Overview

overview

1

Static

static

1

sample.html

windows7-x64

1

Analysis

  • max time kernel
    1560s
  • max time network
    1562s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2024, 16:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.html

  • Size

    727KB

  • MD5

    71ffbd6b27f7251295f72f451e0e45e8

  • SHA1

    6d10452e8bdd6ac9eef38c002b2e7fe825463e85

  • SHA256

    07e4162ceaee1b06ccb5d4c6c3202c6b018c837284237f538a41892075935d3a

  • SHA512

    1b2ba768b3d52fc76e03f75901cd34e18c88da7e1c2b99e2bc055678533b61495809f5710f1b5da2c4ebd10c985f456b188c2a247751b85849cd35035ba7ba7d

  • SSDEEP

    12288:nXfyDr6CBnfkA142O7RwnvLII4vDuaHbRM4Uv:bC142AwvoHVM4Uv

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\sample.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\sample.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1660
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.0.696740726\377764588" -parentBuildID 20221007134813 -prefsHandle 1248 -prefMapHandle 1240 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6806874a-e076-4ff2-ac0f-77804a80170d} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 1312 fbf4e58 gpu
        3⤵
          PID:2636
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.1.842086603\88721669" -parentBuildID 20221007134813 -prefsHandle 1516 -prefMapHandle 1512 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fdca64e-13ff-42d8-afcd-d60ac1b939b9} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 1528 e73858 socket
          3⤵
          • Checks processor information in registry
          PID:2104
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.2.896019514\207008013" -childID 1 -isForBrowser -prefsHandle 2040 -prefMapHandle 2036 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b2eca9e-610c-45d5-a6d4-98693aed1df5} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 2080 19cbc058 tab
          3⤵
            PID:2944
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.3.1118331873\1110579125" -childID 2 -isForBrowser -prefsHandle 2652 -prefMapHandle 2648 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b516c81-8200-43a6-8b1f-a92eb9f1e544} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 2664 1bfb4f58 tab
            3⤵
              PID:2332
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.4.2135986746\1284167351" -childID 3 -isForBrowser -prefsHandle 3756 -prefMapHandle 3752 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba1804e1-5e25-4c6f-bb99-a577d548cb1f} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 3764 1cece658 tab
              3⤵
                PID:2236
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.5.398645900\418390704" -childID 4 -isForBrowser -prefsHandle 3876 -prefMapHandle 3880 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcd48011-64e4-42cc-bc29-ec848b5bb916} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 3868 1eb48858 tab
                3⤵
                  PID:2008
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.6.616994547\1301096357" -childID 5 -isForBrowser -prefsHandle 4040 -prefMapHandle 4044 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e31397e-3878-4623-afab-0b36a6745ef9} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 4032 1ebeb058 tab
                  3⤵
                    PID:2044
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe"
                1⤵
                • Modifies Internet Explorer settings
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SetWindowsHookEx
                PID:2204
                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
                  2⤵
                  • Modifies Internet Explorer settings
                  • Suspicious use of SetWindowsHookEx
                  PID:1156

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
                Filesize

                67KB

                MD5

                753df6889fd7410a2e9fe333da83a429

                SHA1

                3c425f16e8267186061dd48ac1c77c122962456e

                SHA256

                b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

                SHA512

                9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                862a832234e74b76158bb02eb91a43de

                SHA1

                f92df4b4af6684211513a524976457c00e265716

                SHA256

                aa5c0b78ec88cdf25a4bd7a708fbb77c66a317c4697e4ae67464b81ebcea9bb8

                SHA512

                83791164475036eab580e1299e7d8e83b50746a03fdc165085eca19cdd0333aca2dd224eb543ed42bde7a8474b50b364a4061cb93d5e1984227ad35c72edc349

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                a5ffc224a14e5360e536cb0bb828b097

                SHA1

                6684b4460cd899c6201e8f1db5b00a5a5bc0b35d

                SHA256

                fe5f689f768b570a38d248eb0292b9f057518ba0208fdad1ced6e0073f7d475b

                SHA512

                1d1cd7c714affab34d97f6a5f4a480804bb984a1e5d11f5e22ce6176b849d7845f1c74e8f6234401ab87fe985fe298ea7f49ab8a0778dc020abd6e6e3d65e9d6

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                0ae5afd8cdb0ab481396140170b24a90

                SHA1

                a1a78c1dcba3d1035f0a076b1863dc67735c1c42

                SHA256

                300c0525624f845be61dd6af595058fcc86a5feeb4c9f9bca59ebff3ae6c84d0

                SHA512

                be164bcf7b50d0384c03a8af006481e6b9dcf0ee41d64c44b00a050437621590164daf2fb761045715b6b1fc9afe0f7fd57af73f32c8b98fc60ed1287a1836c2

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                bea9bc35a43bcdd88080edee4d2634d1

                SHA1

                c8c7276e62b0db68ec134b15d0502b227a78b4bf

                SHA256

                7e7a1a4d479fc595d890183570ea91c7fe6ac19eed8ed72b188b693f1e45846e

                SHA512

                cbbfa739cb894d6498503370e1a6d9f02daed818ee4c777dbe65598e6a3ad1299b3759a3ac80f96b195b69cbccd6f60271abf68fb5c697592df203434883b32b

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                fba6c6bd40546018917f0233efd98407

