Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://click.global...

windows10-1703-x64

1

Analysis

  • max time kernel
    57s
  • max time network
    66s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15/03/2024, 18:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://click.global.easyfairs.com/?qs=68ccc118e7354ff494894e69a134795e15df1f437dd5093b271f5b69996895d0976d6b68152dff8a6eb6c0448601c77e8eebd8cae181aa68

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://click.global.easyfairs.com/?qs=68ccc118e7354ff494894e69a134795e15df1f437dd5093b271f5b69996895d0976d6b68152dff8a6eb6c0448601c77e8eebd8cae181aa68"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://click.global.easyfairs.com/?qs=68ccc118e7354ff494894e69a134795e15df1f437dd5093b271f5b69996895d0976d6b68152dff8a6eb6c0448601c77e8eebd8cae181aa68
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1544
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.0.1532432876\356640732" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f0f3f91-bcdc-4fe4-8457-11746c01e03e} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 1780 2e5340fc658 gpu
        3⤵
          PID:4972
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.1.476186773\640542374" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2132 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {348701f2-d003-4272-91a3-13e90a5e547c} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 2148 2e533ffa258 socket
          3⤵
            PID:992
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.2.1905951245\367918471" -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 3208 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac9f3a15-912b-42f8-ab96-a25c4ada5042} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 3224 2e534064f58 tab
            3⤵
              PID:968
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.3.1844707338\1197336428" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fe1571d-fcb6-415e-84a4-4f9a0299feac} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 3504 2e5392eb958 tab
              3⤵
                PID:4644
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.4.1833991860\1499415728" -childID 3 -isForBrowser -prefsHandle 4560 -prefMapHandle 4556 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a798ef4-886b-4e92-8d27-02d76ae3f073} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 4576 2e5386d4258 tab
                3⤵
                  PID:3380
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.5.1973279452\289961345" -childID 4 -isForBrowser -prefsHandle 4792 -prefMapHandle 4788 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff32f97f-4881-43d3-beda-9e19347eab3f} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 4708 2e53a591358 tab
                  3⤵
                    PID:2952
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.6.1201270868\1213914769" -childID 5 -isForBrowser -prefsHandle 5004 -prefMapHandle 5000 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85fcff2e-4df6-47a2-a83a-495b15b10f29} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 5012 2e53a56a558 tab
                    3⤵
                      PID:2980
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.7.809916782\314398548" -childID 6 -isForBrowser -prefsHandle 3228 -prefMapHandle 3264 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d1a393d-7055-47cb-92e1-724b76c766be} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 3308 2e53a591c58 tab
                      3⤵
                        PID:1284
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.8.1013076861\381559921" -childID 7 -isForBrowser -prefsHandle 5360 -prefMapHandle 4352 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d47dea71-2ea5-4ae5-ace3-39c8aa181bf1} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 4444 2e53a55e558 tab
                        3⤵
                          PID:600
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.9.1645066208\234421940" -childID 8 -isForBrowser -prefsHandle 5544 -prefMapHandle 5548 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5357f70a-32cb-4356-a08b-dedde94f6c1d} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 5532 2e53b733558 tab
                          3⤵
                            PID:3884
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.10.2013437703\1909588985" -childID 9 -isForBrowser -prefsHandle 9644 -prefMapHandle 9656 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af95d881-fae9-47d2-bbdb-89c849eee189} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 9636 2e53c4d5158 tab
                            3⤵
                              PID:5032
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.11.312112717\1664885862" -childID 10 -isForBrowser -prefsHandle 9664 -prefMapHandle 4664 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8695b144-a07b-4a9d-8f15-a63488c55f22} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 9528 2e53bd53258 tab
                              3⤵
                                PID:3080
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.12.2049054252\1386314136" -childID 11 -isForBrowser -prefsHandle 9488 -prefMapHandle 9492 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bd9a815-0ac5-4760-bc0c-cfb089500f1c} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 9480 2e53c425858 tab
                                3⤵
                                  PID:1352

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\E8FDAB0F9EE03C6BBB9A549D8BABE40A4C678FA4
                              Filesize

