Overview

overview

4

Static

static

1

URLScan

urlscan

1

http://notlon.top

windows10-2004-x64

1

http://notlon.top

windows11-21h2-x64

1

http://notlon.top

macos-10.15-amd64

4

Analysis

  • max time kernel
    150s
  • max time network
    159s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27/04/2024, 06:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://notlon.top

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://notlon.top"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:688
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://notlon.top
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4680
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1896 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {652597ab-fa2f-4a1d-a460-5d34f2f1976f} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" gpu
        3⤵
          PID:4840
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2372 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9415c65e-ab84-4766-9280-e7292e017e3a} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" socket
          3⤵
            PID:2156
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3184 -childID 1 -isForBrowser -prefsHandle 3176 -prefMapHandle 3172 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45b1d9ce-1535-440e-9cfc-dd5eeb68a042} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" tab
            3⤵
              PID:4668
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2632 -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e68c932f-0fbe-4ce6-8957-8b8c75a08832} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" tab
              3⤵
                PID:1248
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4212 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4068 -prefMapHandle 4196 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {247830a3-d60b-474a-8574-42b4a5e9dace} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" utility
                3⤵
                • Checks processor information in registry
                PID:2036
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5216 -childID 3 -isForBrowser -prefsHandle 5200 -prefMapHandle 5192 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8df76ec-5d62-49ea-852b-308a6c6ccfda} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" tab
                3⤵
                  PID:1544
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 4 -isForBrowser -prefsHandle 5356 -prefMapHandle 5360 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95512102-7c61-4e46-94d2-1a1e079bb8a7} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" tab
                  3⤵
                    PID:2372
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 5 -isForBrowser -prefsHandle 5640 -prefMapHandle 5636 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f41a2462-3a35-49c5-bfc5-050f79e22bc6} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" tab
                    3⤵
                      PID:3432

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  18KB

                  MD5

                  e59f11c3e302345f1e17448d340798f7

                  SHA1

                  6dccc58c0a48b6d662ead9ad665e40864dca532b

                  SHA256

                  a7791153c9da56ac8b6fe8984f13b989ed25efb2be173cdb04a05540d1d69b90

                  SHA512

                  7d5c10281402819feb34418561c31227b84b533db3259d8e857d34903278208315c7636cf4a4eb0312b053a5d9938a543ac9587a97eecbe66951307feb2edb03

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  11KB

                  MD5

                  1dec639cf17eeb8ee190c82db5a5ea01

                  SHA1

                  cf70e5fddd2766bdb8fdcc1411f0ce18e7722260

                  SHA256

                  34c30fcb757fe1cf0ab1918f86a6de6f06bbc028159d1386f57d5b23755dcb96

                  SHA512

                  87e3d5df72cd46e92c8401c486350cf995beb7fae1726a6026971d7cb1edf4dbdfed916d0646dd05f25d9cd79fdf7dbef0d99e2986afde65e4d55eda43d5302a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  4b72ae797589ebdf8099d7a2a867f728

                  SHA1

                  2be7abd4e8d381ac40e8e077825064c726fe00f2

                  SHA256

                  b8c18544029e6069b8bdaf45eecbf70559e617cc6e4f472ca1306eb745244c08

                  SHA512

                  bea3c478ff338e023f97b568b11854981827896cd088bef6302186b6d383ddf7433c20d8a506e62c92c7c71df0872dd6c339c3aab9afa5acff6f46c9b3ca0f32

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  9d0a8aa8da62885651fd4c4fc0b98544

                  SHA1

                  c5381aee38b5cffac46c0e47947c2268d585b822

                  SHA256

                  2050e2663efe6722603eba8bab3c3cd969c0f665e9c25314754ba314f77329aa

                  SHA512

                  68a8db8e021205a1b2e5c13e814eeec47a9ec8ec4c004b7fa1f125fc2cd30ad17c6c04c862271bbf0a0d2c61b511c044f5401c022fa2038957e36db306d6446f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\9a32e5e4-689a-43a7-9b12-ff4b294c158c
                  Filesize

                  26KB

                  MD5

                  46f1ec172a3a099a1c8356764a199422

                  SHA1

                  4593a7e326d0e84af5e7183f19769dd3d8748549

                  SHA256

                  123f848f64e04cee5d2659733346e40601ec42f0b690f633ef2d180ae269704b

                  SHA512

                  76dd167bd03e384c6421923edc55f2245d04fc70702efe35c9b8fa8c00d62ad7c30120932d78aa3c2764c01ec9c4d659d98f0b34ca9b1432f81dc88d49c19c5c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\e5da5db1-cda2-4585-87e5-cb922e6e1381
                  Filesize

                  982B

                  MD5

                  a4483f8c4dde7beecdb5e621e511128c

                  SHA1

                  a842ed91d88bd144418fc09ae7a4905ee1cc8e97

                  SHA256

                  cd70401f5675326862beddfd8c58f3b3545cdf4d2ed65f68a1b1e55abc7adc9b

                  SHA512

                  b49092aca99476eee97c3597aba3d2b20b5e899180f4b71305f0e5e274762d9d744416bc349b137f0b1deef7f2d1924247dea96d4e350f2ccd9a1cbb388feee0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\e8b7d9a7-5a29-44a1-b3f8-4523e041170a
                  Filesize

                  671B

                  MD5

                  ca3c5026127af71b64bb97bdd34674bd

                  SHA1

                  c963229f41e19d8153e9997093d4af2a3cea0d49

                  SHA256

                  dd0f7e2a29c8fb85aef7202e5624ee36e1d1c77c0f797d9733d15d48c01a062f

                  SHA512

                  211952244412e7abb9675af96a0fd33da18769b46942608c174778527f53842ac71ec03731b4b1c061e2464224376afaae89bd9844def38046b22500db68f844

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
                  Filesize

                  9KB

                  MD5

                  04a8696306a2904dc13820a865081609

                  SHA1

                  7ae09f81e461854a08a22a9d1d96a4509f6b7ce9

                  SHA256

                  7ba5210bdda667e5a24ac078d24b05dc6a46d27b95b8af6cec450e0a9c50a15b

                  SHA512

                  f4656ce14ebad9990453dabda16bee4ef3a0a0e4304ea26436eac4e21ca361dd0ccc2a8396e9fd480a0f295d8911bf5aceb7cba5be0b6098be03b7710ee87fc9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
                  Filesize

                  1KB

                  MD5

                  2fb1354804bc9589e79a1b77ced685a9

                  SHA1

                  59355bc0144eb464992c9f725df5c903590075d3

                  SHA256

                  96a81e666bfd6cfdd6d11a2919acf93134c7c9122bfedce6f432933ecda1f535

                  SHA512

                  680113c6aff9a26edbc9afd7faec700fe1aeed1db73c392577bb088373c5f8c50d6bff9115821d8cf9d41e200cc7f464aaf7a8809924cfbba870f945d71f6065

                  Download Submit