Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows7-x64

1

Analysis

  • max time kernel
    25s
  • max time network
    28s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-04-2024 17:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1155213379296821468/1231647858474614967/image.png?ex=6637b874&is=66254374&hm=2097f27685daa9a89562744fd6c2750213f254e9dcceb912caaa60d06d1a000d&

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://cdn.discordapp.com/attachments/1155213379296821468/1231647858474614967/image.png?ex=6637b874&is=66254374&hm=2097f27685daa9a89562744fd6c2750213f254e9dcceb912caaa60d06d1a000d&"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://cdn.discordapp.com/attachments/1155213379296821468/1231647858474614967/image.png?ex=6637b874&is=66254374&hm=2097f27685daa9a89562744fd6c2750213f254e9dcceb912caaa60d06d1a000d&
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2276
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2276.0.1866006796\295963590" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1220 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea81f113-fbe9-4b1b-a035-342e2f3b56b8} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" 1292 113da158 gpu
        3⤵
          PID:2648
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2276.1.1486121753\1245058800" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23057601-cf59-4995-9403-cfa788cb15ed} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" 1508 1130b458 socket
          3⤵
            PID:2724
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2276.2.1957532037\1275289433" -childID 1 -isForBrowser -prefsHandle 2096 -prefMapHandle 2092 -prefsLen 21713 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10391f52-e54a-40de-b967-bc30606f317b} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" 2108 1999bc58 tab
            3⤵
              PID:576
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2276.3.1615570800\898605763" -childID 2 -isForBrowser -prefsHandle 2868 -prefMapHandle 2864 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af132d73-d0d3-4b2e-8c01-42dcd291dbaf} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" 2880 d61258 tab
              3⤵
                PID:2004
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2276.4.764877371\295504927" -childID 3 -isForBrowser -prefsHandle 3508 -prefMapHandle 3504 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {850cfaa2-0a1d-47d6-8e64-3f518c138756} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" 3520 1d1abb58 tab
                3⤵
                  PID:1908
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2276.5.999013825\277471786" -childID 4 -isForBrowser -prefsHandle 3624 -prefMapHandle 3628 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f1e7f71-b248-4da6-8e06-e04ea6af9749} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" 3612 1dfad958 tab
                  3⤵
                    PID:1444
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2276.6.2145890780\1142635983" -childID 5 -isForBrowser -prefsHandle 3876 -prefMapHandle 3820 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2967162c-0a4b-4d47-80f1-02e0736afc7f} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" 3864 1dfabb58 tab
                    3⤵
                      PID:1812

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  d25761b83d2340604a366ef48a1b5fb6

                  SHA1

                  c2108b67e06bc5b533ee7c95c4d55ba260978c66

                  SHA256

                  ce0ba7d1cf80ba8452b5c71f09a81726cfde133c2442c0bd7192ac8b92cec306

                  SHA512

                  d4e9d1ccd83e3143697450ddc10acb7108604444b23f2d180f5d676b072c6842e8bcc86cc1a90c29268bbd2740d7499dad263d13835fe2965e408ffd6f612cac

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\70c843ea-3f44-4aed-ae86-6221c831aed2
                  Filesize

                  11KB

                  MD5

                  750789afe8a1a1028d6b9bb80a116f6a

                  SHA1

                  2a45e19e6786d21cb523ad19fbd77ed934844a30

                  SHA256

                  6b0d394217fa5c2b88128c64960682f0571ccd1c44355bd22ab72b2588b0f8ee

                  SHA512

                  0c10dcfe9e5fe405e6e3ef5f4851ec7246fb7222656363254b66a8973db25d090ddff0218c309781080a21fb3a0318d8feb762377bac3f09482d370b230054fb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\ea8bcf5f-422a-42ff-a395-5416d766d4c9
                  Filesize

                  745B

                  MD5

                  a0abf1f3c41ed07a661084cad1aadf1a

                  SHA1

                  83373b54287b748b8ed12147edec704939a787dd

                  SHA256

                  a59c9fde61aa7bebe620eb7dfe965479f1e64bd4b36e7b979d206d4a8c66590f

                  SHA512

                  59f67e7df5690067c19fb5a11f0ee02399ef58ed83c129509dd97361bd61a714b29a382d8e0b33a8497cfe62e0a4e18e0c747eb68d4d5cd543b9643dbed8c9c8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  6d1cf43cb02b707ee316dc241e51d444

                  SHA1

                  0e3ac5e624cdf432c65ac176a79eaf4f57c86d40

                  SHA256

                  29e152ae34cc9e446e3c66942d3fe11303c84e6340c5649a75a62ff2bea0aad6

                  SHA512

                  39fa41ebe63eddee6851ac83cbbe43ed3cd8241291a9f4afeaf2a2ba9bdafb2f5caa9fe4ed8774d87702467de97d1bdec4bba597cdc29762df2be6fe4e4e8aca

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  c09e14712fceb847b7dd6bc434f9bf96

                  SHA1

                  411f88cd1df0db05df389e38d50e042aa2cd1d8f

                  SHA256

                  59338c47345d89dab532828d55085e8e68b0127e7b78872554ad073676236f9b

                  SHA512

                  c3ea66366b98c6d1194c038b0e132f6c95bb39a267f20f2decdd4d1cf6d3b6efa5c72845da4bc5c82e994b582e839748d7a23dad4873232c367de84de25a0aee

                  Download Submit