Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://gansub.com/l...

windows10-2004-x64

1

Analysis

  • max time kernel
    44s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/04/2024, 16:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gansub.com/l/ivU3FUXFLCwK

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://gansub.com/l/ivU3FUXFLCwK"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://gansub.com/l/ivU3FUXFLCwK
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1800
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1800.0.150800854\2051390688" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b188e811-9f6d-44e4-b029-8f62b1b3b86f} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" 1948 230f61e8c58 gpu
        3⤵
          PID:4804
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1800.1.1757681877\1495714128" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19594d4a-50aa-4bf0-8e60-87df33bfc0e5} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" 2368 230f5bef558 socket
          3⤵
            PID:452
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1800.2.1522017883\1295702068" -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f6166eb-1001-44d7-8dae-bf65a89f5d6a} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" 3196 230f9adf858 tab
            3⤵
              PID:2640
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1800.3.160009982\177707689" -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3584 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a5f147f-b58d-48bc-9873-e94391601029} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" 3616 230e2061658 tab
              3⤵
                PID:3060
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1800.4.242174092\181886898" -childID 3 -isForBrowser -prefsHandle 5044 -prefMapHandle 5076 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc461d38-248f-437a-b7b5-cdc0482c45c2} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" 5064 230fcbb0158 tab
                3⤵
                  PID:4020
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1800.5.911414723\1964166712" -childID 4 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59f8c6a9-51e9-4ce1-b08a-fb580ecc3410} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" 5200 230fcbb2858 tab
                  3⤵
                    PID:1008
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1800.6.806908751\1796991750" -childID 5 -isForBrowser -prefsHandle 5048 -prefMapHandle 5404 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16542a59-4446-48a3-b849-88731827609e} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" 5392 230fcbb0458 tab
                    3⤵
                      PID:3664
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1800.7.558822693\274600923" -childID 6 -isForBrowser -prefsHandle 2964 -prefMapHandle 2808 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4138ba61-ddd7-431a-aef6-7cd5aebf9339} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" 2960 230e2062258 tab
                      3⤵
                        PID:4176
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1800.8.1516190101\40580832" -childID 7 -isForBrowser -prefsHandle 2808 -prefMapHandle 5776 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79537157-16a0-491e-8e27-0e37e124492f} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" 5824 230fccb2258 tab
                        3⤵
                          PID:2368
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1800.9.810932019\1000335396" -childID 8 -isForBrowser -prefsHandle 5912 -prefMapHandle 5916 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e55966f-e232-4080-80b4-f3a61d0b51dd} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" 5904 230fcf10e58 tab
                          3⤵
                            PID:3988
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1800.10.341478192\1752381009" -childID 9 -isForBrowser -prefsHandle 5468 -prefMapHandle 5508 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23933d43-5320-4cc9-8fa0-051e54edd6ea} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" 5520 230e206a858 tab
                            3⤵
                              PID:5392
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1800.11.1065902611\1316806216" -childID 10 -isForBrowser -prefsHandle 5528 -prefMapHandle 5516 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb5199df-0f69-4044-bb96-899ad3198507} 1800 "\\.\pipe\gecko-crash-server-pipe.1800" 3012 230f9ae2f58 tab
                              3⤵
                                PID:5416

                          Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\10428
                                  Filesize

                                  10KB

                                  MD5

                                  dc0e983cd2d5117ddb0b106cc45430f5

                                  SHA1

                                  f0f790e29349243e863b39062a799329e869490d

                                  SHA256

                                  83c0a9a7658cfee9c01224fd03b15cd579a53b4e7bd60c1557c191a918fe69ca

                                  SHA512

                                  4e692ac75c005ab3e1d65434fd7aed07f28a9cba95aec30fcac60aff8c5dc806ed934ff61fea55808373e4b5ad26b3ccddbc29425d59d5bc41688e53129af1c7

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\db\data.safe.bin
                                  Filesize

                                  2KB

                                  MD5

                                  cc7a39f37d5df96ecf16b286c9f753a7

                                  SHA1

                                  5b30a6cb290f72c79e9323059e6f77eeca339dd4

                                  SHA256

                                  b332bd6b0a96d7cab3cca4bfaed86758a2be9c4cbdf888fd5ac5b06807182f65

                                  SHA512

                                  f8acf4b9cd73cb4e8dcf8aeb1fbf866b027d45025523023db5a2837c7d9bcae5f0253ea772b6bbe4e21b36825e9dfaf569d0ac1b23a593590ba4b13976e6570d

