Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://welcome.visi...

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-03-2024 18:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://welcome.visionaryyouth.org/LD3pWFcfijFIH9NqGwTFel4f03pFVZ0hSledIEBejjJbUId6UQ==

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://welcome.visionaryyouth.org/LD3pWFcfijFIH9NqGwTFel4f03pFVZ0hSledIEBejjJbUId6UQ=="
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4576
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://welcome.visionaryyouth.org/LD3pWFcfijFIH9NqGwTFel4f03pFVZ0hSledIEBejjJbUId6UQ==
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:60
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="60.0.334081912\1369066740" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de9cd8cb-e5fc-4e95-b914-edbe9a1e0c3d} 60 "\\.\pipe\gecko-crash-server-pipe.60" 1960 279b64f2558 gpu
        3⤵
          PID:2604
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="60.1.674040670\1554558489" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fc55887-6f83-4475-99e2-ba7ef021e9cd} 60 "\\.\pipe\gecko-crash-server-pipe.60" 2436 279a9c75858 socket
          3⤵
            PID:2664
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="60.2.1138271563\1130004278" -childID 1 -isForBrowser -prefsHandle 3116 -prefMapHandle 2992 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d8671f3-c4f6-49ea-a997-0058d2c62b57} 60 "\\.\pipe\gecko-crash-server-pipe.60" 3104 279ba6d7f58 tab
            3⤵
              PID:1696
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="60.3.678216447\1512933062" -childID 2 -isForBrowser -prefsHandle 3956 -prefMapHandle 3952 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bc7fa57-e4e3-4e88-bcf3-b025382c3288} 60 "\\.\pipe\gecko-crash-server-pipe.60" 3968 279a9c6bd58 tab
              3⤵
                PID:3952
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="60.4.172101816\987424364" -childID 3 -isForBrowser -prefsHandle 4764 -prefMapHandle 4760 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dba4430-a299-419c-9830-502fd758728e} 60 "\\.\pipe\gecko-crash-server-pipe.60" 2900 279bc0ec858 tab
                3⤵
                  PID:4332
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="60.5.1711609757\1034067524" -childID 4 -isForBrowser -prefsHandle 4568 -prefMapHandle 4800 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5028561e-71df-4903-898c-2f6ea5e93657} 60 "\\.\pipe\gecko-crash-server-pipe.60" 4904 279bc0ee058 tab
                  3⤵
                    PID:3956
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="60.6.514205299\1133366598" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5088 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b43ab0f0-bf63-42b9-ac96-5d55b49c6567} 60 "\\.\pipe\gecko-crash-server-pipe.60" 5072 279bc8a8558 tab
                    3⤵
                      PID:4028

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\entries\A72798DEF4F924983D5A0DB82D383C613B515FF2
                  Filesize

                  13KB

                  MD5

                  fdd515f7bc6d8658fb067b6a34fb3d30

                  SHA1

                  42fb0e510f9fa590b8a9f5cc511e414e5722286e

                  SHA256

                  37c4e3cc6540f23cb06c46db618bab0d4518e16d75cbd51793b166ff57b9b16a

                  SHA512

                  db1de6822ee18f50b39eb9193032cee7e0092a94e8ea7e34235bcbec91ea2651d73593f260b31915f1159923c812c154c15ae55810e10f9bf9a2159cc35b87d0

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  4.0MB

                  MD5

                  1719a3e51f8999834f50e7758b634267

                  SHA1

                  4fa3b80f6776f02189866f68446dcf77287dce50

                  SHA256

                  ba2ae45c7e6e7c09d9a47f54f61afb26c25291e9d2bf384c8781f19c2252c10d

                  SHA512

                  7d83f4a23cb85ded203f556ecf04430357d0b2809915b364e415cc9624f9aa105465383e7f26934843b06bceee1ba81854ca58cb2959bc73813fa04c48ea5510

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  3KB

                  MD5

                  accab2bca7b7fb664730fb025e5a5aa9

                  SHA1

                  671b2def0d158e0f44b8956105da8d61399ffb87

                  SHA256

                  e0c0a0dacc551482f50854e06288f61e998817a0c862949cc0127fffcc00cb6d

                  SHA512

                  0beaa7d20c4d01461b5abac19e8337e4a2cd1b47866fe09170fff8a1975649b095a0d5e77a21d61bf0bd46e2e56a9cc6a0a0801b0ce89b071eec02d05ba40fd0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  06baf6763c3ee45b36e99e2d58ae39ac

                  SHA1

                  f0bba36e018c771b4b94a9281ce3f42ac03c4dfe

                  SHA256

                  44549046719559f709daeb441a2ec8602c9f2243ca2d775c821e365daade1156

                  SHA512

                  035bb4a791a00cf9f2470653ef25ccc2791f2112311e1240da695595899efa3ddabd3aa1d564f4e5dce5db7f9d1996b1a8a45a4637b003ff326659ee69c50b90

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\pending_pings\9638c763-29ae-4cf8-b833-73529474535f
                  Filesize

                  746B

                  MD5

                  fc8eaf8d781ccf5a63e053dc8a4eabef

                  SHA1

                  c5319a390d590d8b6e87defa217bdc9c452a0a33

                  SHA256

                  a2c06972c73fcc22146deffd63b30d1b352a9d09e5d063e292b20221c4a51e3f

                  SHA512

                  076cf3b254857de2f3ef1a9297296531392cd5560b55dc63ada82403f42e93bfb288a859b64c7e7bc9fd584b3e6d6a44525e8302b4897cc8be2bae1fea790ec0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\pending_pings\f6afc2c8-2824-4f8d-a132-cbb3bcecbdaf
                  Filesize

