Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://connections....

windows10-2004-x64

1

Analysis

  • max time kernel
    14s
  • max time network
    17s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    24-04-2024 13:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://connections.swellgarfo.com/game/-NwEvHxXeGgXa-pi-VDx

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://connections.swellgarfo.com/game/-NwEvHxXeGgXa-pi-VDx"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://connections.swellgarfo.com/game/-NwEvHxXeGgXa-pi-VDx
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4796
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4796.0.1331256008\313665771" -parentBuildID 20230214051806 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e3e21f9-9f3d-427c-bcc4-e3b5bbbeb486} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" 1832 15a98210558 gpu
        3⤵
          PID:4316
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4796.1.1634879910\46813429" -parentBuildID 20230214051806 -prefsHandle 2412 -prefMapHandle 2400 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3bf8eeb-de7e-45da-a35c-417b9e309918} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" 2424 15a84087258 socket
          3⤵
            PID:1608
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4796.2.816902667\1655542529" -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3000 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a269e6e7-3f4d-4ca0-aa57-5f9a7cbaa158} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" 3016 15a9b35a858 tab
            3⤵
              PID:2732
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4796.3.770179350\1377729178" -childID 2 -isForBrowser -prefsHandle 3308 -prefMapHandle 3424 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61574e82-1c24-44a8-9fc2-756a09c970c4} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" 3788 15a9cf4ae58 tab
              3⤵
                PID:4760
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4796.4.589194464\1634454055" -childID 3 -isForBrowser -prefsHandle 5176 -prefMapHandle 5008 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c40d4e05-fd5e-47bb-9c23-ffcd32e0c67d} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" 5188 15a9ca16d58 tab
                3⤵
                  PID:2084
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4796.5.341872948\322500730" -childID 4 -isForBrowser -prefsHandle 5412 -prefMapHandle 5408 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ce9d464-3e00-49b3-aac7-4cdd2a47eda1} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" 5420 15a9ee9a958 tab
                  3⤵
                    PID:756
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4796.6.407397436\1549029675" -childID 5 -isForBrowser -prefsHandle 5160 -prefMapHandle 5320 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {743b762d-d4fa-451c-ba12-5ae9c99c809b} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" 5576 15a9ee9af58 tab
                    3⤵
                      PID:2256

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ryfa7gh4.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  24KB

                  MD5

                  b25f5a3ac6f3a58afdbaf425a1c38f84

                  SHA1

                  74f8666e9d7ad1cb79d21ab318b961f6cacc45b4

                  SHA256

                  821683b813590c590740670600685f142f4f1ff5a971e718d35bb76cf63c5a98

                  SHA512

                  006c1a3dd52139a3f5926f247952eb1a067c076fe2ba23a391440a3b47c00ed4432b4ab4049f799934c4212f339759f2de00c96648682ffe1aacd5f2999d14b3

                  Download Submit