Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.unknownc...

windows10-2004-x64

1

Analysis

  • max time kernel
    42s
  • max time network
    44s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/03/2024, 02:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.unknowncheats.me/forum/downloads.php?do=file&id=41005&act=down&actionhash=1711679522-f89a5498dd0940db1317905fac5e348382d3dd7f

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.unknowncheats.me/forum/downloads.php?do=file&id=41005&act=down&actionhash=1711679522-f89a5498dd0940db1317905fac5e348382d3dd7f"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.unknowncheats.me/forum/downloads.php?do=file&id=41005&act=down&actionhash=1711679522-f89a5498dd0940db1317905fac5e348382d3dd7f
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2092
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.0.1852267782\1000463994" -parentBuildID 20221007134813 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28d35dfa-da74-451e-a73d-674bffc1809d} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 1980 1284a1d5858 gpu
        3⤵
          PID:2760
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.1.995272922\1607464176" -parentBuildID 20221007134813 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e4b5aff-e63e-4e37-9a88-37b66d0a0c77} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 2400 12849ce4458 socket
          3⤵
          • Checks processor information in registry
          PID:4492
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.2.1869368011\169316257" -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 2940 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72e72b5f-6da7-428e-a505-79ef69f1dd60} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 3092 1284ded4d58 tab
          3⤵
            PID:1372
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.3.795132748\1818944933" -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc07a15d-c20d-4ca1-a7d1-dde86691892f} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 3664 1284f156458 tab
            3⤵
              PID:2292
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.4.230906345\1857121992" -childID 3 -isForBrowser -prefsHandle 4992 -prefMapHandle 4988 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ea4e1cc-aa53-479d-80ca-92dfbdc03e42} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 4996 1284e5f9358 tab
              3⤵
                PID:1048
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.5.101547063\477472460" -childID 4 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1eb6e1d9-8b8c-4c44-9767-9d77b1a2c58b} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 5016 1285046f858 tab
                3⤵
                  PID:2036
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.6.1539848171\1623583304" -childID 5 -isForBrowser -prefsHandle 5320 -prefMapHandle 5324 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f0a10de-e33b-4057-8e37-67adf75894fb} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 5312 1285046c858 tab
                  3⤵
                    PID:2288
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.7.1512266594\663576708" -childID 6 -isForBrowser -prefsHandle 9856 -prefMapHandle 9908 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85207425-f0fa-466a-ad72-6494a6dfcbfe} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 9884 1285275fe58 tab
                    3⤵
                      PID:3712
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.8.2073347912\348465293" -childID 7 -isForBrowser -prefsHandle 3244 -prefMapHandle 5508 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3305ccf0-3580-46ad-890c-d0f3b59892e0} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 3128 12850397458 tab
                      3⤵
                        PID:4872
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.9.1067085244\1868288580" -childID 8 -isForBrowser -prefsHandle 9640 -prefMapHandle 9636 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {539615bf-65c9-441e-9bec-9672b57f426d} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 9648 12850398058 tab
                        3⤵
                          PID:1936
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.10.633851617\1325271481" -childID 9 -isForBrowser -prefsHandle 5560 -prefMapHandle 4052 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27a52ff7-d011-4574-a019-f8b524fcf045} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 5284 128513c4258 tab
                          3⤵
                            PID:2876
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.11.1640371890\129648224" -childID 10 -isForBrowser -prefsHandle 5020 -prefMapHandle 9444 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dd4b3a3-4236-47f3-b004-e4a376bc0666} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 9448 1283d633358 tab
                            3⤵
                              PID:4516
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.12.1033861946\1987704813" -childID 11 -isForBrowser -prefsHandle 3616 -prefMapHandle 2640 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa3813e3-c15b-489c-a4a4-eed541f50d3e} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 3004 1284afcc258 tab
                              3⤵
                                PID:2400

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\86ABEB7497EF07B1C2D97CF4DEB1F821BDE58C20
                                  Filesize

                                  414KB

                                  MD5

                                  4ccc6d01713c07859e2c1eb25619d9fb

                                  SHA1

                                  1377756bde7b6dba3691a59b302598d93419ba31

                                  SHA256

                                  2bfbc17a851340c1a8754f47f9e85d7798e837db242046b21257bfdd6e3fd280

                                  SHA512

                                  2d6c6cc3d855935a15bdbddadb144950d5b470e5347517e775978454c9f32bbefec5588548015d7eadb2c0b26b4401dbc6c22313a3986fde221352a28812f311

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin
                                  Filesize

                                  9KB

                                  MD5

                                  ab6c00ef45f05a7afc4194cb2061b77c

                                  SHA1

                                  a0e1a6a7feac0d31aee14e678fd2658099f4ba9e

                                  SHA256

                                  aaa5e4a0d555c6e67d2e7742873fc135cf453305f8e031194a518cd1d627d976

                                  SHA512

                                  527bf3fbc58f80c3a9ad3d2aef6f1f5d52b65c3282ca7c920b6ece3e023fdaa3621426f5fafc412707edbae19627a4b8474a417f653ec6c69898c91b9e012828

