Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://chondonexpre...

windows10-2004-x64

1

Analysis

  • max time kernel
    20s
  • max time network
    22s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2024, 20:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://chondonexpress.com/uedm/oditipsum.php

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://chondonexpress.com/uedm/oditipsum.php"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3868
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://chondonexpress.com/uedm/oditipsum.php
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4128
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4128.0.1846321070\12928650" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c285c18-b0b6-41ae-b9bc-05475a5da88d} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 1944 1a398303b58 gpu
        3⤵
          PID:3564
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4128.1.1691787318\1112701964" -parentBuildID 20221007134813 -prefsHandle 2340 -prefMapHandle 2328 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {988d5c85-2862-4a7d-8ca5-fe7fdf50839b} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 2368 1a396ffde58 socket
          3⤵
            PID:2568
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4128.2.1897919581\1977521693" -childID 1 -isForBrowser -prefsHandle 3332 -prefMapHandle 3328 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8376a5fa-5475-4859-9683-e3168d401940} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 3144 1a38a86b858 tab
            3⤵
              PID:3352
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4128.3.407371024\1725429053" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {928208f9-a80b-4208-ab84-97f811240af7} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 3624 1a39b1e5558 tab
              3⤵
                PID:2888
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4128.4.1674074491\929619120" -childID 3 -isForBrowser -prefsHandle 5084 -prefMapHandle 5080 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9223426b-3e8e-46fb-929d-fd055975784a} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 5096 1a39d49dd58 tab
                3⤵
                  PID:4576
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4128.5.1716487410\1487531785" -childID 4 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e5549ee-6342-4a1f-9d35-8d041739ada6} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 5228 1a39d49ce58 tab
                  3⤵
                    PID:928
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4128.6.409056142\447616918" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5404 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c524929c-f9bb-447d-9b9a-8f4f51baf6ea} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" 5512 1a39d49d158 tab
                    3⤵
                      PID:4376

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  9713822fdf6ad0741e1a483c54c42201

                  SHA1

                  50c5d84f20aa902d2d638bc84dafdd55868172cc

                  SHA256

                  4c2e01d2e9b95a172d38af9e728a09ae4dfe2854dcc4d19cb8d6496527fc0685

                  SHA512

                  97996c76211180ff36b35ff231d58c04ed1953750eecdd82c9c3b738ada032fe98d42be57bfc6518bef9a206c0089de28e65b1bf44a71c50700f23e698cfbf0c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\95a42207-d75f-4fb2-93e8-dfc9bc56970b
                  Filesize

                  746B

                  MD5

                  c5616d28104d08909406fd31364974c3

                  SHA1

                  df3a9cee55cdf6043f431e023d9d64e977fe6c64

                  SHA256

                  36e2295e56146c1eab03e4fa1933e490f6a2a9c87584b18cd2caf1042d3e245e

                  SHA512

                  d797356907df00de29974c0a9e7d9930a223343a9189da14031afcd2eb7d865c3b7e482121b6fc24c058317ba31e1bba8a53fbf8ebb8c8da57d9eae7a36f0f64

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\a05391b1-19bf-4e54-b7aa-f54c65a35095
                  Filesize

                  11KB

                  MD5

                  4c8aacb2295b0e913d837537be1d54dd

                  SHA1

                  0701ed7fdcd959f4d9910edd0d552acb29b9c9a1

                  SHA256

                  88e7055f84bfc074368d27a4b8166ff3b5ca4afc39b9b9868e9deae9e351b9cf

                  SHA512

                  c7da48f86a5f97433dbeb6f27c81326da0c29514a760fc9111a6fa9412c1515e400fc9c6049e91d2f507dacc9121c8e3ae2047738b74831744559d2ff1044440

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  418fa3d02d9f5e3f6bc0a786b8ea4d6b

                  SHA1

                  38bcd92402868d25ad4f18f811e27f89cc696d8e

                  SHA256

                  354e3dd45fc53773caacc2ac976af96f52a75e6a6f342ed916e2eab1e73fe191

                  SHA512

                  db059971bcbc6f63b061d3961dc99de5a14753ab4a14253724b33074157c2a8be81443e182ac570fd9bfe4792f701ea5f77501a9b2ed0883823f2d2c8d2a81bd

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  aeff733693bdeae69a00ec99f1d88a7d

                  SHA1

                  c4d0adf5dfc10aeda6d7b87e0e761b499cabb0f0

                  SHA256

                  f42f37ebd8b95baed391264e3454efe46b32069cb97984926496e20f1713c3a1

                  SHA512

                  be07f9557d9e7d2d0faa21d6be1e92262270538937d6d469500c398aa51c3725a4c33b957712d5c978e0e0a1d8698f9925d5e637921e9f449b60f36c3135ee7e

                  Download Submit