Overview

overview

4

Static

static

1

URLScan

urlscan

1

http://laslpasss.com

windows10-2004-x64

1

http://laslpasss.com

macos-10.15-amd64

4

Analysis

  • max time kernel
    194s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-04-2024 08:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://laslpasss.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://laslpasss.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4948
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://laslpasss.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:388
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5316c8f-60f2-4b70-a1e0-7336d81618f6} 388 "\\.\pipe\gecko-crash-server-pipe.388" gpu
        3⤵
          PID:4428
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2488 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1045290-eee5-4537-b7e4-f6ca3451d6a8} 388 "\\.\pipe\gecko-crash-server-pipe.388" socket
          3⤵
            PID:2244
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3048 -childID 1 -isForBrowser -prefsHandle 2896 -prefMapHandle 2912 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b9069a8-1b4e-4da0-8e7b-070cf8247c4c} 388 "\\.\pipe\gecko-crash-server-pipe.388" tab
            3⤵
              PID:4996
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3996 -childID 2 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8612dc77-337b-430b-8d3b-c5462e9294e9} 388 "\\.\pipe\gecko-crash-server-pipe.388" tab
              3⤵
                PID:3716
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4644 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4640 -prefMapHandle 4616 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1d30afd-6f04-4aa2-9a1d-9a52407a3e36} 388 "\\.\pipe\gecko-crash-server-pipe.388" utility
                3⤵
                • Checks processor information in registry
                PID:2044
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 3 -isForBrowser -prefsHandle 5364 -prefMapHandle 5360 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b635c2a4-37bd-442e-bb9a-a986c4afdfdf} 388 "\\.\pipe\gecko-crash-server-pipe.388" tab
                3⤵
                  PID:3736
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 4 -isForBrowser -prefsHandle 5280 -prefMapHandle 5256 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d17c85e-d99e-4171-8163-0564d2c3e28a} 388 "\\.\pipe\gecko-crash-server-pipe.388" tab
                  3⤵
                    PID:1800
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 5 -isForBrowser -prefsHandle 5648 -prefMapHandle 5644 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9b2f16a-04e8-44c3-bac8-0ba81df5beb5} 388 "\\.\pipe\gecko-crash-server-pipe.388" tab
                    3⤵
                      PID:1052

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\md1ejlmw.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  21KB

                  MD5

                  693d3844924f191b10e00a2ea2ffa02f

                  SHA1

                  8209ad25cfb2c781888b62b225aac9f9c17e78ab

                  SHA256

                  8bdbd5c4dc1b3113130a8aa27c5c1802fc68906bb0fb098e4862d86e7d70e0a0

                  SHA512

                  7c47c20a96d0f1a231195ebbfc405582c1758b02cbf8cce8d56be8e3e0c2ae70419860d8630844f5c40a49c157b844e2ce6d0227fb96fff0a09881d2eb18c8cb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  149b2823992d9fd1fcc1812ac5258bf1

                  SHA1

                  04ca7e2e651aa7349839586f33ec7ec2154dfbd4

                  SHA256

                  309329c02f34c63761cf2c87961630ad219d4b3072891a4c4a77ac4794b5d0e4

                  SHA512

                  87e1edf67ec91d2a35fcd797a3845f6f944da0234f496c7cf9f336d27dc51f5078494a4ecfcdaa0c550f218aae272c33b43a6208b1c2fc2e7d051aae6ad44dd8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  11KB

                  MD5

                  08ffbf98cc6949b3a4d6a61fce97c1f3

                  SHA1

                  d937c2196d9238fefc26484b65fb0db60c3726c6

                  SHA256

                  c0a13eab13331923bb1739baadac6f2bdbfcee17747256d6485cf33aea372b90

                  SHA512

                  e4600c7a52c7fc9244488098f073c978d1783f5a2ac0dda4635f9ca7ca9e2c7bd6f33ff088a6e8acd48ec83293b14ed1e220d10794232fce83ca43087c290d8b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\5c076158-8daa-4eab-8be6-36d1c050286a
                  Filesize

                  982B

                  MD5

                  b2185c158d28c0f0635c8b0fcf693804

                  SHA1

                  4e8ce1a93b94d7d40b2bb091698efc183653149b

                  SHA256

                  b1bad5c05db51126afc288475499e201555bce800b6a4673666d84c42beca518

                  SHA512

                  ee886da68d70c7fbc924651bcd9c90709a5e38cc4ee3cb1dd4e32fe53dd4d7b6784be0b160ad8d3557d972b226c8f30e27ae8d6ed34699c34e0e845a6116a3a3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\9b8761c1-706e-472e-bffa-90338e5a9a69
                  Filesize

                  26KB

                  MD5

                  c05cede97117d0fcd77906d5b4390c79

                  SHA1

                  f2b7ea6eda401b08973439393402abf90f739c65

                  SHA256

                  569001d74d25554ee1ce3fc3c08edeb55307728a4db5c663da85829095912c08

                  SHA512

                  82f95734858d6e06e9359789563cde7c783bffd8edf44f9e6e96a4f2869b7646b1f116e8a804d68c85438dfaf1254c0499d041d1a05d80cda16144b5e1533039

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\be48cec8-61b0-4ea9-883f-74b255332f21
                  Filesize

                  671B

                  MD5

                  1a4566e535ec80aa625aca0a5f113144

                  SHA1

                  c672a030a506bc5965dd1f2051b2d73d40a734eb

                  SHA256

                  a62c8b6ee33a42438f1a9994a066da7df194ee607d2dc1154aa4ca2003352147

                  SHA512

                  af9f0592ddda283f56aa2885d21aad8263cb919a10a8643803ffacd7730bc1787b2a963e87fe5071090e4a323d06a0d7f2042b6140bf605116f2468fac264b43

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  19faeba398e40a9e0a01bb29f01a606b

                  SHA1

                  af75f0206da5280ebf7e8d66daef07a312e0b7d9

                  SHA256

                  23c32c88c6c65297f479d46cef484db6eb985d8e2f53bfe759138b39e7da49af

                  SHA512

                  c876930d560587a77e9020a752d5f4bbc199bd657dd2eb5a7f6bb556bcfc8af55537d4d91136117ffbb1864b46c41e405997799d9ad8cdb4c062fc398044ccd9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\sessionstore-backups\recovery.baklz4
                  Filesize

                  1KB

                  MD5

                  8aad79232648a73db6288f4ea58dc793

                  SHA1

                  64d540690290d465c0407ae2d6d8a633ff3faf57

                  SHA256

                  7bf3f0044977ae9ccde0fae2618a3c18e8fe9db1ca2aa9afcb53b1f66255ffec

                  SHA512

                  bf7815520ca453ee5575ff95fcb250b1edb6d3b4edd01df1d38e5c1209ce595c06eef1305315bf5143c2190e56c212df6440dfe0bf4f8965f190f9e671bf9c13

                  Download Submit