Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.care2.com

windows10-1703-x64

1

https://www.care2.com

windows11-21h2-x64

1

Analysis

  • max time kernel
    131s
  • max time network
    149s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28-03-2024 20:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.care2.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.care2.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.care2.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4956
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4956.0.1187296201\276677982" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1688 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd1b5721-0a38-4311-a104-d78e5c2a413f} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" 1792 214a04d1b58 gpu
        3⤵
          PID:1192
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4956.1.436231659\1130129945" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1a0013d-734f-4f5f-90eb-e93aea548f03} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" 2168 214a03fad58 socket
          3⤵
            PID:3728
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4956.2.1348049575\120634731" -childID 1 -isForBrowser -prefsHandle 2828 -prefMapHandle 2824 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4663e142-c06f-4b1c-bb8e-ae4e854513f0} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" 2816 214a47d7b58 tab
            3⤵
              PID:3688
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4956.3.315856531\1442442152" -childID 2 -isForBrowser -prefsHandle 3344 -prefMapHandle 3580 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e24b7831-88d4-4a80-96bd-92ffb57cd506} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" 3340 2148e062b58 tab
              3⤵
                PID:3340
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4956.4.698454998\1703594219" -childID 3 -isForBrowser -prefsHandle 4928 -prefMapHandle 4924 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {954c9c59-38bb-463b-8846-74caa762704c} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" 4920 214a7a7f258 tab
                3⤵
                  PID:4572
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4956.5.1773721876\1610337069" -childID 4 -isForBrowser -prefsHandle 5060 -prefMapHandle 5068 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc34c3aa-e179-41eb-a1f5-987fd5d076c3} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" 5052 214a734e258 tab
                  3⤵
                    PID:1284
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4956.6.1054908863\1965925201" -childID 5 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2207cff-4ee9-490a-9d8b-49339b7661d1} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" 5228 214a734e858 tab
                    3⤵
                      PID:4848
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4956.7.465767025\1200069895" -parentBuildID 20221007134813 -prefsHandle 5320 -prefMapHandle 5124 -prefsLen 26249 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf0ca16a-3de2-4cf7-9730-1ff73a448208} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" 5284 214a734f458 rdd
                      3⤵
                        PID:1492
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4956.8.8329087\391185967" -childID 6 -isForBrowser -prefsHandle 5688 -prefMapHandle 5692 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2d20563-855d-4cb1-b49f-72c7f69fbdf5} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" 5672 214a80c0758 tab
                        3⤵
                          PID:4952
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4956.9.498352313\8670847" -childID 7 -isForBrowser -prefsHandle 5824 -prefMapHandle 5828 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96b1bcf3-d057-4cfc-9961-49272b1f6656} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" 5816 214a80bf258 tab
                          3⤵
                            PID:4140
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4956.10.1044288604\1236964651" -childID 8 -isForBrowser -prefsHandle 6048 -prefMapHandle 6076 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59c16d26-13c1-4df5-ab44-f37bf70c3b97} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" 6040 214a80c1658 tab
                            3⤵
                              PID:316

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                          Filesize

                          442KB

                          MD5

                          85430baed3398695717b0263807cf97c

                          SHA1

                          fffbee923cea216f50fce5d54219a188a5100f41

                          SHA256

                          a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                          SHA512

                          06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                          Filesize

                          8.0MB

                          MD5

                          a01c5ecd6108350ae23d2cddf0e77c17

                          SHA1

                          c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                          SHA256

                          345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                          SHA512

                          b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\datareporting\glean\db\data.safe.bin
                          Filesize

                          2KB

                          MD5

                          19f5c5e1ea0e3cf5a9049ea3e6e3c911

                          SHA1

                          2f0959a5d156a108eac1fc369b8f6bad2c0b4d8c

                          SHA256

                          8522c16c2c3f855fe656ba952a2b7153db31ab1ce5f6c9087a0447e0453c00ec

                          SHA512

                          f630dce3ddb5e47f6c10182cad00c30ad790f2d0a2a7bcbfc8e9ac193f1a2205b0258e6dad56c4c3a7a87914bb8fe82fc3c9418358dc05424663dc042dc8fc5a

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\datareporting\glean\pending_pings\bab2607e-bc26-4f95-8f9e-4544f36358dd
                          Filesize

                          746B

                          MD5

                          08dbea238b0d71a5631054dd10a2e83e

                          SHA1

                          247de9c9240107133ad0d21ee6afb6f85478dd47

                          SHA256

                          5c245751ec5f56653a7f823fb4880e776f3cca594f517a9404a64c7c7abc0c5b

                          SHA512

                          177a3644da8c95b5204542673b5768af338565e784c838a4a13fcab58486e0b2c93a1b1922d246b9856773dcf23c6d48767c96cc8da20c6dfebf343409150464

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\datareporting\glean\pending_pings\fa5a32f9-1aec-448c-b912-49f94c09fc5b
                          Filesize