                  11KB

                  MD5

                  a21e018a185d9a0ca1ee5451dc2df8a2

                  SHA1

                  9712a38be7c6066f9fb86efafa1da2636e875e25

                  SHA256

                  4141b2cd69e32cbb79a90b4fef6b11f7272802bd1c694dfa2209426cef065e23

                  SHA512

                  4a87cb1846ac10f057bf2aa2c5441e71016ce7123c451cc76cf3d5dda560b943135880a7ef42519fcac9ed665fc2227385fa7e0efc3ddba2545437d7a0a0b5d4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                  Filesize

                  479B

                  MD5

                  49ddb419d96dceb9069018535fb2e2fc

                  SHA1

                  62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                  SHA256

                  2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                  SHA512

                  48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                  Filesize

                  372B

                  MD5

                  8be33af717bb1b67fbd61c3f4b807e9e

                  SHA1

                  7cf17656d174d951957ff36810e874a134dd49e0

                  SHA256

                  e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                  SHA512

                  6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                  Filesize

                  3.8MB

                  MD5

                  b04d48ae9d1c83043986172ad52dd62b

                  SHA1

                  aa0f15bc1eab85feba77067c2b25ad7ecb45aacd

                  SHA256

                  d892372996059b4c06b4bb7714322190cb083536570fe8aad0fcf8f4e3bce9c9

                  SHA512

                  7f66161b30f99e7c4258b17a4941718a1cca3ea5a7804f3d4fc30a5419edc96cd0978a669ab0c37ae8c473b7616ffcc6bd125a65168ac25c82fd33ead081b80a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                  Filesize

                  1KB

                  MD5

                  688bed3676d2104e7f17ae1cd2c59404

                  SHA1

                  952b2cdf783ac72fcb98338723e9afd38d47ad8e

                  SHA256

                  33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                  SHA512

                  7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                  Filesize

                  1KB

                  MD5

                  937326fead5fd401f6cca9118bd9ade9

                  SHA1

                  4526a57d4ae14ed29b37632c72aef3c408189d91

                  SHA256

                  68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                  SHA512

                  b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  000b4dd3c783cb16b7eefc38a9338396

                  SHA1

                  8d2888555e0d0ecbff8acbe0d9f347dbc27df721

                  SHA256

                  b9b54448afd083f58dad94344dfcb86c5449f910e77665255fed3e6fa4dc63b1

                  SHA512

                  e29962e0e952a17f68eaeedb4ada9a5ed9b710f0d788b127af6ce23007a3a1e209bccf7d1402b4cddb7b940b1eac577df678a5ff39c8a47ddc84a4c7cd4746b9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  83840928baa31225ca43fbc9730c4416

                  SHA1

                  1ffe62257bbbfa80ee97123591429468a6b0b1a7

                  SHA256

                  9f8a115a6b5563e67c74ccc14e0caea364506e5e0176fd677ac05bc87db73325

                  SHA512

                  bfcf11277a0216e8c4ce3e8ca2a0844d1e94e1828c374424687e80026bbac39140cc502e9a88f6fd02c46ec98073aa0cfa8686185c6183198a69fc227ff1df50

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  2e0004c073da14c9e57a4f83e74b0967

                  SHA1

                  c60c201b2ba1f584565721d247fa4fd521b018fc

                  SHA256

                  38df84250b78454c90c7bee241504c1d1450aeb059ced7a2328fdbb073a68b1d

                  SHA512

                  7696185d0df27a3545d3d0dc697348b501eedde630182c6a22a6de0e127851d491aefe801981acea0b8ea01d96d2d2133b70fb2e1e2fe66f9d55333b28e91833

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  f3d19dc9600cb8c49ad6dce548b4c268

                  SHA1

                  37f172a563ab40d0d206ace447f981a00425258d

                  SHA256

                  502c0d15c67e152f8c3254d814ccac4227362ae4dd380a71ac2ea10e2188a683

                  SHA512

                  1a894b301bae963b680bf379eb4ad2a1bcdcd506baf8947640f1d3b3e7ab884c861341afb2f0f91b3dfb1421a929905e20ee44f3a0bdbb51b2d296983376e706

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  79353dfd9609e79de2deddd4853a5876

                  SHA1

                  3ac251986cd2fbe1cf61cca9a187fc21696905f5

                  SHA256

                  597cd44b1e38d83c53aab9e1254bf26fad798deb4d916b5151edf93238a5a559

                  SHA512

                  efebf71b4e450cd8cbe1a1be05fed12db413efd1dac16f84b87af35f83386da806b7e496c0fbec19fe40362de8063c67cb65656420f3da8a1b4eaba681af8ca9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  026838863ad22b73d147c3c857a45aec

                  SHA1

                  9aed7f87acd38fcd24894d6e5e266e832d50e8b5

                  SHA256

                  33fa55dc4fba62e8a023c27ec27851d4ce08ea391fb8ebe47e5a655196789d4f

                  SHA512

                  d9595b29221a73b3dd55515af7422aae44ee8f5001f9e3b02dadf090750a5724636bc8356720a4f6e9e6a650304b31cf939952ae9279c49dfb4c56465b868d90

                  Download Submit