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\2dcbba70-0d7e-4b43-ac1b-b58fb83ae825
                                  Filesize

                                  734B

                                  MD5

                                  3db42ad1c8b360334bbab3567f0e6352

                                  SHA1

                                  27d927ecdabfa2a213757a91fb1999878e8d1156

                                  SHA256

                                  91289df42c5f463d8fc6f79c4b006286501d8dfce79281c7bad6ff316b7a1ed8

                                  SHA512

                                  f5340e7ea1cff7c9cc80b2fcc74fe87e6988015fb96903811cba6e8c357b72ba3e7b7fd580dfc7af95a4bb9601bd1baf2b73380b1efa44d38302a3ed6653a9c6

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js
                                  Filesize

                                  6KB

                                  MD5

                                  30b9f6193fbfaa90bd6fd64b35ed1e32

                                  SHA1

                                  92973d3242dc35dac75cbb4e726a9a02ca854272

                                  SHA256

                                  95d8e078fc70a19caf9ba19c2d2b5562bcec2821a97cacc58ed6c6f7104f0df3

                                  SHA512

                                  1ece44e70b6215c4406993ad2a8da09cda503e79933249dfa4d718a690dcfcb9e42a79f3a44b12c536a6a26d18722b904794217cddaa05896eb7698968c6bbab

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js
                                  Filesize

                                  6KB

                                  MD5

                                  bde6a741e615994793c4cda5f2724688

                                  SHA1

                                  8e16635c9bb4201453ef721310e3e6729c17175b

                                  SHA256

                                  918fc2fafbbe7b87a30bafb2168be6e9fc09ee326b7ece8201ca81e41612cb02

                                  SHA512

                                  c533a6fd463b310b45078478574b3e0c599fdfca9bfe9ae17cc0c7e98ac9a9ce7e10b3d39e9c7f1ca312d3a82c67ca3900e9d89eab13b766398e143afeb2f1f2

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js
                                  Filesize

                                  6KB

                                  MD5

                                  fda9e6d822212b3f744fe073090345d4

                                  SHA1

                                  42fa35bf81d1cfd048bcb35d14267acb3c582f0b

                                  SHA256

                                  bc07333819951deda54c166254e770ce344832abcb936a5b3393304636940735

                                  SHA512

                                  d8c771d3c5255f032b47fb484dd8330d827e778e7ab02df95d98683770a153fb3d28723ec664676ad078538fa1365021e557276154610e3051ac71415c10ae05

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  2KB

                                  MD5

                                  98e67f86c76223c0d34aedc4998b21b3

                                  SHA1

                                  91a4335cf6af5e7d88de7c271d6d7a4d578c687a

                                  SHA256

                                  2acfe053caae304edd89e3dd4ce5e4c066f225254c4dcec3af41f9235c46eeac

                                  SHA512

                                  5cf1099810c30a5ab0b4d6e0ac2588148f4c9aa3c040d50c4bfb6eac56cf5ec4abeea3b500f15d447c5b6e301244016c5d6773e00f96430294ab0f90aa684e1a

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  2KB

                                  MD5

                                  e4b813aef143206815e575892b8b7341

                                  SHA1

                                  18cbd123d0bec71f03d442086a3ca29e5ee24d1a

                                  SHA256

                                  ddf266bddc82e97b7d414127506b122842f5e722c82966de3ff2c71196c253d3

                                  SHA512

                                  2da115566a8b7277cd5f9aa277e3115234da780a757e8c6725f49aa19b70c38fee04d0fec758f8790c66da622a97b75d0a041940bf03c24df790c56c125c479c

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore.jsonlz4
                                  Filesize

                                  4KB

                                  MD5

                                  afd5326314147f498c6887c81a100b01

                                  SHA1

                                  61b199424031d8690e49aaf0475b83be4fa88aaf

                                  SHA256

                                  c47b4896d4713a46fde818d4f761e7ec8b2586f9eaa56c77429adf1be85690e5

                                  SHA512

                                  82de722aa04646ac7ba22d7b4d9e4dcf1c7daa13a4ae97912bc929e2af3f5ba70013cd6520f50a99ca6a487b758645ad899812d856b399c13cb37779a5291126

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                  Filesize

                                  184KB

                                  MD5

                                  8eff070195653e2a131a916680cd18c2

                                  SHA1

                                  7f5dc88fc5d5969b25d5e75cccabd37362b31a94

                                  SHA256

                                  61c22934bcca9275d3aa4a9548828b028aaa84a0c1d977d50daeb889e02dbfd3

                                  SHA512

                                  18ed6beca1a23e74571ee365b3c5e1b92686188178fa5481d41dd4c991286d5b3599613a870a8d371eb886f82b1b5e35be10ae82b0a95452a53f9cffed73f507

                                  Download Submit