Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://ayhlandscapi...

windows10-1703-x64

1

Analysis

  • max time kernel
    271s
  • max time network
    296s
  • platform
    windows10-1703_x64
  • resource
    win10-20240214-en
  • resource tags

    arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21/02/2024, 01:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://ayhlandscaping.atlassian.net/wiki/external/ZDkxMDZkZGY5ZGIyNDY2M2I1MzFjMzlhYTQzODdjNDQ

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://ayhlandscaping.atlassian.net/wiki/external/ZDkxMDZkZGY5ZGIyNDY2M2I1MzFjMzlhYTQzODdjNDQ"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://ayhlandscaping.atlassian.net/wiki/external/ZDkxMDZkZGY5ZGIyNDY2M2I1MzFjMzlhYTQzODdjNDQ
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3344
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3344.0.467988103\274239186" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1688 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {227aa641-3009-449e-a62c-57fe1c072072} 3344 "\\.\pipe\gecko-crash-server-pipe.3344" 1792 23067dd2a58 gpu
        3⤵
          PID:2224
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3344.1.1841085518\33570260" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be9ea61d-8a3a-42db-bff0-c2ee588dedef} 3344 "\\.\pipe\gecko-crash-server-pipe.3344" 2168 23055675b58 socket
          3⤵
            PID:3836
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3344.2.103646771\748924057" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46925238-2dea-44cb-8102-d577e9daaeff} 3344 "\\.\pipe\gecko-crash-server-pipe.3344" 2984 2306bbd7458 tab
            3⤵
              PID:3840
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3344.3.562283550\1975307460" -childID 2 -isForBrowser -prefsHandle 1016 -prefMapHandle 1012 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f6beb6f-18ce-422b-93a2-4733a1045f04} 3344 "\\.\pipe\gecko-crash-server-pipe.3344" 3548 2306ce28758 tab
              3⤵
                PID:1036
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3344.6.1225985449\1004612077" -childID 5 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf9a80ee-abfd-4344-b3cf-f2c4e09d1e6c} 3344 "\\.\pipe\gecko-crash-server-pipe.3344" 5160 2306ee3fc58 tab
                3⤵
                  PID:4116
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3344.5.984994038\2113852713" -childID 4 -isForBrowser -prefsHandle 4996 -prefMapHandle 5000 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bcc8ee2-2c26-4a90-ae6a-8540ae6ca5a2} 3344 "\\.\pipe\gecko-crash-server-pipe.3344" 4988 2306ee3f658 tab
                  3⤵
                    PID:3912
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3344.4.859607393\2134845195" -childID 3 -isForBrowser -prefsHandle 4832 -prefMapHandle 4800 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c126586f-5455-4d2d-82e8-5b8e80acf197} 3344 "\\.\pipe\gecko-crash-server-pipe.3344" 4860 23055668958 tab
                    3⤵
                      PID:2528

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lq89frqa.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD
                  Filesize

                  13KB

                  MD5

                  63bbf9eb1f11b2f49b716ee44521ae0e

                  SHA1

                  748e35e6e977488ebf11a17a11177dc167410496

                  SHA256

                  f96f7c47f8010a50b236a80bed98ba868ad17a882e945b9328e380c411fb9abe

                  SHA512

                  c1f1cd17722f810342ed1c48705ed98664041737a7b9560fdecfcd54a083ce4e192f013b94ec3e03d98ae8a44fdc278f520647b08ece0dfe37a137a24e935ae8

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  384KB

                  MD5

                  4638b5d074209d70dbdb82a3f25e1cf6

                  SHA1

                  dabe87a5fa9e6f57390b189d916557118500bb2b

                  SHA256

                  469a0746b649db600ec717d58d7ca697d9c5e5ee6556f6e0da956abaa2042765

                  SHA512

                  bb73c4f58fde63e14e4d1192c1ef40e0338f1c42c1ac9e16a1c8217688555ae30bbfd9a34007e3e316c5913a1783c596277f23214bca1aa7336800f19cc4a3be

