Overview

overview

1

Static

static

1

nice-chick...d.html

windows10-2004-x64

1

Analysis

  • max time kernel
    25s
  • max time network
    28s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/03/2024, 02:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nice-chick-has-an-orgasm-and-squirts-a-big-and-yellow-fluid.html

  • Size

    31KB

  • MD5

    874d5737e322c7cdf7615d8195713ce0

  • SHA1

    46aae2d6b5c93d0f9c4fa5db68c3d689b4c12d67

  • SHA256

    3747f5d0ccce18107470ba0a47e6f7931d9bdd291b7c86c4d9dd7d4a2ebc4b21

  • SHA512

    f939691ad155c51f879ab8a35a2bf379461362f5b0b31d6c3e5c9c5620e458eac02d94c4d0c34e76f0b6fd6997ed32b2fdcd54221fa8d9a5d63f1e562f1c5585

  • SSDEEP

    768:bn1Qk7PSwc6NVfIoIrKXKo+nRPhDe6npoIByPsruAag4P:7+sBEruAag4P

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\nice-chick-has-an-orgasm-and-squirts-a-big-and-yellow-fluid.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\nice-chick-has-an-orgasm-and-squirts-a-big-and-yellow-fluid.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3944
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.0.2042460138\910725212" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4450e824-9e90-4a08-bd3f-57ca3f9aff57} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 1952 1bb0d6e9658 gpu
        3⤵
          PID:3700
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.1.862877167\2115371490" -parentBuildID 20221007134813 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04b40f3b-536f-486a-b6e8-2f4b154901b1} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 2372 1bb0d5ef858 socket
          3⤵
            PID:3100
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.2.1304950368\1127893629" -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 2976 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39813c22-4f91-48f6-8f34-0cdf9d15ecb2} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 3092 1bb116d6058 tab
            3⤵
              PID:4432
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.3.181540657\1025938559" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30b38581-ff8d-4773-bf48-8bb6aced9b49} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 3572 1bb00c67058 tab
              3⤵
                PID:2936
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.4.1045655254\1359526142" -childID 3 -isForBrowser -prefsHandle 4936 -prefMapHandle 4964 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed82b53e-f73c-442b-afec-627671e8dc84} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 4968 1bb143d4d58 tab
                3⤵
                  PID:3340
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.5.528794477\449356466" -childID 4 -isForBrowser -prefsHandle 5452 -prefMapHandle 5428 -prefsLen 26258 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a072ec66-ab42-4ab5-833e-2d49a0905c6a} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 5524 1bb150a6358 tab
                  3⤵
                    PID:4520
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.6.150142437\1395127091" -childID 5 -isForBrowser -prefsHandle 5664 -prefMapHandle 5668 -prefsLen 26258 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a00ad9ac-a381-4db4-ac33-5d4f7266f1e7} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 5644 1bb150a5758 tab
                    3⤵
                      PID:1532
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.7.257095152\229732908" -childID 6 -isForBrowser -prefsHandle 5848 -prefMapHandle 5852 -prefsLen 26258 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fcb5dce-0f37-4f00-ad4b-6b0d1928a5be} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 5932 1bb150a6c58 tab
                      3⤵
                        PID:4076
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.8.528794109\556656873" -parentBuildID 20221007134813 -prefsHandle 5948 -prefMapHandle 6048 -prefsLen 26258 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b1888f9-8f97-404e-ba72-927cd5c43ed7} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 6116 1bb14723058 rdd
                        3⤵
                          PID:1976
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.9.718970221\1776571946" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6536 -prefMapHandle 6532 -prefsLen 26316 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c32795ef-5d93-4ad1-ba94-512f9852c2bc} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 5452 1bb156ca258 utility
                          3⤵
                            PID:3312
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.10.2130345213\897424262" -childID 7 -isForBrowser -prefsHandle 10572 -prefMapHandle 10604 -prefsLen 26640 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61ed2b35-5626-4bcf-896a-4e8a717480ae} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 10576 1bb1600f358 tab
                            3⤵
                              PID:5756

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\ACEB2510B67229B7335F27DD1589D35C275417C5
                          Filesize

                          13KB

                          MD5

                          151c61298a1256a8e70b00510027728e

                          SHA1

                          0af1c234249fc02d3c93b44b33791516f32b096c

                          SHA256

                          f492f9afece49cb78a9568bc41964a4d1de9a0bd05f0355ddfb7e26e2cf76564

                          SHA512

                          3c8f0a840a7b334af37d802c789726b135cfbfe2683c940b11c187bb2bd4106b4e05275f2a3ba194d2965fb6b2740321ba84cf87a7c792e18436b8cc87f05c76

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                          Filesize

                          442KB

                          MD5

                          85430baed3398695717b0263807cf97c

                          SHA1

                          fffbee923cea216f50fce5d54219a188a5100f41

                          SHA256

                          a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                          SHA512

                          06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-4
                          Filesize

                          8.0MB

                          MD5

                          a01c5ecd6108350ae23d2cddf0e77c17

                          SHA1

                          c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                          SHA256

                          345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                          SHA512

                          b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin
                          Filesize

