Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://delivery.mail...

windows11-21h2-x64

1

Analysis

  • max time kernel
    129s
  • max time network
    127s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/03/2024, 20:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://delivery.mailzzy.com/ZGFXLTUDHO?id=116615=JUwJCFVTVFMERQoNVg0KAgAGUQYJAwAEVwcGAg9UClFXAg8BUANWWwEKWwsGDQcBBFBOXVBeWV0JWVQWBlYAdwFdWFAISwENXEUIDgANCwcHBAUBDgUMA1AMARheEU1HXB8WXQEJCxRUS0AXXVVaWEpPSxhaX1UcPHNzPHoxbHMufwZQABkUUQ==&fl=DkRNSV5KTQNdXE9KVUdfXR5bV0I=#?act=cl&pid=36415_pd&uid=19&vid=5422430&ofid=10147&lid=352&cid=629235

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 25 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://delivery.mailzzy.com/ZGFXLTUDHO?id=116615=JUwJCFVTVFMERQoNVg0KAgAGUQYJAwAEVwcGAg9UClFXAg8BUANWWwEKWwsGDQcBBFBOXVBeWV0JWVQWBlYAdwFdWFAISwENXEUIDgANCwcHBAUBDgUMA1AMARheEU1HXB8WXQEJCxRUS0AXXVVaWEpPSxhaX1UcPHNzPHoxbHMufwZQABkUUQ==&fl=DkRNSV5KTQNdXE9KVUdfXR5bV0I=#?act=cl&pid=36415_pd&uid=19&vid=5422430&ofid=10147&lid=352&cid=629235"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:732
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://delivery.mailzzy.com/ZGFXLTUDHO?id=116615=JUwJCFVTVFMERQoNVg0KAgAGUQYJAwAEVwcGAg9UClFXAg8BUANWWwEKWwsGDQcBBFBOXVBeWV0JWVQWBlYAdwFdWFAISwENXEUIDgANCwcHBAUBDgUMA1AMARheEU1HXB8WXQEJCxRUS0AXXVVaWEpPSxhaX1UcPHNzPHoxbHMufwZQABkUUQ==&fl=DkRNSV5KTQNdXE9KVUdfXR5bV0I=#?act=cl&pid=36415_pd&uid=19&vid=5422430&ofid=10147&lid=352&cid=629235
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4704
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.0.550695883\1953624115" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2730be84-1e7e-42f6-81fd-edefc3ba58bf} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 1748 155543e9e58 gpu
        3⤵
          PID:840
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.1.738189055\1973511573" -parentBuildID 20221007134813 -prefsHandle 2284 -prefMapHandle 2280 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {faab5c2b-a7fd-4ade-bfd8-2fad4086f2d3} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 2296 15553e40f58 socket
          3⤵
            PID:2016
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.2.2059560300\840759470" -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 2724 -prefsLen 21666 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {657fa7bb-adee-44ef-8d1e-878c95d5620c} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 2736 155594db858 tab
            3⤵
              PID:1780
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.3.130158283\1956510825" -childID 2 -isForBrowser -prefsHandle 3508 -prefMapHandle 3496 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ccfbc8c-5163-40fe-9b14-7e6edd274f90} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 3520 1555aa03b58 tab
              3⤵
                PID:2476
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.4.471228904\964449237" -childID 3 -isForBrowser -prefsHandle 4872 -prefMapHandle 4916 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3b9fa1b-bb8d-44d2-901d-05d93c6174b4} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 4940 1555bc31358 tab
                3⤵
                  PID:3544
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.5.1837619974\1678370570" -childID 4 -isForBrowser -prefsHandle 5080 -prefMapHandle 5084 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e4cfd72-2121-4244-8950-05c4c372f1dd} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 5068 1555bc31658 tab
                  3⤵
                    PID:848
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.6.1987031903\1113702969" -childID 5 -isForBrowser -prefsHandle 4952 -prefMapHandle 5124 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5453e85d-163f-4b11-95fe-39204a180ec9} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 4076 1555bc32e58 tab
                    3⤵
                      PID:2324
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.7.91256112\1537518286" -childID 6 -isForBrowser -prefsHandle 3140 -prefMapHandle 3148 -prefsLen 26298 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07c3f7aa-c178-4ba8-a50c-80c4a56a821d} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 5568 15559749e58 tab
                      3⤵
                        PID:4464
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.8.1002085796\1454777462" -childID 7 -isForBrowser -prefsHandle 5344 -prefMapHandle 4928 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ba6096d-cc8c-4a84-88c0-a4114fda6209} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 5004 15548364758 tab
                        3⤵
                          PID:1912
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.9.296660199\50518567" -childID 8 -isForBrowser -prefsHandle 1572 -prefMapHandle 2640 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afff02a8-1fd1-4059-8088-e6d7e30470d6} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 4252 155594db858 tab
                          3⤵
                            PID:3128
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4704.10.866203634\690601383" -childID 9 -isForBrowser -prefsHandle 3872 -prefMapHandle 1544 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {459e0151-4c03-42d0-83a2-43b23b48f917} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" 3896 1555c675e58 tab
                            3⤵
                              PID:1780