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  7KB

                  MD5

                  7964b179b823261045e10dc8db3e7b26

                  SHA1

                  d548f15db7a13c20770aa61d16804e43fc637edc

                  SHA256

                  c0edb2e759d50501865ce243d797e268deccbe9281ff9b8417aaff98bc8fc706

                  SHA512

                  13f9e4bbfd7d508592fe9a5d49d2bd1ce0522786955b0963706e087bbc842f911a70ca0659f0af193ca00300b16e69e199c89ee118f0fc6e3521039b97c251a8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\bookmarkbackups\bookmarks-2024-02-21_11_R3HOXV9XQUK8lR2X1GGlGw==.jsonlz4
                  Filesize

                  943B

                  MD5

                  ba5165397fa4b8111ef30ed92cb1834d

                  SHA1

                  53707b9dcda828c4fac2ca8d48b070322161b3b9

                  SHA256

                  06ee78bc9c5cbbcbb3d87aee0618780655e89fd88714b42b4790c124cbc6c38b

                  SHA512

                  ebdf607323595ae036104430494104bf8c6db4a3d0ad482e655aee55a49d2bccf1231bf1b8a58faf3c7fa72a6fed4c1d624de07538eef68c8d2094a96478a070

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\broadcast-listeners.json
                  Filesize

                  216B

                  MD5

                  5821a41ade0f0cc54649bb04b69c3a13

                  SHA1

                  59030e3b415479c9a20d3255ea7d8d29aa488a22

                  SHA256

                  c0366c83a972bb075be2e2bea69f27815d251125a27d8ecf6bbe7ab754d78881

                  SHA512

                  be74a52cf206156b5183c7759d3aa120430f142c0a5f0c76e0a1a2e024d8a23983ab31e3cfa42cf8e813ff54ff5a0b39f0d25da0eb42cf9724f6c0802e0c14ba

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  9KB

                  MD5

                  a35062cabdf5936f6fe37235387f8b5a

                  SHA1

                  752eb265abf3aea3f1406c72ef8d843da74f86d0

                  SHA256

                  04d3ebcb7d5cc5cf5498b3cac14a144b017312b952393fb8dc32b860339afdc3

                  SHA512

                  c1cccfaa5c4e7a2779a018f4c96979e44942a087b60ebf3077faf10166eb5a090e4103f0634309de447437c2cefb7e896390455896a097759a8d717ca3bef505

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\datareporting\glean\pending_pings\14d00c75-dd78-49fc-a621-ddc6a95b9c6c
                  Filesize

                  734B

                  MD5

                  9dd99100eb7d8961448255c7dadb4e02

                  SHA1

                  80d6cfab62475c755ea635c55cb00d8262eeb466

                  SHA256

                  041e11293d59a3faa8237dbb9ea36e87cc15e2ca14902e94ad8bd18253483042

                  SHA512

                  f9f6887b355dd4d73d3e2c3b0f3a0385309c191e1b7f25006fc97afb966af80a3e6837425c3e07a53ae24fcc1b5275c199e70ecbb419793749b073ce219246da

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                  Filesize

                  640KB

                  MD5

                  f1aac6a85663af513a6913819a8d9ae7

                  SHA1

                  ebde727a061986ae7a7b3de7a8fa3ef6f8696769

                  SHA256

                  5447c0a4913842ce58b3142966cbd6ca3dfb0e4d454a19994d1f49643c06ff09

                  SHA512

                  ef64935afe54bc7f9e24e5112b7fc4a02367226cfdf4ed584aeff1a1734ab06eb8f40fb61cdf667dfe919d34a5d520ca5b8cc23c43b9ff70a32283f95ead8e6b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                  Filesize

                  479B

                  MD5

                  49ddb419d96dceb9069018535fb2e2fc

                  SHA1

                  62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                  SHA256

                  2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                  SHA512

                  48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                  Filesize

