Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows7-x64

1

Analysis

  • max time kernel
    15s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2024, 17:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1047468724195692604/1223316709134303332/image.png?ex=66196977&is=6606f477&hm=d98cb653d343c4681bb2cb848124bd8e11a2d65fba12bd000229cfeb49b33985&

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://cdn.discordapp.com/attachments/1047468724195692604/1223316709134303332/image.png?ex=66196977&is=6606f477&hm=d98cb653d343c4681bb2cb848124bd8e11a2d65fba12bd000229cfeb49b33985&"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://cdn.discordapp.com/attachments/1047468724195692604/1223316709134303332/image.png?ex=66196977&is=6606f477&hm=d98cb653d343c4681bb2cb848124bd8e11a2d65fba12bd000229cfeb49b33985&
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2192
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.0.1990619141\1170991757" -parentBuildID 20221007134813 -prefsHandle 1240 -prefMapHandle 1232 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ba1b3c2-e48b-48c5-8ec0-7c1480440744} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 1332 10cf8758 gpu
        3⤵
          PID:2516
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.1.1671542938\601259670" -parentBuildID 20221007134813 -prefsHandle 1508 -prefMapHandle 1504 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cf88553-0a80-42c8-beef-190b83d9e9a9} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 1520 d78258 socket
          3⤵
            PID:2544
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.2.1121128584\1973437519" -childID 1 -isForBrowser -prefsHandle 1832 -prefMapHandle 1688 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bd83337-81fb-4e1a-86a6-5dc909ff050b} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 2128 1ac98b58 tab
            3⤵
              PID:584
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.3.1263948551\460244787" -childID 2 -isForBrowser -prefsHandle 2748 -prefMapHandle 2744 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b04bbcf7-f028-4684-9dfe-69c6f4b85851} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 2760 d68e58 tab
              3⤵
                PID:1480
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.4.1224080811\688425104" -childID 3 -isForBrowser -prefsHandle 3548 -prefMapHandle 3536 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {802aa7e8-a928-4777-a03c-5e3f9d5d3c02} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 3560 1acfee58 tab
                3⤵
                  PID:1096
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.5.921263653\154981579" -childID 4 -isForBrowser -prefsHandle 3660 -prefMapHandle 3664 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f484d9f8-953f-4150-90a7-f5bbaf23b5ba} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 3648 1d9d5f58 tab
                  3⤵
                    PID:1084
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2192.6.1702034723\348054506" -childID 5 -isForBrowser -prefsHandle 3824 -prefMapHandle 3828 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8abdff27-d504-42ab-b8aa-f4884de8f675} 2192 "\\.\pipe\gecko-crash-server-pipe.2192" 3812 1d9d6858 tab
                    3⤵
                      PID:904

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bm46du9w.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                  Filesize

                  7KB

                  MD5

                  c460716b62456449360b23cf5663f275

                  SHA1

                  06573a83d88286153066bae7062cc9300e567d92

                  SHA256

                  0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

                  SHA512

                  476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bm46du9w.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  3KB

                  MD5

                  6f320f89f7307397390a5c5ce2e7df1c

                  SHA1

                  96f6fd70c36dc243c3db0ef1bbc7645cd9a1156d

                  SHA256

                  e819bfab3b1dc47c752b22347b0f46f143de9437ad8e9dfa6fd7bd50dd405a81

                  SHA512

                  f80a32df942cde6f16d74f8d7ba7d2b9649a5fe954f07b5e530f9ec0af4f2caaed5478c6652b5fd75ec780c8afa3718c234c06e51fb6fea562ec7f95f22bb114

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bm46du9w.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  760b9fbe7bd4ffea27c328c6be00116e

                  SHA1

                  ffffacdb427fe2469aabcdc8228c6f3e3140f6c5

                  SHA256

                  2d23aa43094195f14897664fbdc0e822455733db13d67556830d8ccf74c25eef

                  SHA512

                  6440b3f31fb56a4dded96441e543d56299e9bb8feb7eb3a5df23494b58cafe30a8b977eec2c3a13ccc6300900baa3e9e547aca89471d86dab1b62885ce603a6f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bm46du9w.default-release\datareporting\glean\pending_pings\c4272c43-2002-4b1e-b358-f06e7e14ff3e
                  Filesize

                  745B

                  MD5

                  719df3efa94734f80f11b96980d28eb4

                  SHA1

                  d7a32ed235c7d701acefe8e743613f65874e3a52

                  SHA256

                  42d76ba3ea99f0ba25c654ab1262e01b28ceb4d723f7159c165d6ded9adf7043

                  SHA512

                  3b409a360eb6307985845168b74db76c5c2099794de689fd67d5e21c089b8c01bf53bc6ec2af04278107a83ebeba899260c0d785a97404a1201a855cb97da3ea

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bm46du9w.default-release\datareporting\glean\pending_pings\d2ee92d3-44e2-4539-9f42-9613f02c8451
                  Filesize

                  11KB

                  MD5

                  6e89a6179cf5007dbff5ef4a2982f2bb

                  SHA1

                  a3454a9a72352266d4fe0757e773ca3279fb5cb3

                  SHA256

                  635f0418b8b930960e7886c636c88b37f34a0712a28fef3c3ac12eae11ba7514

                  SHA512

                  8c4e8b7ad339861641dc7a647d9401a8413982f1c3cf69a2354876f10c663587290c57e603145a716346247e17156b7b04c90f60250e8680d048a790ca353051

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bm46du9w.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  5f2e19df9ad994e8c34c1940c8ccc510

                  SHA1

                  b5de63fca608eaa51b93528c6ec21c3bbb7fcf63

                  SHA256

                  0cda89543d070eb8dd1e36da1b9ebfdc07635692e9e82883ec2a6c82adf2a11a

                  SHA512

                  e59134df149d69ad332674a567942f3915c2bfafa668319e19f413ab36f18f782611882f37ce17b523c65da10d823a2f347dfabf6c9be5bdf5cec00f67ab8049

                  Download Submit