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ri34bmyn.default-release\cache2\doomed\14012
                          Filesize

                          9KB

                          MD5

                          f1b0311363abc66320e15ca413c2f43a

                          SHA1

                          efaa4cc44a7992a086987bb94a81e926ea550d87

                          SHA256

                          fe495db4eda5c8a7c75835fd4484c088e8d247243e4d163cbe653ed2bb29c005

                          SHA512

                          bccbb70210bf67e55fef9229759c03fc5df1da001cd1bb60ba07e6b68481922406519c759764ae69fe1eac82ccc322aa1d908f08de9d288718fa1370cbc7c4f6

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\datareporting\glean\db\data.safe.bin
                          Filesize

                          2KB

                          MD5

                          404e2a61d044788656884c8c555fde1f

                          SHA1

                          b204fb0bab556719159d299f0980b1616ecadfe8

                          SHA256

                          c961b20da07f65ac7f2d55dcbfac162448459c58cffbcf4c3accefaf35be4b15

                          SHA512

                          c1765fab8f26ba32d2afb4f07f836081c4fe0948970a36515d4db6a8665fe00533f73f6297edec13f2d2a818fbbb0834b0c7578bd6f55a8de850e09f877b40d5

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\datareporting\glean\pending_pings\c081264d-dcdc-4522-9fde-00a72c7d814f
                          Filesize

                          746B

                          MD5

                          79e173a626dc1a11356718ba315b0ae8

                          SHA1

                          777703162fd7d513a4bb8a6193e5f68d68390d88

                          SHA256

                          996fc6329533ee7d0ca96f5bb7f700e1a87f30e0e52a6c38139e327196a9a6d1

                          SHA512

                          4ccfeec29ab2ac9429341fbf7694be949b07e54b161dd7b517baa46058b0d795bbfdf7fdedc5d28f25740eb14ebbee45167071c1605ce1a6c88d79374d7afaeb

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\datareporting\glean\pending_pings\f88d2331-5868-4e85-a7fe-97958b247931
                          Filesize

                          11KB

                          MD5

                          6c76546a2ac97500be18f050103a5df4

                          SHA1

                          73f354b4db4c1ca75b9907c5a4b36f113bb3b35e

                          SHA256

                          60737e393ec71a50bf83ba94b4e840318ba49f48a7b5280f3914eb3b7d581239

                          SHA512

                          8978a111b636ea45b176beffd2505f7c5ff918aed19b6cc280d563e7a65c07b72661dde65a63ec8d3c1cb032ac8b12f7cde601864d3f40d25cd251c379750355

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          8db4e03ba8ab3beee31fd1eeaf2fa4fc

