Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows7-x64

1

Analysis

  • max time kernel
    22s
  • max time network
    23s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 10:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1201256405903102113/1218374152914866219/novaskin-wallpaper-pizzamovienight.jpg?ex=66076e5a&is=65f4f95a&hm=b6b398b3755cd3a91d1d071b68a09dfb085096f29841d016b42ec53353cdaabe&

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://cdn.discordapp.com/attachments/1201256405903102113/1218374152914866219/novaskin-wallpaper-pizzamovienight.jpg?ex=66076e5a&is=65f4f95a&hm=b6b398b3755cd3a91d1d071b68a09dfb085096f29841d016b42ec53353cdaabe&"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1388
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://cdn.discordapp.com/attachments/1201256405903102113/1218374152914866219/novaskin-wallpaper-pizzamovienight.jpg?ex=66076e5a&is=65f4f95a&hm=b6b398b3755cd3a91d1d071b68a09dfb085096f29841d016b42ec53353cdaabe&
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:840
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="840.0.1501334529\835283076" -parentBuildID 20221007134813 -prefsHandle 1268 -prefMapHandle 1260 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26f33627-5284-41fd-8412-16219ab3ac48} 840 "\\.\pipe\gecko-crash-server-pipe.840" 1360 12bd5858 gpu
        3⤵
          PID:2148
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="840.1.315744777\719972366" -parentBuildID 20221007134813 -prefsHandle 1536 -prefMapHandle 1532 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e902b5dd-b5f3-4716-aa8b-ff5403d3cabb} 840 "\\.\pipe\gecko-crash-server-pipe.840" 1548 1072558 socket
          3⤵
            PID:2952
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="840.2.582548172\1653716495" -childID 1 -isForBrowser -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbe7d2ce-9e51-4a54-bdd9-8ae1bf640b14} 840 "\\.\pipe\gecko-crash-server-pipe.840" 2340 1b872e58 tab
            3⤵
              PID:1848
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="840.3.557185389\542851332" -childID 2 -isForBrowser -prefsHandle 2840 -prefMapHandle 2808 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e00dc16b-7ceb-4bf8-b4b8-2d92e7e49adb} 840 "\\.\pipe\gecko-crash-server-pipe.840" 2852 1d7b9158 tab
              3⤵
                PID:1660
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="840.4.246351298\1912568824" -childID 3 -isForBrowser -prefsHandle 3728 -prefMapHandle 3732 -prefsLen 26015 -prefMapSize 233275 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc70f203-f50d-49fa-ad0a-4ab672ecd0f4} 840 "\\.\pipe\gecko-crash-server-pipe.840" 3744 1b156158 tab
                3⤵
                  PID:2416
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="840.5.608700199\599362558" -childID 4 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 26015 -prefMapSize 233275 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0858c6e-ab0b-46e8-ad1e-21f60eaaad58} 840 "\\.\pipe\gecko-crash-server-pipe.840" 3836 1fd3de58 tab
                  3⤵
                    PID:2872
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="840.6.1796548338\824025219" -childID 5 -isForBrowser -prefsHandle 4012 -prefMapHandle 4016 -prefsLen 26015 -prefMapSize 233275 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8ca52cc-1899-4323-a156-bc8300560888} 840 "\\.\pipe\gecko-crash-server-pipe.840" 4000 1fd3ff58 tab
                    3⤵
                      PID:952

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  4ef0c15b6dac5883c7ef9ef33d43b6a6

                  SHA1

                  b061a097ba5c9d02b9a73abe5c34784c87b8856c

                  SHA256

                  33fce3d55a8228875c57079fcaa28c51b13e556aba787047d3c1ebab0403f726

                  SHA512

                  7d3d93268dcf7bb2aeb4b76b1b36621003d600a240d30a2aa1f39c7f9ed5689183e7cf1418c1103fd3857287e2fcd2c3d82a0534b0f97d5cce009839a42894d4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\2a87404e-807f-473f-8b31-c41d3106ba31
                  Filesize

                  9KB

                  MD5

                  cbc4f2f08aa942db5ae989b914ed75ce

                  SHA1

                  32acfb57ddc91aaca3b4985515e985c582d7b449

                  SHA256

                  7f64d4b43ef920e34f1be478165b7e8d29499a0ca566d54e4005b67438cc1d76

                  SHA512

                  eab04b9132882e73b3967f3adef745e19244bd1924411301710942308782b022c781d79dc677b87d758073de981710c6dc9123f63a2dfb12298e82b29396037f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\datareporting\glean\pending_pings\6e6cf18d-dfa8-4c29-b8e7-e319cee3c66e
                  Filesize

                  668B

                  MD5

                  ec20954bf44d27d81a7b61fb4af2d11a

                  SHA1

                  592144d4a56a2ae61d2ea07976db543a225fca1e

                  SHA256

                  09c84dcd04e6493d4a7b43d72537a1d80544a2bbd5d31c4ff84a42d2a1b7ee06

                  SHA512

                  d375fb5a9dd2d04fe1f7714382b538ed368f14a7148795499c7b4dc9bd87866df5ac27bdbdeada841f4458e5ec0abf5dfb9fc15587310ba898502443a0e687bd

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\extensions.json.tmp
                  Filesize

                  41KB

                  MD5

                  78f0ab30e767f358339a47ca07584ddb

                  SHA1

                  3f56049660672fcae0419b79954a1566ba825dcb

                  SHA256

                  f0c52e6175aed2dea40d2df738e896abb2e647cd7cbf02aa956cb1a6747c1375

                  SHA512

                  8299b150155f3030d5a11a45045550f996bcca9698772d3bcfd48514d732d7dc31d1920085d6cfdce4d3e13ee0549ab253d802fbd695f2c235e0ef8d757f3549

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  42dc08dbe598ff75565431125e3c6158

                  SHA1

                  fb0f99f32060852b3e18bb89f6c24162d20a60d0

                  SHA256

                  b93fde9617a48841181b3e47ec7cec54f4625eb7124edf715b86b5b03f6bbf20

                  SHA512

                  66254a2bcc397b587006dc4c948e877239faf1d1bbe9c77a59d53d7f682ecabf5d6beafc5f13492cc6e88a90f0e607c92c4030b090ff2b7577043feb016651fc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  160KB

                  MD5

                  e6ba31e13fa6a56b9d95e17272f041eb

                  SHA1

                  434dcf660cbb78ab2be83f0351eb0d3ab263c71b

                  SHA256

                  dacee2f96e765198b8294944c9375867e4c6c91ec3644b9f43a11bc0b24431b1

                  SHA512

                  c1825cc13f22cab6a603bbff955fea995798c5715a547b8a3526f120d0343b15fd0ae28459467ae5481ff2c6d1f7f6b3b2d9863368e001ddff85d1c79d2b5ac4

                  Download Submit