                          11KB

                          MD5

                          7e5e1f13d50f4d015cd0b16a721ad566

                          SHA1

                          9ce7f740aa85aec3251e50a74827c1c5a8ee62b4

                          SHA256

                          a09cd5063a826270cea925960a3e451303d9b1b8b9f69eff3f5aa2f49a855299

                          SHA512

                          9319429cb6459823a97d3f15e0b883f22f3e4b24073e8d58507b39d0825cd3609e788fbb1d7632959eadf9ebdb5fe1600066cca83ba7832f0bbf8ab13f1425d8

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                          Filesize

                          997KB

                          MD5

                          fe3355639648c417e8307c6d051e3e37

                          SHA1

                          f54602d4b4778da21bc97c7238fc66aa68c8ee34

                          SHA256

                          1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                          SHA512

                          8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                          Filesize

                          116B

                          MD5

                          3d33cdc0b3d281e67dd52e14435dd04f

                          SHA1

                          4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                          SHA256

                          f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                          SHA512

                          a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                          Filesize

                          479B

                          MD5

                          49ddb419d96dceb9069018535fb2e2fc

                          SHA1

                          62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                          SHA256

                          2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                          SHA512

                          48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                          Filesize

                          372B

                          MD5

                          8be33af717bb1b67fbd61c3f4b807e9e

                          SHA1

                          7cf17656d174d951957ff36810e874a134dd49e0

                          SHA256

                          e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                          SHA512

                          6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                          Filesize

                          11.8MB

                          MD5

                          33bf7b0439480effb9fb212efce87b13

                          SHA1

                          cee50f2745edc6dc291887b6075ca64d716f495a

                          SHA256

                          8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                          SHA512

                          d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                          Filesize

                          1KB

                          MD5

                          688bed3676d2104e7f17ae1cd2c59404

                          SHA1

                          952b2cdf783ac72fcb98338723e9afd38d47ad8e

                          SHA256

                          33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                          SHA512

                          7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                          Filesize

                          1KB

                          MD5

                          937326fead5fd401f6cca9118bd9ade9

                          SHA1

                          4526a57d4ae14ed29b37632c72aef3c408189d91

                          SHA256

                          68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                          SHA512

                          b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          e3abb5d2bf70317c6e7719fb39c30259

                          SHA1

                          c4c1d096d7996bd9ad7e8feff6a730c39a1cc038

                          SHA256

                          1ce46a94f9f8ed38450e10e9870b1bf21177c4a53a2faf41636bde67485d92a3

                          SHA512

                          b35fbb8df3bcc578f6ee919b8d233d2ba683d4b348c86a2f9aa89433952885e4fe90aacc65eac7cb16dfc3a6476242e8fbf54298c6cea831cbee5b0b92b7c846

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          0c82be459426c88a8aff00313d22bf7f

                          SHA1

                          b26fff226600fcf234fd33862f275358b6eb8b95

                          SHA256

                          14d03c96a74c77d3ce760380046d4c544afb501aad8a14b088aae694b6e486c3

                          SHA512

                          b33ec4f2899a7a9649fadf4c7c09df54eb9fac535d9c50148b49f4fa1a26e65ef851cd66bc92fdfd1a53e10821d014f7e0345e314561271cb4a981bec13b1240

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          9015b132b9205d68ca9007bf8b90b724

                          SHA1

                          d954ad7020753a7afaf7f943c37f7028872ca843

                          SHA256

                          76a709f8299c9966de770b4ae752af3ddf587d15af2af854cd0d240c053407f7

                          SHA512

                          b6cacf5eb6c28a69ba323ba46fad111615b948b21285fb79debda8f240aaa593c167cbf57fb840d5e8fb44c54c8618cc80e07c6170042a6857a0372f9423567c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          2KB

                          MD5

                          ac0eb6658eb0f4b315cce4a706d534ec

                          SHA1

                          c245fe4e14a935d37d9886e5e769c162920d85f3

                          SHA256

                          6f21653e303e09dd3be67b696031daf2ba99a31fb2bd90054ff481a10860cf9f

                          SHA512

                          61177de4086684171dbb129b388d466ff556b44d111d2ab0d2d3ef285a11860ef251e7a76f3889e85e398e5d81fbe834fab03cdd00b0a1d0fbe6e77eb3cc1bc0

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          2KB

                          MD5

                          3096489ae2384dd4a1558ea4164e1ffa

                          SHA1

                          522420134289ae9d7a6b34b4039f34d79fdaac4a

                          SHA256

                          034aa9e98307cb1b20b66ce84d3e81f586a32dd97bf3dd60bee15cc23cc6a4e3

                          SHA512

                          ea6be112aeabf680ae3d6f460d10457b0e497bc0de9655390747a80116b5dcca2787ecbbe65947e530b42a8ea247a1904e3e323beb534e6e7c7b8e87075d4719

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hcue34dg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                          Filesize

                          184KB

                          MD5

                          c96fd1ba6e3cba393c642061115bae87

                          SHA1

                          2cf0c86771b15f92d78a845212d6067b00951f53

                          SHA256

                          994d6847751d7afc9dbc1ef45828dd11f06b3a59967ffc0134f3574964b15474

                          SHA512

                          a2d66461a3ccbfca27bf97e138495a8db6ec2b197ff72d8ad2a41a05801478bada189610971cf5865c6ddeb905785338dd35b5e91613a54ebdf3a802f018fff7

                          Download Submit