hxxps://v3pzb[.]intypipt[.]com/fify/#Geworline@clearedgemarketing[.]com

Analysis

max time kernel
74s
max time network
79s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://v3pzb.intypipt.com/fify/#[email protected]

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2412	firefox.exe
2412	firefox.exe
2412	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2412	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4052 wrote to memory of 2412	4052	firefox.exe	120
PID 4052 wrote to memory of 2412	4052	firefox.exe	120
PID 4052 wrote to memory of 2412	4052	firefox.exe	120
PID 4052 wrote to memory of 2412	4052	firefox.exe	120
PID 4052 wrote to memory of 2412	4052	firefox.exe	120
PID 4052 wrote to memory of 2412	4052	firefox.exe	120
PID 4052 wrote to memory of 2412	4052	firefox.exe	120
PID 4052 wrote to memory of 2412	4052	firefox.exe	120
PID 4052 wrote to memory of 2412	4052	firefox.exe	120
PID 4052 wrote to memory of 2412	4052	firefox.exe	120
PID 4052 wrote to memory of 2412	4052	firefox.exe	120
PID 2412 wrote to memory of 2192	2412	firefox.exe	121
PID 2412 wrote to memory of 2192	2412	firefox.exe	121
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 648	2412	firefox.exe	122
PID 2412 wrote to memory of 4240	2412	firefox.exe	123
PID 2412 wrote to memory of 4240	2412	firefox.exe	123
PID 2412 wrote to memory of 4240	2412	firefox.exe	123

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://v3pzb.intypipt.com/fify/#[email protected]
1⤵
PID:832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5232 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:1
1⤵
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5948 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:1
1⤵
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5732 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:8
1⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4132 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:1
1⤵
PID:2856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5224 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:1
1⤵
PID:4756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5988 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:8
1⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6120 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:1
1⤵
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6004 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:1
1⤵
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5804 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:1
1⤵
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5296 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:1
1⤵
PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=6436 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:1
1⤵
PID:2480

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6256 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:8
1⤵
PID:4520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4052
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.0.501171398\1337255131" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99d5db0f-5abf-4194-8617-317bca50193f} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 1964 201af4f6858 gpu
    3⤵
    PID:2192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.1.1429283181\254758873" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce3bae66-5e60-44fa-a628-b92876092a8f} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 2364 2019b572558 socket
    3⤵
    PID:648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.2.19753372\872653352" -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3044 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {405399c9-c767-4773-97d1-ca14789d2091} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 3020 201b344d058 tab
    3⤵
    PID:4240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.3.817261675\1183886863" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3480 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdb86e98-989c-44c1-b6e0-c1216b31cbec} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 3496 201b2da1e58 tab
    3⤵
    PID:3744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.4.2003382622\189737741" -childID 3 -isForBrowser -prefsHandle 3652 -prefMapHandle 3656 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be66ee98-1550-4f71-a6bb-952fbec1632f} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 3524 201b3569e58 tab
    3⤵
    PID:5072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2412.5.268049697\934643159" -childID 4 -isForBrowser -prefsHandle 3824 -prefMapHandle 3828 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4cc2f28-b0b0-43de-afc5-2dc82043982c} 2412 "\\.\pipe\gecko-crash-server-pipe.2412" 3908 201b3881e58 tab
    3⤵
    PID:3664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads