Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

windows10-2004-x64

1

Analysis

  • max time kernel
    476s
  • max time network
    485s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-04-2024 21:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.mediafire.com/file/z44r588ideuvs48/tm_cfg_win8-win10.zip/file

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.mediafire.com/file/z44r588ideuvs48/tm_cfg_win8-win10.zip/file"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:320
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.mediafire.com/file/z44r588ideuvs48/tm_cfg_win8-win10.zip/file
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:208
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1916 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c7c7ef1-1232-4fba-b89c-ab0297b3d142} 208 "\\.\pipe\gecko-crash-server-pipe.208" gpu
        3⤵
          PID:5024
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2460 -parentBuildID 20240401114208 -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04e2e24d-194d-43c3-b3a9-b51bd3599a49} 208 "\\.\pipe\gecko-crash-server-pipe.208" socket
          3⤵
            PID:1004
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3152 -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 3028 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f9f928f-4692-469b-847c-ffff3638a7b8} 208 "\\.\pipe\gecko-crash-server-pipe.208" tab
            3⤵
              PID:4884
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3572 -childID 2 -isForBrowser -prefsHandle 3596 -prefMapHandle 2960 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6728d72-869a-472b-bd20-ee678e7a8bb6} 208 "\\.\pipe\gecko-crash-server-pipe.208" tab
              3⤵
                PID:1640
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4216 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4380 -prefMapHandle 4376 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {171e0d3d-9977-4164-8bf0-ddf1770b6158} 208 "\\.\pipe\gecko-crash-server-pipe.208" utility
                3⤵
                • Checks processor information in registry
                PID:2744
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5180 -childID 3 -isForBrowser -prefsHandle 5164 -prefMapHandle 5160 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf651cd8-b3dd-41ab-8df5-95e369230b1d} 208 "\\.\pipe\gecko-crash-server-pipe.208" tab
                3⤵
                  PID:736
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 4 -isForBrowser -prefsHandle 5320 -prefMapHandle 5324 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d46e1a2a-dea3-493a-842e-7d5a2927739a} 208 "\\.\pipe\gecko-crash-server-pipe.208" tab
                  3⤵
                    PID:1216
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 5 -isForBrowser -prefsHandle 5488 -prefMapHandle 5492 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {072a2a7c-1a4b-46a9-8bbf-b84397f1f01f} 208 "\\.\pipe\gecko-crash-server-pipe.208" tab
                    3⤵
                      PID:4944

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l594d31n.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  21KB

                  MD5

                  11c49693fa2a986bb803f69a21e324ae

                  SHA1

                  8529291ee08e235766d6efb954d1258f68aba10f

                  SHA256

                  29ea68486c9d17a04a6299747b5618a07b8bcb09734ab9cad5f2d54cb1c91d3d

                  SHA512

                  85fe6707fcd9c7a835a5a81138594cd390fbc3f6bd0a798e0a190e67cb5f91c3ecd126deb28bfb94f86d18714ee5c5476e0d2bf6199f5ac48bddf98f7e77ec4a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  5KB

                  MD5

                  b8efeb7f60af54a1be68de186506e9fa

                  SHA1

                  b223bd4c4d9cbe348f8c7bd5f8273e3508d14cd5

                  SHA256

                  fc7612dc7f36cb534aeed149b0f6acf9b92d326ed829f4b8e0af849685338315

                  SHA512

                  7af6ef22f42045ed481a82e3941600593ffa4ea325fdd4bc629c385d03ea51524479f3bf3bf67c3e9d7355b9b7ee1f0ee32f959c73db12ee486cf8557e1a2f61

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\bookmarkbackups\bookmarks-2024-04-29_11_lGGEHwAiKjDnYqTsLYT0rw==.jsonlz4
                  Filesize

                  1009B

                  MD5

                  8715856e279b11f43e931810aab4d627

                  SHA1

                  e2878f32348e68d91c1aa4c4775c33b4e5833bef

                  SHA256

                  50e5c4006d73a8668d105ebc128d7a847488f0d5bafeab7fbacbceae66e06290

                  SHA512

                  e4b3802f2480ae44e0672b72866f0f1466e9f88090288168288ba5f965a4e7433b5d8b13be35b2a73c08106582236e4807ede2fb2f5f4c5a6781219651958793

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  907cdf72fc0bc9bf018fac83973fe4c7

                  SHA1

                  6836ada7cf941eaacfe9820cf76a7f6c83a14ec5

                  SHA256

                  f42689dc047133aea275bfb5daa44561008b1e1a1764b97b3a411c3ee3a35a65

                  SHA512

                  94624ee6548842fb0636218a4cf2d62622333a07cac1a712cdf381a613b993971117e1fd71de2dbcfe77ad948c6175082aebd8b2d7983b2afbdfa0958e5151ce

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  11KB

                  MD5

                  2d478a1e48f535a2b90b0bb0d97bcfc2

                  SHA1

                  f8da8f18ee9f2a80cb2d8000b0512498ae505cac

                  SHA256

                  797dd9270d76c9b56107a3ec9b1bd7c5e3b8f64a3baf4b1090f193cf8fd0fbe3

                  SHA512

                  dae9e7d658295edddd5a3c742064685f97ba7e3e848e207e62570eb6c43b3f3420c1a8fcd1c68635f6adcb546d72e4405a74d3502cb03cf08febeba0dea122e3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  eb02653dea1c647427894d2ca8f672b6

                  SHA1

                  78263a4b43b250a2eb52b32874f675ae6e097c5f

                  SHA256

                  ad83c971933c9bba20c3ae8576e5c73720e2a7d5d632db783b3f87b2c8a48a91

                  SHA512

                  92d68e252b0a0280010618424143892d317d229e1e84c41fd7416325397d69c9642ebe3c8c3b1d1cbf41c68b4f975365cee7de5b278312ab0fe4fece4ebcadab

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\pending_pings\86ef7ea5-b053-4e35-a505-8b093d22831d
                  Filesize

                  671B

                  MD5

                  091e7c1a6b530862e44850cd876c091d

                  SHA1

                  b3dc9b3311763fc4c78a0eb4477820a60221160f

                  SHA256

                  2b4b651c9159b966f2e4f3d19f7777cf3f91065f00a3b1bf985544043a818684

                  SHA512

                  cc6884c1c2ee9ab6efad3db61b4c6605d4cf5c5e775ee5e6c17318ef487695da3b1460f518f5757fec3c1cd3a287302a0283a1ca003f49cd23f749c02e57ae12

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\pending_pings\8a1a5328-a704-448f-8311-56f66b3ed597
                  Filesize

                  982B

                  MD5

                  0d77faa9ae719553f04b9e3dcb1eb80c

                  SHA1

                  7d689f299701beff0683a76f509d97610a7d512f

                  SHA256

                  6dbe1d29674b54af6b66141c342a8dd0a2c1180383728dc857671aa604656891

                  SHA512

                  c4f82016fc9e650da626c8ffff6c7e06b1631f2c1ec4eae3b48a12d1453baa59d3218d5c721c94c630182a0e59302a1f210bf20244ef4818a08933cafb4d2c38

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\pending_pings\8d679d0f-3088-4a9b-8b0e-8d5a720d120b
                  Filesize

                  27KB

                  MD5

                  91628070b27a8ae625ff4e882b2a0777

                  SHA1

                  13d106da98655f16750ea4e8c600fcf69b44264e

                  SHA256

                  575fcd41ffe5b93dbc93548ab9b93e1b1b94f7133827549ecacef27df847724f

                  SHA512

                  70c07aa0236163c387c574398c54c7a7caca979c9c34a98ee8743e3c20bd3dd496b0c28e85777d6b8fb43ca63ee6304bf8d893fb8f8e2f6ab1c1656a54950994

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\prefs-1.js
                  Filesize

                  9KB

                  MD5

                  0dd32bdba45c57eaf003fd507a0a4e44

                  SHA1

                  16b6735c126890729c822a04ab7134942f3154f8

                  SHA256

                  a982dd388344b82b0493d25b90349bde2eb1de481b33f0cdaa0a8936f011d0f3

                  SHA512

                  76859191028313267f5c0e04bc495e1bc52ece5b3d23324ed9b17aebd379adee4654d577ca9cbc7102e0b8a58031b088de9cceb4912b4fd3104a5445865157aa

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\sessionstore-backups\recovery.baklz4
                  Filesize

                  1KB

                  MD5

                  2bcf962932c34b02c53719cc563c26b0

                  SHA1

                  4348b9085f5f18b201958ed5854c99414a2de456

                  SHA256

                  7c0700b881417cce71f0b149af7b3f49dfb594afc7de65e3b523c563ecae318b

                  SHA512

                  67184a55ba7e79aca812e69b244427eee8dbdf5d3648d48029a859cae74fe4e77fe568ecf214a6b92fdf6b1ca85bf1de5beec40993c7dd83fa032668a1123157

                  Download Submit