a52eea5f2b

                  SHA256

                  ed64d1ec8314678a16f34ecc9c5bc20ec51911b6bebde0e41622c40b08173869

                  SHA512

                  ed6363eacb27cca2c9370e879d0233110a56b3ee2e95762e12d4e0716f0dcc770bb838e02ff27095e7445ebee5588936c983deef29a699525624e2975c40dd18

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  2ee649a36b38d5dae0c4cd7a28b71f3c

                  SHA1

                  dd191f6a73833bf10997a1f3478d2e93afba9756

                  SHA256

                  8ca88885592eddd46cb3769b99d2ed9c0d6798831b675297e6f30e51ca085ba2

                  SHA512

                  7e12f6cf66eabf2847d593a4824240b3123d52d0a94b4c9e4c55ed35721cbbe4ac12851eee3dae436fcd6c9e4701834234bb36d39703ee8e44b238a965d621e9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\datareporting\glean\pending_pings\6a6b1d64-85bd-46bb-b8d6-c726a394ff20
                  Filesize

                  746B

                  MD5

                  6b8c856e1e393f00c045387e84e28603

                  SHA1

                  59f3d1dac55ccb00c22813f30928c0618f0ae3ba

                  SHA256

                  2ae09490c61c24cd05365cb18a77a317807d740f934a0476a9510a70e046b735

                  SHA512

                  714c2927a8e6c8601c0206cc3e6d9a5ad961d8fbf97d92bddfd139d0f4acf1df0efd1a53c7c710b83c26c407ba68c84f71c886d5ac641e7a48f26039053645a4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\datareporting\glean\pending_pings\737b4aa3-d489-4ca5-a476-12c9248ff36b
                  Filesize

                  12KB

                  MD5

                  fcff225df22cba6b1a8fef85ed4a4a9c

                  SHA1

                  85c52dd3872ba2d92103b724b3202355ac0de467

                  SHA256

                  621ef67aa7a97e2c7d04c2daee1acd0d9cf87425c375753a54128499de2bfbb0

                  SHA512

                  17e1a83da8d2206951f7614d40ca8f9762e11aa12447c240f55e2c1fe63f6c8e3d1eccf3f1fb24529373a1fdd1f4879373c29f0a4ea56524f29a28a5e73855fe

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                  Filesize

                  479B

                  MD5

                  49ddb419d96dceb9069018535fb2e2fc

                  SHA1

                  62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                  SHA256

                  2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                  SHA512

                  48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                  Filesize

                  372B

                  MD5

                  8be33af717bb1b67fbd61c3f4b807e9e

                  SHA1

                  7cf17656d174d951957ff36810e874a134dd49e0

                  SHA256

                  e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                  SHA512

                  6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                  Filesize

                  8.6MB

                  MD5

                  d2211971d035d27000f0afcc3eb6f4ab

                  SHA1

                  6ab38e0316b726beeb47840493a780b30ea9da4f

                  SHA256

                  e729d7b8abbeb1e603ac6334fa6aeca51240e3a1bc0c96fed128db0781c0d728

                  SHA512

                  c35096149985407ba148c4e9d4b4ecce3c016a4ec781179bcee80c1d16257f305c9bf63b4fc3419d71227d6b407506bbe98692cfc700749782ff8ed666a4bf51

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                  Filesize

                  1KB

                  MD5

                  688bed3676d2104e7f17ae1cd2c59404

                  SHA1

                  952b2cdf783ac72fcb98338723e9afd38d47ad8e

                  SHA256

                  33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                  SHA512

                  7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                  Filesize

                  1KB

                  MD5

                  937326fead5fd401f6cca9118bd9ade9

                  SHA1

                  4526a57d4ae14ed29b37632c72aef3c408189d91

                  SHA256

                  68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                  SHA512

                  b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  60fb365533b01d7e118901b2f4f5ce4f

                  SHA1

                  51dc3583654946a07988e0f406ddc20badc3ce91

                  SHA256

                  b8693570d064c56d073363ffc3bf1df7d2b1d4662eaa2b0d8a1fad54ebffd3d4

                  SHA512

                  f4b2f7a6903f73d14e47db2d6ad584b85bd34b4cfc6e76d52c4a6b0f95321f043c105a6efee95ac94d569de0a78851b00a6e9517364a5985d0e39f85dcc7263e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\prefs-1.js
                  Filesize

                  9KB

                  MD5

                  7122a021941d0bea715c5733bdf41906

                  SHA1

                  fb1b6eb72e3430667422c71ca79ab1e02994302f

                  SHA256

                  eaa05c756aac604e697140345aceed3d8d3821a199d9158b2efe647a4773a51f

                  SHA512

                  9d93661a51280b72c48d7f76332234f98cd463c8c200b66dd95b6cade0a7dde796c856ccde9c48ec3437fb2d15d5d7333e12a93c53fa5afe77ebf481b0f691e3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  eb3df3d4f08873a2ddc1cae957831d33

                  SHA1

                  cf08d9404bf0f59b1ef943ca74da0c767ed71a76

                  SHA256

                  ce1a4f01d3f600c5b793e14f5ef20afa70ee2a0a376f3bd11ccf40042dedaaa5

                  SHA512

                  1560d4b28e51413924b0e71dc325c2d148845a2fea56b67475d2d684d1ee7bf3016f413f3b0f90fba0825131c37a2e7cfd5ff6387b40ce407bd6783ed73ff52a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  c7eb74f47eb7ecfb6abb63d35962b68b

                  SHA1

                  956cd3f5e85e2cffb976945c3444ca62c3f17507

                  SHA256

                  810cfccc19a6ecc422ed00ea0478bccb72652a28da9fb826c2fdb67a5629797f

                  SHA512

                  d89e86ab4cbc75eaca547f07372a98f6d381da1b40fb1498fd65a311816414291025edf581458b707bd2fbf498da16d6ef97842e4706c2f16f6a5e65d2dd3ca8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  996B

                  MD5

                  a94ada44a44ac602b3dad7c50a468477

                  SHA1

                  929b2c41e6cdeceaa7cb3acd6a5064a354ea8fa8

                  SHA256

                  cb6efa2b7b97856ca1f777953a9c16e26e4a9cc2d075ed5f84f2903297d7cff7

                  SHA512

                  12b1d8455554363a6aaf13d54790462906c533bae884495c7f06931ccd62f45dee29cd0b896b80774cfe86c1df9f96c39996ec59606428c6462f571247f5a61f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  1468178429e116eaac7fefe94d91abed

                  SHA1

                  da44dab4b4c359349652c127eed1b2481001aa39

                  SHA256

                  5963a566e0607a71f212fea506afdeb6716bb5b4a2a2329f17c297be628b7fcb

                  SHA512

                  37c2e64a27431c1d11813d26e36c63e09c62d86c62197b166d2bf1e7dc7e55195d1d6ac43efd341aba461b5b6aacc731bc22619fe6b33cf3172c3922123984e3

                  Download Submit