Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://afrjf5gu-let...

windows10-2004-x64

1

Analysis

  • max time kernel
    106s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2024, 15:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://afrjf5gu-letssea-online.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://afrjf5gu-letssea-online.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3160
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://afrjf5gu-letssea-online.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3948
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.0.1169719203\526748289" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1616 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7da155bb-bc17-4b9d-810f-fe09ca06e150} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 1980 2ca221d2158 gpu
        3⤵
          PID:768
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.1.201248356\1213980898" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2364 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58aed3cc-7d26-46dc-81d4-d7932e793597} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 2404 2ca15971c58 socket
          3⤵
            PID:2992
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.2.868157622\859978285" -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 3092 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20c4be16-638c-4289-af59-21f69f613dae} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 2964 2ca25fd8458 tab
            3⤵
              PID:1548
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.3.927457868\672767317" -childID 2 -isForBrowser -prefsHandle 3592 -prefMapHandle 3588 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37739ff2-dca9-43c8-ac6e-8336c9ae0e5e} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 3604 2ca268dd458 tab
              3⤵
                PID:4312
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.4.427770382\1664414408" -childID 3 -isForBrowser -prefsHandle 4964 -prefMapHandle 4632 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bcbc072-14f6-44b4-96b3-6451a61db864} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 4972 2ca263f2958 tab
                3⤵
                  PID:4340
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.5.262575973\102639634" -childID 4 -isForBrowser -prefsHandle 5092 -prefMapHandle 5096 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac8b1e2d-7904-4db9-b6a7-21739c5f1af1} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 4884 2ca27df6458 tab
                  3⤵
                    PID:4660
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.6.1398292960\341625255" -childID 5 -isForBrowser -prefsHandle 5288 -prefMapHandle 5292 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbd4ea1b-a43b-4f0a-9889-1e0cc33f32b6} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 5280 2ca286d9b58 tab
                    3⤵
                      PID:4592
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.7.2493709\1306267669" -childID 6 -isForBrowser -prefsHandle 3040 -prefMapHandle 2936 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68f39773-a2e1-430b-9662-3bcded473c32} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 3048 2ca24b3c858 tab
                      3⤵
                        PID:1328

                  Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.bin
                          Filesize

                          2KB

                          MD5

                          d476c027435636d454b0072a37688ca8

                          SHA1

                          39f2f9d8a85d0f4bd8a9cbdfad51357ea3778882

                          SHA256

                          519fee831ba1a336c83acd5a60df6882a18974c2c628706293209e8b259eafa7

                          SHA512

                          2144dc392b2751e18d9bc5b0e0514917693a9e10f6bc0e31a75d4db8b12e3d15ea8506902c1e7cf9fe124679f6947f474e370096f7f287d294914cc976b87499

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\b86394d0-2e21-4625-be9f-506d569eddfc
                          Filesize

                          746B

                          MD5

                          f3406de13803d9877c8ca6d9fa1d6fec

                          SHA1

                          1ea7a4d453765de3ac53ea53f0bed163cdeb74e7

                          SHA256

                          ba28e6f263839194f66fa4df306912869a4fd0b1240de69d0ca1588bcec0735e

                          SHA512

                          6a481021027c8cebb789110b45da6ddc3869ce0aa07404a36ee8cdbf5c580b85dba26f0a3237bcae4c3243d9e7c1fa1a6020878bd484aea3e932c3f48171e38d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\d9a9b60f-f220-4539-992e-2e42a3119c5d
                          Filesize

                          11KB

                          MD5

                          13ec3b180df74b6bcd8625a5b3222c64

                          SHA1

                          992a9c4e9810fa7e608f14b004437a9faf0e076d

                          SHA256

                          8e95d1ab0856f2283df4642f1a625e188bff3a0fb1752db4c87d672fe2aa3068

                          SHA512

                          7b31d08a222c622739bd8259af3582d5b7db70587e0f18ac086f32c9003de6f16737c78ddb3cd768b8a4be534d5e4aa92afdbbe0570b189c1a62219e6f5f68a2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          bfa8f62c60983332af166484d856ac0c

                          SHA1

                          022a3eb2bff54e8d239c8a5cd499701b0169686b

                          SHA256

                          6831338e726305e4fe4cfcfa2744cf752d3e34f6b25ab8c236b28606943e29a3

                          SHA512

                          affe4fae9908764648b9720da2827c16f20316c2e298df9dccbb2e903d217fff28b266d8ca6c93edc4092a73cd7bc0bd61eeaabab9c22686712ac528245ccbbc

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          5f953d8f7d98ba9210bca434609743be

                          SHA1

                          247a610fa6305afd37d640d97f97a1ae7ddd91af

                          SHA256

                          ebaabead6995fda79d65453b4d0839c67c00a77d5ad31e124e2ca72076cf7df7

                          SHA512

                          4d3cdc537c2aed3e7191211f6d0b3d1fe0ea568d2530d005ed3b170cb444e9b202e3b7f2bdcb08d3a5856d5886cda74818958c0f4316567c69547101dfdefd98

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          b088d6bccb5fcfd963e2d47639e008a3

                          SHA1

                          7584d4fb6f11607b66754202a864ec75a1083c84

                          SHA256

                          73d917e7f2167224a62f66de7f3286dba657144badb69bd78e30bd5c05580f66

                          SHA512

                          fa98a20bd613477ec96b069e4f47a444e95a62dc443a05bd014b8a8e6053c4c6d4619cff9534471858b84024ae7471a9d37d724677ab919c5624d33bf32408c7

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          11KB

                          MD5

                          9f7151e58e29228713faf5be1f4c9bbd

                          SHA1

                          0db1fb7f2b6db911fccefda1b64f19aa326aec04

                          SHA256

                          a6d411c60306ac58f8ec145d4c4fddf8f14035ded0509c629318058c869ac9fe

                          SHA512

                          caa45dc70e598473479c2c4d8fac713f4371b6d1a4a387cf1eb45347fdf4bb5b9723a165308b015c91c06726154316e735475e9a871c66bfa8b2696611081c0b

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          e803fc840e5c7e2b7c256ee98782ecd7

                          SHA1

                          05d1c2532ac3f6ab1dde88934ff70d6a3d572573

                          SHA256

                          996ac2420f72a2aa2709d172a10124ff6f2def90fc22cb41977ab4c05e1db099

                          SHA512

                          f614e869a7c542570e83504dd8e4ceeae7323e6ec1569e8794a91315ddce04263d4fe8f7aa8a8b29b9864917f755d4d6486559c3375d244ecfb3f55249fcd281

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          9d3d9b44f79bc5f1de33851c6aa558ac

                          SHA1

                          1c5add4c6f354e7e22983249c85735da4f296339

                          SHA256

                          890b9a270639edb95629a1340c9c973d9e0ac6e493a93aaf5008df851c54605f

                          SHA512

                          626daf4a8954b9bb74508aa406c07f5f93dbdc11a87fbd53550b122998fe0e37f69117f7dfa2a421e3b0526708df202cceafc78e6eff784148be399b2bd8164d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          6acf302ad52ee0c970b47a352547eeed

                          SHA1

                          af25190c2136c31e3ceb04a6c82697dd677081c4

                          SHA256

                          f90f09889cfb7b6135086eedd14cc31719a0a0c07b2c71f242d12fd2deb5f6ac

                          SHA512

                          c8743a084b1c4fd8cf767e795e41dd216500925b4ca79dce4d792228313e424630488791bd4574270d57e2d7e3537e327d5c92833692450a4015537d08762b28

                          Download Submit