Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://154.23.178.1...

windows10-2004-x64

1

Resubmissions

09-04-2024 21:25

240409-z9rq2sbh34 1

09-04-2024 20:58

240409-zsnytsba25 10

Analysis

  • max time kernel
    60s
  • max time network
    71s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-04-2024 21:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://154.23.178.106/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://154.23.178.106/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://154.23.178.106/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4348
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.0.1275262018\1102439183" -parentBuildID 20221007134813 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72553033-5786-46ab-a81d-e3a8572734ee} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 2020 1cf46bfeb58 gpu
        3⤵
          PID:3876
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.1.1770217116\1321246920" -parentBuildID 20221007134813 -prefsHandle 2424 -prefMapHandle 2412 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {789b6a3f-1bbf-4290-abbb-0df4e19dd9ff} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 2436 1cf46bfb258 socket
          3⤵
            PID:4584
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.2.2098415401\412973252" -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 3144 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b277ccf-efec-4964-8585-e781716e66d9} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 3160 1cf4aad9658 tab
            3⤵
              PID:1204
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.3.721842798\863802811" -childID 2 -isForBrowser -prefsHandle 4100 -prefMapHandle 4092 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f5573dc-186a-4cf5-a8ae-2cb508495b3b} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4112 1cf4c098458 tab
              3⤵
                PID:4124
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.4.284288902\259593317" -childID 3 -isForBrowser -prefsHandle 4100 -prefMapHandle 3580 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a99a3ceb-f887-48a5-808e-83eee3893ce0} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4244 1cf4ce49a58 tab
                3⤵
                  PID:3712
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.5.768038791\1214226575" -childID 4 -isForBrowser -prefsHandle 2996 -prefMapHandle 2944 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2aa431d-0cef-4d58-b88f-25a81afdf8f7} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 4884 1cf484f9258 tab
                  3⤵
                    PID:1744
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.6.840026985\885390573" -childID 5 -isForBrowser -prefsHandle 4936 -prefMapHandle 4888 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64ec554c-b5a0-47e6-aae3-b3fe047c2e98} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 5108 1cf4dfa9b58 tab
                    3⤵
                      PID:436
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.7.662892530\964577851" -childID 6 -isForBrowser -prefsHandle 1768 -prefMapHandle 1712 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f23d8416-aa90-47c2-b9f9-e68d3a6a2b0d} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 5260 1cf4dfa8058 tab
                      3⤵
                        PID:684
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4348.8.1176398973\693248852" -childID 7 -isForBrowser -prefsHandle 5512 -prefMapHandle 2848 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d09be6ef-28eb-4110-a9cb-8a7ff1ad2b4a} 4348 "\\.\pipe\gecko-crash-server-pipe.4348" 5416 1cf33168458 tab
                        3⤵
                          PID:5708
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe"
                      1⤵
                      • Checks processor information in registry
                      PID:2176
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3944 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
                      1⤵
                        PID:5348

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        3KB

                        MD5

                        1701b26db28fab071b30ae99702687d7

                        SHA1

                        0e04325a2952a29095e7015adc97cccb21053a2f

                        SHA256

                        167f7cf32b300570c272faf50b3cec0fb71d573a08f6adc0df0708d5a0c417a0

                        SHA512

                        e3a3d413d1ffa0169cb9fecaaba1c1f4ac2c87cc58b603568ff950a0af6cbbf817d1eeda4d650aaae55d56c7052e7decd0b2d098669d87afc67f8d403c8f2ca1

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        2KB

                        MD5

                        439accc65ac912050909abe8951bb503

                        SHA1

                        669f1f9adbc571a4a053799cf277fa5e4242000e

                        SHA256

                        26622e2a982158bfaac392f0e312c75fd946149245f489c83960d9add78ee8c8

                        SHA512

                        dcb75e7a05fbb208e3e26e05f980e9c8189dad83be3c8f45977af6666c64f2a055affb46a37d2e220a9fd7f12676eea34cad1ff319fb694f97024f7f32666f83