                SHA1

                d3007f21d1ee5a3e26d02cbe8d161f447ccfc743

                SHA256

                5fdb68d1197142458ff1f319006327afba26ddd692a1f5feb967d8806c3d204f

                SHA512

                d69b53bfc7e6e7a66a55a8d7db40db0b02b37a2e4b85caf47967b593b976044d1f31489b02af615ac93ef9515183351381fb24edae0536db03cd3a6ce94532f3

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                51658297a152885032e5c54454d9b208

                SHA1

                fe6104fbf29dc3853f5b3b64dcb13d8bc32d4b8f

                SHA256

                b7c8809fcd218e0ff48eb97530b6ad7098a0b6107322fc5dc12681ae0bbb52b9

                SHA512

                049fe181513f547cdbde89fa8b6d40cae4eaa27a0c7af3ea83a1c0172f55f5e3ec82416dbd9528e18d8158b7e6f5a86db938ad56d006b888c8499851d236023d

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                344B

                MD5

                f05246f20a5736e8bf3af258451ab32d

                SHA1

                e0e0fb15ae9839ac1e84c1bdaab54cc104e5ab72

                SHA256

                113496d1ef0beb48ea1dd8bb7563875262bfe6a88ab384939412b35cc46cb5fb

                SHA512

                8d3cc3a289de5fa720ec26de9b9066f1c4e420456e1765cf09bbd0c24697ac324276d97bec73d1270826884f68244e0c8a49bef126568202c226918dd6abca52

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Cab2A2F.tmp
                Filesize

                65KB

                MD5

                ac05d27423a85adc1622c714f2cb6184

                SHA1

                b0fe2b1abddb97837ea0195be70ab2ff14d43198

                SHA256

                c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                SHA512

                6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Tar2BEB.tmp
                Filesize

                175KB

                MD5

                dd73cead4b93366cf3465c8cd32e2796

                SHA1

                74546226dfe9ceb8184651e920d1dbfb432b314e

                SHA256

                a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

                SHA512

                ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\db\data.safe.bin
                Filesize

                2KB

                MD5

                c473abf032760d854996c14a780b1d2b

                SHA1

                b1298b0b5bcd1e516ceaa4202feb86d219deef3e

                SHA256

                e153e5aa3f2d84d72ca2a2afe760d94dad39bc95d3318133a9d3c7c82b49799d

                SHA512

                dc8bb99001dfbf4a549b4ca7074877a97d5305573ee59964440834126cbfe01f76d7a0355dc62945573ebbc7c74fce5c01596a0458d155d9e4853f1c06c467e6

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\6abeb0d4-b155-49d5-88b5-9503badf07eb
                Filesize

                11KB

                MD5

                b1ff57c683ba4b8d29b377584a48ee6f

                SHA1

                f92fc3f84010c5649bf970e4f8627b09db256cb5

                SHA256

                444e98bd6dbb73ed9cfeb4633db3dcf778226f9eda7c386418ef945d2455423f

                SHA512

                7032b61deac42a477d4ffa0b5f1bdae4bbd2595c84d096a0b04333bead983ddff6df52ab5a82e4acec3b9d411ea437ac20057bf859ce0ab45e3fc5da081f9aa0

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\afadb2ee-1c67-4526-826c-ca7928648806
                Filesize

                745B

                MD5

                693b5388549b56ab41e1d03dc1a32c47

                SHA1

                6ecd8774aa8260a8213431829b82e41c98d71028

                SHA256

                50a5860bc66a8dac3586d39c925eeb26c787c864f094b6b04d05391f620e805c

                SHA512

                f6cb29cd72961f48e036ca29fad5772a94f69d997744a1cb398e6473ca9ca0513aea2db2df727cec54ce2c4f172b7980f1159bb252e47d3d89bec5c49b8a1435

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js
                Filesize

                6KB

                MD5

                eebe7d7d950d7de5e9e7a7248c85c52c

                SHA1

                1e74420186996c17a33c6e4b08613b68996fcd0d

                SHA256

                83a5cb17f854d2ce6cf799187e851b151650d71f0fbdfc51b96874cbd3b249af

                SHA512

                5b1c771001fd4ab940f4da77db1544ab66b1caf831a14595a7ef7faa513a8a103a403c5c1d3b4105756f1e7abb91a3e4fa0b148411717c66de4c812a4b07a872

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js
                Filesize

                6KB

                MD5

                b39298d1ba253bca826f512af6ea2a96

                SHA1

                ca324cb7301899a2a0dedd1a218bf03bf52b9051

                SHA256

                da721cb7d58d148a5f79f2dd10fd17e68a1a8c7bb9ae5eddcf2b56c5e2599591

                SHA512

                2ea4b78423d9d2ed93c2ae7d5079a1493ff96fe5a99fb0a21174b89e0010cfe94863f96406c2226ca76617e756c65e08de809e831ff1498745319137a7a219d0

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore.jsonlz4
                Filesize

                872B

                MD5

                0f1f3eae0a36940e075735586bdaccf4

                SHA1

                787755671e89582e831c1be7c437207387650b1a

                SHA256

                d0c9b33f5177fa92045aa0ef1554b8bceeabed8da766d4bad5343d4c842a4026

                SHA512

                4dbb9d3e2275972ea9be1b43ba4cad6d3552ce7e71a0f4473fbf1a92f26d64b6e07c420a52928abc1a15965a64853b7b6e2ed761c4a2a117b4c4b991b06f05a0

                Download Submit