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\4344535f-7e51-40a0-9d8c-c34a2a0e1485
                                  Filesize

                                  746B

                                  MD5

                                  9e3b4873883440916794f06ac2f06591

                                  SHA1

                                  803acb04b4ce4e09ac318e6e68888ee6d5718512

                                  SHA256

                                  a6077fc2d4af43ad38b990b57677298aa05f0c184ec416258de8c370a23856e4

                                  SHA512

                                  6b75855552d672f3f780d6c99ebe3cb4841bd2db7fc27c600fa3b96ca5fee7972c984a570051255422736fe8663750ca3bffb4ab8bafacf439c7f96bc79cffcb

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\464bc731-bd7e-4dcb-a9bc-011c237d4bdd
                                  Filesize

                                  11KB

                                  MD5

                                  176b5de0530ef5b7e831e825544d4aaf

                                  SHA1

                                  68a3609596d1587979737ea181df532d1c8e282c

                                  SHA256

                                  dcc82ad130f5210ae2f094b35c4775914bfaf2cb86141107ba618430ad85094a

                                  SHA512

                                  6dc8e70d60f985cd3a563d468d23509181dc65860a6e9b96aefcc9baae752d5ecad12b4c90ba2b1daa54fc41bf412b97e65dc4ef29d9961f6a077a1a6af1e411

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js
                                  Filesize

                                  6KB

                                  MD5

                                  8e0cbcd4e96e756371b971233284fd11

                                  SHA1

                                  25662a0aded72d9179cd990aa6d6749ad05fe583

                                  SHA256

                                  0d6bdc9227f950a25165f9bc3d6c244d16959eb944da871ae292c669c452fe0d

                                  SHA512

                                  f82744a14ad41a73a1655e724bf3ba8136e86efb45fb6ea168f260ee651ef0527f011d9a8567f2f1fc6212ff0abe53e1ebba921711acaaed767b253ae4cf1adc

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js
                                  Filesize

                                  6KB

                                  MD5

                                  28f652dce2ccb040c19802f15672d111

                                  SHA1

                                  d7b5e0a5e52875fb54a254e8f6b3be5882d267db

                                  SHA256

                                  f912489d60137cf204dc0b0e305e651fd1fd958530d03fb29979172fe50ca17d

                                  SHA512

                                  93f02b2dac606c2ccb51ff3ae0c38343ef14b50e2ff99d10b315ad236e5aaf979cd314953a73254c0ab8b4cae1fa95b1629a64acb2948f71fa163ebf65324d6e

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  1KB

                                  MD5

                                  9cc62f8fe46c09c629b4251fa4bd28ae

                                  SHA1

                                  fe0220d7f4c7fd0e9aee166b962bf6857b7600d4

                                  SHA256

                                  08448830fd63ad7a65e117a60141b335b5e5e51b00e5679423a6d772a7879e5d

                                  SHA512

                                  5cb8bcacef90463bec7801c50f720689b567f9e44f3db4e404d35cfda5d1c28a5db79543e97193c8d59acc037da266eb6115fe1db2693466e6655fbcdb2bcf4a

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  7KB

                                  MD5

                                  fec97b3d6060cc30046dcfb8d50b2940

                                  SHA1

                                  430b07d5babb522eba693bf086905dcf0a2389ab

                                  SHA256

                                  fe3d31369a148c7683f170c0cadcc410ef06d9b2238b207eb64d7a017349c0da

                                  SHA512

                                  2c8a4f4ed4ddd4c80c9c15942bca6def6b33ab5c6c64aafa956577836ad93105f24f6a126889a67557ccbc30e3cfda8f0a4afc75a6263f515c509f8968583c67

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                  Filesize

                                  184KB

                                  MD5

                                  af8e1c5199ad02f420367fe0ab374cf6

                                  SHA1

                                  27d0ac8f8852474176e5847118778be9cd214d9c

                                  SHA256

                                  911083bb7d0a4d54320d4b3fadcf9492c8424d69b04316b5b4c28410bd5c66a4

                                  SHA512

                                  fd55da406c53d8f52a314d7a510782480a5011cbb4e3b528d81264f159a6793555f28288c0bb46b4f5e9442a0c7ec4afa4cade2b709fac62cd4ff932e57e6a1e

                                  Download Submit