Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://app.connecti...

windows10-2004-x64

1

Analysis

  • max time kernel
    27s
  • max time network
    29s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-03-2024 16:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://app.connection.keysight.com/e/er?elq_cid=9429265&cmpid=ELQ-30262&elqCampaignId=30262&s=609785623&lid=29190&elqTrackId=DBFE240476F53DEA07B8DA9CBDA0F6E2&elq=372f71f7c84a4ff796072ddb828459d6&elqaid=61999&elqat=1

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://app.connection.keysight.com/e/er?elq_cid=9429265&cmpid=ELQ-30262&elqCampaignId=30262&s=609785623&lid=29190&elqTrackId=DBFE240476F53DEA07B8DA9CBDA0F6E2&elq=372f71f7c84a4ff796072ddb828459d6&elqaid=61999&elqat=1"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4612
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://app.connection.keysight.com/e/er?elq_cid=9429265&cmpid=ELQ-30262&elqCampaignId=30262&s=609785623&lid=29190&elqTrackId=DBFE240476F53DEA07B8DA9CBDA0F6E2&elq=372f71f7c84a4ff796072ddb828459d6&elqaid=61999&elqat=1
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:448
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.0.261227712\1750102938" -parentBuildID 20221007134813 -prefsHandle 1928 -prefMapHandle 1912 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d6b2c67-f24e-4406-9ff3-3d1f9dceb37e} 448 "\\.\pipe\gecko-crash-server-pipe.448" 2044 208ed8be458 gpu
        3⤵
          PID:2184
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.1.1818651655\2111525206" -parentBuildID 20221007134813 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbb8405a-8eca-43e6-baaf-d5bc864ef8c2} 448 "\\.\pipe\gecko-crash-server-pipe.448" 2444 208ed439b58 socket
          3⤵
            PID:3068
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.2.1281245395\2100446763" -childID 1 -isForBrowser -prefsHandle 3228 -prefMapHandle 3224 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e12e86f-ba38-4522-83c2-0ec4cb59fd93} 448 "\\.\pipe\gecko-crash-server-pipe.448" 3240 208ed861f58 tab
            3⤵
              PID:3936
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.3.985680275\1435372634" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1cb3173-ad66-4e04-88f1-44399b282968} 448 "\\.\pipe\gecko-crash-server-pipe.448" 3600 208f05cc858 tab
              3⤵
                PID:1428
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.4.962130950\622356945" -childID 3 -isForBrowser -prefsHandle 4940 -prefMapHandle 4960 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1148ef4c-1935-4993-bff8-0852f1cc564c} 448 "\\.\pipe\gecko-crash-server-pipe.448" 4932 208f3bc7458 tab
                3⤵
                  PID:2080
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.5.2131220719\1333765951" -childID 4 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dafe31b3-1cee-4b96-af06-74d6b5c79447} 448 "\\.\pipe\gecko-crash-server-pipe.448" 4996 208f3bc8f58 tab
                  3⤵
                    PID:4612
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.6.1695304100\848854167" -childID 5 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f622819-8ac8-403a-91a9-bc1309669584} 448 "\\.\pipe\gecko-crash-server-pipe.448" 5304 208f3bc9b58 tab
                    3⤵
                      PID:3544
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.7.1301466988\1913365039" -childID 6 -isForBrowser -prefsHandle 9856 -prefMapHandle 9864 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0219c38-1dec-4113-b111-808024882d06} 448 "\\.\pipe\gecko-crash-server-pipe.448" 5772 208ed7e4b58 tab
                      3⤵
                        PID:5640
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.8.11744648\573928762" -childID 7 -isForBrowser -prefsHandle 9524 -prefMapHandle 9540 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07f5b26c-a97d-4b4d-9690-87822b6171ae} 448 "\\.\pipe\gecko-crash-server-pipe.448" 9676 208f181ec58 tab
                        3⤵
                          PID:5848

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\28757
                      Filesize

                      17KB

                      MD5

                      26f1f9b315f2001a3199ca2b7fd4ce32

                      SHA1

                      1d036ed9b1db3da43496eaf5891d10ef6a8f567e

                      SHA256

                      0597e8aeb2c165fb3a9049ebc2fbc5d10da7f4885395c4bfa2bfed446ec9af0b

                      SHA512

                      ed4cadcf2e54a1b3e720c5526a4b3b0eb9b885656fc4b81f83471fbaa41b0a5a5a5d80baef4e8da5eebe20c4692809b600f5a0a1878e2cc2f72297eb79978267

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      9bb6a79ab0b13d8687ac6f355d59fb62

                      SHA1

                      6a64901c9740c14b2f98c6383f9860f5b58a61f5

                      SHA256

                      ac1ccc2eb1e7e7b1a63bd6fc0d519d86f833e5ae3f62dcee0dc707a4b66da3fe

                      SHA512

                      b685b385da49269972c89c899e197c76eb9cc6f8810a995172dfe1ccf735f333a5c31c3f920e9b3fa1967b52bf4a2be96fbcfa722a1dbfd1eb8e517f1ea241de

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\147fdd5d-a89a-49ea-88ce-11b35977afaf
                      Filesize

                      11KB

                      MD5

                      72fa2c8498072121b4f66a87451b13b5

                      SHA1

                      a68f12e929a91455b01db5fd8805780dd259d9da

                      SHA256

                      4f67175ac0073e951919044c0a3b09158a6c9b3ffeea473ed604a3fb96bba81a

                      SHA512

                      d8192a570bb02f3ec598ade65cfd0ed27d0f177eefbe3db70c938a4b8768220e71bf6f93470fccd321e0b33453d9b218fd1001b96e4fb80fcffe4b52404c75b4

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\5ed35dab-355e-406f-8880-c78a3d92d9e6
                      Filesize

                      746B

                      MD5

                      f30227b62955f005031b58b372f8b111

                      SHA1

                      54534bc102c7ec05dd35acfe6f5d1a0390fdae26

                      SHA256

                      107b76f98768d9cac9a1520e261728350019d203f67d7f9266a58a7f1141899c

                      SHA512

                      bec0df35104a060b822bc522f9b3a9ddaaae8f71c005aa9e6b5ecbd5b4e1654a3bee43367c9db1ea9d2899037ae506174817977255154e551f09cd594377d4ef

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      804086c795b22c33fbd5a01112bb2667

                      SHA1

                      b4f3db58cab176da124605dc1453a64fd367ca80

                      SHA256

                      c72e2a6247fbce7b15b5299668c519a53f5049e5d3be2007d11467c6cce4e34e

                      SHA512

                      7cd6ae3b05265c051e34e201ff4095d1416ff188782aa0fca30201477421379ac2d60b94497dc2add10bd48ee871548f0fbe06e29a1506099d1401d62fcadd6e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      45KB

                      MD5

                      8d96752dc2bca80a34ce5b5489ab9ab6

                      SHA1

                      fa60b8043bce5e0f3fbf1043d8478d6045cc3bb2

                      SHA256

                      973dec820b797bd90c96c8de29364c3f7c2171cc11f8e41a5f683bddeb9f650d

                      SHA512

                      fdec922efa5c0e64add54cfb4618680c2cfcef4502824abd1469488c44992fd19cf319180757931ed862129cdf4db4db1c0fc54a51d3b4996b452b438fddb7a5

                      Download Submit