                              207KB

                              MD5

                              fa7fa93bddeb96b7b3d7ee2e073283f8

                              SHA1

                              1af388372bb24b509a6bf037a5f3b089c4e82197

                              SHA256

                              c488e1163e4e036e6155973b2c299a2ef14d29512075ae6c117f9294fd0b8460

                              SHA512

                              718243232898a037636dbb3533da086e6d5c3a2698039117fae01ce1b8d7082cf31f21393f727b9043e32775855fe574e8f8d4c8e8bb4c8797786bc612d525b3

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\datareporting\glean\db\data.safe.bin
                              Filesize

                              2KB

                              MD5

                              ac61d5dbb9e1841a1a1497b945695f87

                              SHA1

                              435984a60482f5c3adcd933c36ac257ee01b837c

                              SHA256

                              de6a0619b20b46a467621b96039cf5ed3c1c376adfc10434613aa62a928821e1

                              SHA512

                              73ee3a030c597d2536338ff0f1be817686797ee30a3cf8306943537f43fec639aa3710ca27544e34b6404dd1a3f1bac27e016038005dced624bf04b8e675a950

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\datareporting\glean\pending_pings\2f97b4f8-1021-432a-88ce-3a22382cc38d
                              Filesize

                              746B

                              MD5

                              a2a8cd9f6509cdec6502982f76eb75a4

                              SHA1

                              75de4f13462d610f4dbc9b6a58ad815c0f5a08c1

                              SHA256

                              e609d653099effd168bc8a209512f5600bc6256cce563692340c41fe8f2570b9

                              SHA512

                              78ae4f4d27c7e30a5a09cebfe222e978930c66a73354a4ea84e683c628f5ec0eb75905bb7706a50c0d34b53dcf8d131c729c46b8d64c18ad8a95c5e75662fcb8

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\datareporting\glean\pending_pings\bf92971c-9042-47c4-a961-2c3534912006
                              Filesize

                              10KB

                              MD5

                              3bf10a4cc603a1def8ac44ec4fed8f99

                              SHA1

                              619135a1176caade32183aa28e25b7461f728d4e

                              SHA256

                              954e82a53a65b7a02bf6c02bc12b93733d30acec7b804e5ffa53cfd70358526c

                              SHA512

                              87c36ae62a5ce5d48e7fb98eaf77b41f50685d4062ca5dcca62ddba54d19ba2b80bbcf1a3d4fc9112189de27d3134b7ec8844759e4edcdea765ae43747b02a81

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              7d3de9ec4610a28137723994667a4bbb

                              SHA1

                              b38cabe4e892bcb10bb019ebf8837b4910731360

                              SHA256

                              e5de9a123aa1329ee0c0fcea16223107e48c7efd1d145edc3488c110d319a98b

                              SHA512

                              d773d34114bb467c81d9a34845a75125649d8de93cd6653c3fc097a2ad8285a220b46590cb648e821c9a0711795803c689ddb9d7f1b496b2c8ab0caea5fad814

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              986B

                              MD5

                              4e7035d8001748447700096ad23f5ed0

                              SHA1

                              dcab3483b955b79d8394d752322e78f4aae7c9fe

                              SHA256

                              e7237c36bf5dc68500e73033bc415f69b884b7bf654f125b2aa80a5bafb84049

                              SHA512

                              b215222a97fd1144ae93354c2155d017394e139774eef394dfc27f646800202e361a9da56924193bc29976e689204dcd361d2a11ad28e717518e97bcd5aec598

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              1KB

                              MD5

                              914d8a5fbf3ebfd553c0807e050a578d

                              SHA1

                              d430f33fad86342ce54ba4752db17ae47ed38ff4

                              SHA256

                              7cf65d274c6ba4344bdfa061145553bebc3551a54282227baf55bc6e84baa171

                              SHA512

                              87b6dba8eca3e120210c9fb72e2efcc28da1b654e90dabcda67e67b4ac94a6b9312212e72aec80a2c936c2f582077d428bccca501fccf24a2c4060d0e66ef07a

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              1KB

                              MD5

                              ad809d26a539511979391c48c79e84dd

                              SHA1

                              10a85cdc63076b0b826a5998789a0bef05a02fba

                              SHA256

                              513d69b70a674f8a506e819ea56edacaa30402f41ef4cba7ac04dcaed852d9d7

                              SHA512

                              01c77b977724b2abea114054755e82395d52ffa5e811f91dd92b921da2494f369434d31bdc55f76e25d7ec1ad6fd793c388a54380bc673aa059bb69d65747087

                              Download Submit