                  372B

                  MD5

                  8be33af717bb1b67fbd61c3f4b807e9e

                  SHA1

                  7cf17656d174d951957ff36810e874a134dd49e0

                  SHA256

                  e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                  SHA512

                  6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                  Filesize

                  11.8MB

                  MD5

                  33bf7b0439480effb9fb212efce87b13

                  SHA1

                  cee50f2745edc6dc291887b6075ca64d716f495a

                  SHA256

                  8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                  SHA512

                  d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                  Filesize

                  1KB

                  MD5

                  688bed3676d2104e7f17ae1cd2c59404

                  SHA1

                  952b2cdf783ac72fcb98338723e9afd38d47ad8e

                  SHA256

                  33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                  SHA512

                  7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                  Filesize

                  1KB

                  MD5

                  937326fead5fd401f6cca9118bd9ade9

                  SHA1

                  4526a57d4ae14ed29b37632c72aef3c408189d91

                  SHA256

                  68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                  SHA512

                  b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  15f59b6bc7102a2c492de1049a05c073

                  SHA1

                  b0f36554c6fedc21f99feac0fe7ff67096e92229

                  SHA256

                  a694f42d1bd66b9ca852b4d262643765865248368ac2ecaa949c060ebe31d72c

                  SHA512

                  566e29a3dbb6c242a53d95400b79fa386e2fc02a8fa8478507ca0e836ae4a3db734cfc39621c962844735a48a48539d3d3aebdd3c8d1622c5f684b4326de00d3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\prefs-1.js
                  Filesize

                  10KB

                  MD5

                  3f2c9e4ac49409b929beb3300442670c

                  SHA1

                  bf7ea2decda9e7184bbf1e65a340402678b85a97

                  SHA256

                  41e5575dfb0ab9763253148320e65948686f7cdf98978f15e3d650b6e0d583c1

                  SHA512

                  bae994c73781dbb7dbc99b6a123ed1e118d5a454c87775c3f007bbc07382bc2e88adbdb89dc407422db2d942d757dd7b140665b53be9bc3a87ee84a9ac2d0ac2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  35a69b9edccfdbc9dec254791dda7485

                  SHA1

                  d7e998e0ed683018b2566820eec43c308ad11fe3

                  SHA256

                  f0f7d7398dbb7ff11a0e34dfe0c2476ccee528efeb124c3b1caeb823827955e4

                  SHA512

                  2790b5d839cd648d369392d86c39f775d2b8561f510e8df7cb91ca32aad25bf9f2180814d014f372c49fb1bb9e5f26a6db24b3e6aaa61f2f333c2a3eb1490467

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\sessionCheckpoints.json
                  Filesize

                  90B

                  MD5

                  c4ab2ee59ca41b6d6a6ea911f35bdc00

                  SHA1

                  5942cd6505fc8a9daba403b082067e1cdefdfbc4

                  SHA256

                  00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                  SHA512

                  71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  2b49316697eeb91f0bc629671d0632e0

                  SHA1

                  0471eb8fd694cbf4b4cd3951d782cfe8f5923c42

                  SHA256

                  dc4cf010648124d62fc83d9fa07f516721133533e53d6417a95e8206f81dd7be

                  SHA512

                  17839786e63d164ee5ee139779c0f7e635864752448a82457ae82fedae559a56a5dedaa5e57b1eab039f0df57aff02a6c19ba3584f4310295377c4dd3c4871ea

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq89frqa.default-release\targeting.snapshot.json
                  Filesize

                  3KB

                  MD5

                  4e9bdbc62e41435ceeadf823aa7fb85c

                  SHA1

                  e0b500ddbf1ada3a71b8ed856096c47d72b53b9e

                  SHA256

                  89577751be6f1978c2cf696b77666136ea0630da61951600e13eacb3f33ae464

                  SHA512

                  e17a4428a15c15a56d8bd01d5ca1bc98c2fb15836ebf99ab8e1fc8e36961bdc5ee22e0d6c063efdc0a5f25ef6f298533bd1a1aa8b4ab9a289635c23a0d4a4292

                  Download Submit