                          9KB

                          MD5

                          95ad915bed301b5748644e62da386643

                          SHA1

                          df023f74edd13e2936bc1dbccf6e2bece0bc6d83

                          SHA256

                          fd00c1ca831f886d8da45c10e6371c582e231e6d90b22f1b8a03716221ee88e1

                          SHA512

                          5a99031e6d4b93375b870cb5025cd35a50b13858b2a696db6ac35dcb45d9f08d7d56935e36a14c61f79a6cf181a55d8b554c68f870fa77c0c9d79c34104c2cc5

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\665d6211-e178-4ce2-8aec-13e85068be55
                          Filesize

                          734B

                          MD5

                          b6bb56cbea417ee0d45c70a162cbc100

                          SHA1

                          e38f914102cbb751717144eed6b142d2052ce94a

                          SHA256

                          af03ba6ae358a2a62ff2792a46d25031546644cf2e2dad5408ab5d412bddd4ee

                          SHA512

                          fb25bb8beaf06ea458bfe006b816988ff539ba183f740dea4195be69cab0680bbff989da1caec4482dd32e5dee8bdd31201fa927f01ddbb269a66d961eb001e0

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                          Filesize

                          997KB

                          MD5

                          fe3355639648c417e8307c6d051e3e37

                          SHA1

                          f54602d4b4778da21bc97c7238fc66aa68c8ee34

                          SHA256

                          1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                          SHA512

                          8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                          Filesize

                          116B

                          MD5

                          3d33cdc0b3d281e67dd52e14435dd04f

                          SHA1

                          4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                          SHA256

                          f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                          SHA512

                          a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                          Filesize

                          479B

                          MD5

                          49ddb419d96dceb9069018535fb2e2fc

                          SHA1

                          62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                          SHA256

                          2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                          SHA512

                          48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                          Filesize

                          372B

                          MD5

                          8be33af717bb1b67fbd61c3f4b807e9e

                          SHA1

                          7cf17656d174d951957ff36810e874a134dd49e0

                          SHA256

                          e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                          SHA512

                          6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                          Filesize

                          11.8MB

                          MD5

                          33bf7b0439480effb9fb212efce87b13

                          SHA1

                          cee50f2745edc6dc291887b6075ca64d716f495a

                          SHA256

                          8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                          SHA512

                          d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                          Filesize

                          1KB

                          MD5

                          688bed3676d2104e7f17ae1cd2c59404

                          SHA1

                          952b2cdf783ac72fcb98338723e9afd38d47ad8e

                          SHA256

                          33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                          SHA512

                          7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                          Filesize

                          1KB

                          MD5

                          937326fead5fd401f6cca9118bd9ade9

                          SHA1

                          4526a57d4ae14ed29b37632c72aef3c408189d91

                          SHA256

                          68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                          SHA512

                          b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          dc89069901e4867defbebf70b51b34a5

                          SHA1

                          d80d6b27486f2d236f8bcc3e8fb4277dd6791f4e

                          SHA256

                          e4bea670e89493114e0a8b395d61879d84394c235ae7d8619e701e3ab9834a00

                          SHA512

                          968686e204f1a26d2b1883412eda0b0189f88062f5eb719708efaf1aa7e736bfeddeef8d347188e532fe8a80b2ba40b4d92ad241656f8b5e634b32dbdc0851cb

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          287f5c0104980cf96125ff642a1eee29

                          SHA1

                          01f8d20219d4dd29cd2689f02e73171d39cc1308

                          SHA256

                          198b4e1d2c7d185e11d105f1b0622303f392540b0ee08457b544cc45250bf484

                          SHA512

                          2c3ac1ddf2b9a9653f7209da6ecf9788484c87381ec4ffd7809cc2e96a3dae80d38e3ac1e78d6cc44f765415d9ad8db2361d1cf7e9f959a2db1fe8c8153112cb

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          42e1f993514510887042cd270146e100

                          SHA1

                          6a738ad68427bc702657058eeab0cdcffd563bf6

                          SHA256

                          185029de16f7f9410176c5d47db514990d509493ec42ad26fbd682bd21353ae2

                          SHA512

                          23937cbfb676fd3b9283de4c28eab0e2ef1b96444d0f8b3232b4f4a457cf16ec6771b8ea9819bd03fbb667ab1ffb0f11f2987bc90ae5d54c61da83a416a72fd9

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++videoembed.site^partitionKey=%28file%2C%29\idb\179608975507.649551201176761.sqlite
                          Filesize

                          48KB

                          MD5

                          a6a60f7bcc6331aa4efd7f3834567229

                          SHA1

                          55b8920d9cc8a80ffaa05a3937475ee90f2eedf5

                          SHA256

                          6c188f565ea99540ebfdcd0b9e6c0e9d42e2dd09d88e3b9c6a706ba039156c1a

                          SHA512

                          a4fde4909f3797425f83de92de09f01c5a73b0ba8a54c47901f34f3463718e8e55721ee0686c3f0a79828a0807a5bf8b4e7c004c0b20aa8db27592672595fa3e

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                          Filesize

                          184KB

                          MD5

                          8eff070195653e2a131a916680cd18c2

                          SHA1

                          7f5dc88fc5d5969b25d5e75cccabd37362b31a94

                          SHA256

                          61c22934bcca9275d3aa4a9548828b028aaa84a0c1d977d50daeb889e02dbfd3

                          SHA512

                          18ed6beca1a23e74571ee365b3c5e1b92686188178fa5481d41dd4c991286d5b3599613a870a8d371eb886f82b1b5e35be10ae82b0a95452a53f9cffed73f507

                          Download Submit