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\2304d255-7ced-46bb-8011-2fd39cf8097e
                        Filesize

                        746B

                        MD5

                        ad97cb44b0d8cc37fa11374db5c0e09d

                        SHA1

                        45158392b602994dde52fbcf98da0d4de6ec3a02

                        SHA256

                        eb50b040bbd2f2362678e5cf4710ca58be5be7ba1720406757ac7239477fbc93

                        SHA512

                        228fa13748bd84cda92030d005deefeeede6727fe6695523021ac707a7acf4d40491cc6456504d6db7c9bad2a2babf8e04eae8b97a218516de08559e2b1edc8c

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\8e1ab230-4740-4a8e-aacd-214a5d2c361d
                        Filesize

                        11KB

                        MD5

                        3898441e6e29e4eb54e89630439ad1b7

                        SHA1

                        1680fb1143a34014519d5ca29939b38ce44f2e69

                        SHA256

                        c466d897ff759027260acf937e3b92a82053a58bafb2aaa566105e294d603a8f

                        SHA512

                        9ef70c38de5c1dd69b92bf75d386c146b3996c0659dd8ad0f9210dc27a73773cb2c9d9b379fe903b5b73ca8325b6ed1ebb72366d06085fe9e338af18b6cde62c

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        ae49b0bdc5c50ca890cbad42884d51d5

                        SHA1

                        a95d7e6479fbb44214a4ba87a827bb5ac736a217

                        SHA256

                        b13f1b3b65bc85ff6ec47e4d23a1ee8eab9dbe9fbdd8c241d90302a0077a6cb4

                        SHA512

                        6e9510b30fa0f9e608bd5d591c9541ee80426102b0df97f987cdb9f652f45efcf8ad41ac500145ccda9da0bd10646540b6c6f871266f6556892f85c164417632

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        e695932c0c9aefb2d029fb15b3bd4abe

                        SHA1

                        7314306b7f4387aac542f3f84856654e9237d288

                        SHA256

                        f918ec77a24d799404d133a32db289126c92592fce1f3d2f2b14c472a25c939b

                        SHA512

                        f2fe8c7e21aa9a84c18f0822b96ee7abab162463ec5a64be846001eeb6b56c94c23631642a961e7aa6666145e07cda2540c17d809f208b67c48bd00d73bbdf6a

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        21f1eee88e4f07c44dcf55b9ea7b344c

                        SHA1

                        23bb1ab33cc58439af3ddc5017d00fd363d04b11

                        SHA256

                        da43fdfc804fdc4c754f864c837169985dce45a5cfb0f4d4e0aed0bf5d33af3f

                        SHA512

                        86534774643fefd0bd5a7ec4f795b9d8e5d5b4835a80672be02f6eedac35e1e26b3309131d28268636c5f3dcc78f77d85f2f98ea82c1de27c648061eac000269

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        ebad42a6cde39a9101ab128e2f19cc6a

                        SHA1

                        1583815d04fff9c7c0b2d1b2fc46f168c868cd7a

                        SHA256

                        b7ef5f19d5a7c6aac555574bbcd2636cff36b26e9de6512a668b9c39fa328261

                        SHA512

                        37e6b3fbb1382966717496575eb37850ce131a32d07eb24ef5ce082902e98c453d90e3980bb53bb81eadca73454cfb2fb1944347fe4a46f6fd35c060414e1e88

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        184KB

                        MD5

                        89fb414d778d11d3a12991de60301815

                        SHA1

                        1d7a63ca92d9ad28930ce2feaac8c71c3f699ef7

                        SHA256

                        935ba660008416f0b46a028a709944f11f9c2858243a2f7bc0b57aa1d96314be

                        SHA512

                        49f06dc78f2e08621ba4ed19925d8c7ed040502f13edaeedc7df3d675e77417d8b7b3c0b3feaf7f4fcef989091b363f5af1fa9258de57cee5bd904e1d7a31f9b

                        Download Submit