Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows7-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    3s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 17:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1200172314877243432/1219702555311997038/2024-03-19_18.40.52.png?ex=660c4386&is=65f9ce86&hm=1d8971186e5b11632519ab537011670e25bed912d1ae992058af1661903d21f7&

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://cdn.discordapp.com/attachments/1200172314877243432/1219702555311997038/2024-03-19_18.40.52.png?ex=660c4386&is=65f9ce86&hm=1d8971186e5b11632519ab537011670e25bed912d1ae992058af1661903d21f7&"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1508
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://cdn.discordapp.com/attachments/1200172314877243432/1219702555311997038/2024-03-19_18.40.52.png?ex=660c4386&is=65f9ce86&hm=1d8971186e5b11632519ab537011670e25bed912d1ae992058af1661903d21f7&
      2⤵
      • Checks processor information in registry
      PID:2392
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.0.894283021\915823016" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1228 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13677ab4-fdd1-4bb6-8702-c1e39a3ba746} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 1300 10df6f58 gpu
        3⤵
          PID:2572
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.1.276133180\830902859" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {613e74c4-42ac-4863-bf92-236cd4b56383} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 1516 e7f858 socket
          3⤵
            PID:2816
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.2.818452433\1974473852" -childID 1 -isForBrowser -prefsHandle 1704 -prefMapHandle 2060 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8113d67-0bf9-4435-8b61-087b6c9590b7} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 1856 1a4a0c58 tab
            3⤵
              PID:620
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.3.1906337534\692442" -childID 2 -isForBrowser -prefsHandle 2860 -prefMapHandle 2856 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d665052-631d-4629-9dc1-aab1dc95c37a} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 2872 e6f258 tab
              3⤵
                PID:1744
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.4.1892201354\269954059" -childID 3 -isForBrowser -prefsHandle 3604 -prefMapHandle 3460 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd7092ea-eeab-4077-afd7-2326e70f7d12} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 3616 1e368458 tab
                3⤵
                  PID:2084
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.5.1729788636\1285144994" -childID 4 -isForBrowser -prefsHandle 3724 -prefMapHandle 3728 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46caca03-2bea-4afb-b3ae-b5afd1f956c4} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 3712 1e368758 tab
                  3⤵
                    PID:1668
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2392.6.68392489\652797680" -childID 5 -isForBrowser -prefsHandle 3888 -prefMapHandle 3892 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32db592f-82d8-4f2d-ad9d-079aae5a300e} 2392 "\\.\pipe\gecko-crash-server-pipe.2392" 3876 1e369958 tab
                    3⤵
                      PID:1804

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  8e474d8af6d0fa4aaba36ea16110c688

                  SHA1

                  78710aadca864bbecbe5af07e926f2123d7511d0

                  SHA256

                  32907e5a154e899723626bf47fe76fa897c3b5065f8352c426ebb5bd286e6246

                  SHA512

                  f2b7dffcf598fab5a03013b6f37a3ee388cbc8726b90b1380feb7a0eae419b273d8fdf5e4a33c3cedd5cfcc190ffd3767701bdc324a497020165fe5c63f77dcc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\pending_pings\1982c691-30c2-4901-b821-7d36179d7202
                  Filesize

                  11KB

                  MD5

                  110865204586e79f49249c2d93c70f5b

                  SHA1

                  7a552337a6d89f1458af062cee80e119b935845e

                  SHA256

                  593a5d68dab043fe4e9fbf70c78b33dc1ebe75ee926d7694bea67e3f6286b0a5

                  SHA512

                  a7f831e58911c1977fe0771bbf916879e79856e195cbac24ff6568b333c13d0870135cbf0041b0611d4cc62cf85c79fd4bc599c896959700a1e7f3d266efeb86

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\pending_pings\8f9e6075-0caf-4a75-9188-600e831b2023
                  Filesize

                  745B

                  MD5

                  0d1f6f4d14218a7a4942b62936fa9085

                  SHA1

                  93739bd79eaf610cddcf32461d5ffd9c9b0963d1

                  SHA256

                  a1fa6da6d7eb0f4746299da86538586889e4df647879871d3e73b7bd53fda2d6

                  SHA512

                  f5db3200a9118ad6051247f88dcf1a42678038b13c6080954867f74446b7522f0f3a1bd6d6b721081687ed24154fa2962dadb81e3ff2b22ad5cf2f31897230d2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  ce8376b13ac073a3597fd645fb1fdc3d

                  SHA1

                  7996d14906158ae94a7d4d35f492cb6284702f2c

                  SHA256

                  8b680923b0cad090e5242ee07ac992f29975ce9717b24c8e5a10a5a8161bdbad

                  SHA512

                  7e72d540ecc2aad79104ae4125e187713355b7a657a720a3e5d405509471cc4c9c3334a60fc4c47d3e8113b409fe80e439362569c2a1f9da421770e37462ec29

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  2bef8bf98bd5f15ef3656584401d7b86

                  SHA1

                  1c0f2b2eb039ff60ba04d054cb77a72c6ddf5670

                  SHA256

                  ac1cc6238e57b2558b6845ded80d52fed1e316a042af2b865b8b63c166d8c85e

                  SHA512

                  efd3569ea773427d2624135bca817d451a0547e0150295cffaa8750882a7a71bf7829490fd91dc0b6df238462fd1fe330ff093ca01003f6ae95969e1629fddc9

                  Download Submit