                          SHA1

                          586827b384377f9a9bdc3b8abcaca93a9bfac567

                          SHA256

                          f84b1b910211b8fb1ca7f0a2b1dc6d37e00c668f061162646861ef0c9fb889c8

                          SHA512

                          599fd9e52696540636a7c46907a265bd1dc57eeff9cd5c87f07dbe68d9a56ede864ecadf019b0796b195bb08d4aff7ea1241cc3247b8027c8ffacc354c6663f3

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          80d6602721553a7d0f5adb92667157fa

                          SHA1

                          d266626aa3e602686d86a5c4905b874f576fe838

                          SHA256

                          18ba0451eda79c3217022c94ce8d71fc34f44eb429d779e02f7f16e69240d46c

                          SHA512

                          ccf0ecd03372e8b49f8b9bcd8ca5b0792963e1487ffc395f62ddff821231ae275e5961cfb26339af27993b945dc4cfe82a26a5e508254aa089db217f53ca4d43

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          d2cc5d433963e7686a0981ac4485997e

                          SHA1

                          defce669d0e5097b6bc362744f61ccf41f662458

                          SHA256

                          aae1801b1f5752a78f111de194559d860ad082b492aed4d164c10a9185cf597d

                          SHA512

                          ddd259c067c1b79ee361eeb802dca9576c886b1b937d4fc7d34b8edac7cd1075b083acc6821c23bb42d01aeabf285b718d0773ac9a54a65270f7db38e4beec2f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          30cb7407cec42291352920b69bee7aba

                          SHA1

                          3bd89d781e858b4c3d54f0aa7cb987f978c9a0cb

                          SHA256

                          9eaa067a6f19c4ef8b38add0e9eecd9538b632a8499c171c953ba14942e44620

                          SHA512

                          6192d60ba999c537917ec393a47a2b2e462efd2eb2a4752bf1bbd54f63522229cd4fd5ac8c6b68a0682a693cf97571737d3d3f6684cce8409f5a759ebac7969a

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          5KB

                          MD5

                          ce2df2caf9b24d064ec98fc746ba5c5a

                          SHA1

                          aff8d246f6ebab88a23ecefedf4efd80e7db9b61

                          SHA256

                          301c7b13a6a26e0f6e8e4731caa11d9441b246dc331205448c7b6ad89ad9d47a

                          SHA512

                          49d6113d2b442fa2f7ba9176d0ae1e88e73d8f0a68704681dc9a1b9f14fc218532dffc54f1921d570364ce7637d316dce757b33a0f5a51e5487b78743ded168e

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          5d68661fd45b8aae9ab2dbe50462a2fb

                          SHA1

                          e609565559e3e3ef5cc80fe5d78e0e2c635d8901

                          SHA256

                          b49fed09e337da6eeddf6e2dbec52ec6bd4a2b2c59f4f93dbde5053ad8f93ff9

                          SHA512

                          09d13bb20cbb0e7c39d5fd4a2e4f1456317c039cbefb26aa1040446e63c61f60be9ca0a18d565b1758b386954eda13ba5fe8b888193d470da333635b15f84665

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          4KB

                          MD5

                          558628c3d4627ad6a4c5dacf35211bed

                          SHA1

                          7beab6fec3d2dbbeec553d9fe1d1a3f46078dd15

                          SHA256

                          bf385984b4610bec8e8b610e4bfe8f16cfbdccafca259528044080675517782d

                          SHA512

                          a05ef374e48d09069b4ceeb658ba39a72bb69e79dd037cebf9a105131d7cfa35f051833eb3fa54eda8ac889b8e71f87454f8bc56a3693227b493b5d42841fdc2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ri34bmyn.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          5KB

                          MD5

                          d9bae5dcab271548ad857ec525ad282b

                          SHA1

                          f98a01c706eb4e0776b18a396799c0e778afb027

                          SHA256

                          5befe09d0c988153ff31f80904ebd5241733e1225c152875004a51dcd4e65351

                          SHA512

                          772c4f0fb10dfc7b4dd970261456cfe21d697e5238e3d60d9ca6022bd3708429e4a999755e1e6209459ffcd107c210d599e0df991427421a5881ee49e553a592

                          Download Submit