Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://discord.co.za...

windows7-x64

1

Analysis

  • max time kernel
    19s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22/04/2024, 03:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://discord.co.za/de-de

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://discord.co.za/de-de"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://discord.co.za/de-de
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3020
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.0.224695634\1474621571" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f393e447-2a62-4400-a6a0-cdb25a9eecb6} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 1288 104dd258 gpu
        3⤵
          PID:2788
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.1.1778537328\449143278" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c71b4b15-bf22-4553-b20a-5d6595406daf} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 1504 e6f858 socket
          3⤵
            PID:2936
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.2.1672824935\889706941" -childID 1 -isForBrowser -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {932348c5-4f00-4418-b2b1-ba5b5b23006c} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 2136 19eba358 tab
            3⤵
              PID:2524
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.3.387951303\1120696505" -childID 2 -isForBrowser -prefsHandle 2888 -prefMapHandle 2884 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {296a690f-4f4c-48a3-ba83-557bb4a32522} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 2900 e6ca58 tab
              3⤵
                PID:2832
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.4.1302421946\1502199673" -childID 3 -isForBrowser -prefsHandle 3652 -prefMapHandle 3672 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed31c07b-54cb-47ac-918e-971b10131ced} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 3696 1e288b58 tab
                3⤵
                  PID:1020
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.5.1556569463\531346817" -childID 4 -isForBrowser -prefsHandle 3684 -prefMapHandle 3680 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {770b6920-1a6f-452c-a6e0-c6aa779f7b41} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 3736 1e294558 tab
                  3⤵
                    PID:1672
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3020.6.393643037\226740053" -childID 5 -isForBrowser -prefsHandle 3976 -prefMapHandle 3924 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a67ab006-4379-4676-a7c8-52483124026e} 3020 "\\.\pipe\gecko-crash-server-pipe.3020" 3964 1e4d5858 tab
                    3⤵
                      PID:1508

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        5KB

                        MD5

                        d25ed411a3b9ee3495a92f096d34df6a

                        SHA1

                        f473c33a933a2a5ffc65c4f6ec47c9308798ec11

                        SHA256

                        d47fcaf1d9cf90236a64140b4d2ba061b4fd634a34869c13989089b620fecceb

                        SHA512

                        b4387268fa2913137079edcbc8ab16249f3a9274035118249f08cdca27314a0f091747ef3d1d109af63d6f710cde4d5d5e4550bb13304f755be04c63469ee196

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\0efa9c52-1dda-4ffe-955f-f90caa66fe46
                        Filesize

                        778B

                        MD5

                        f377de6e86027329faf150b18db3c204

                        SHA1

                        9885626ba8cf8606a95f5f30326edf484fad1ce9

                        SHA256

                        03a30897343a3bf8ee77a74ff07c6861a62d0aef02c45a9d9ac17486e034a251

                        SHA512

                        90a60cd6c3488a47b394725ff392af174a7dec08ed60f04cfe4dcbe0b3d647db50e4574a9457666ae31285e0aebbcda29c1bcb18b1f5a7354659d8169d61a424

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        bf25ae2c0192fbc45492ef44895d76b7

                        SHA1

                        4e54fe95a523c5de5dd3d822676e6fd7f5e910cd

                        SHA256

                        677c50a24bdd7509cdd20496806b06a5df57523a7dbb30384fe34c714c112ecd

                        SHA512

                        260bb454426a56258dd08ac46ab6a627d602e957260f13646e064f428153d68fe3aea482c9a4ccff3baf908bd47033c61fc83babaac118ccf98c2accd3ff53a5

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        6KB

                        MD5

                        8189d861f815a23e2e7bfbfa9d7f091f

                        SHA1

                        4e81e98c9daf6c513343b1917a06dfa2dfb9d780

                        SHA256

                        431f02e7cfcb78d36c0a4ac35777ee70b47af0a57025519d63e1f6b01dfde954

                        SHA512

                        7221b2350e09488b786f984cf3a7bd0bd237d62ee6120d04bfd5f9ead9a915066c86c460a6dd6cd74f8f0d5c83d85f2a81f7f5992e32dcdb93796dc331c8adb0

                        Download Submit