Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://ertec.com

windows10-2004-x64

1

Analysis

  • max time kernel
    249s
  • max time network
    242s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/04/2024, 02:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://ertec.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://ertec.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4040
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://ertec.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4216
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4508a33-9a04-4dd9-846c-bdd87d760283} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" gpu
        3⤵
          PID:1360
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8c5c6c7-8c34-4414-8e34-d8ad2b4aba68} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" socket
          3⤵
            PID:3160
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1256 -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 1772 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dadaef0-35fd-4faf-9e6b-f9b1320ac805} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" tab
            3⤵
              PID:1600
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3688 -childID 2 -isForBrowser -prefsHandle 3680 -prefMapHandle 2716 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {732bb23d-dc84-4370-8663-9ea7f0f6b7c4} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" tab
              3⤵
                PID:1576
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4776 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4768 -prefMapHandle 4764 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b5f14f0-0c5a-4029-a2e1-6f4e7571daaa} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" utility
                3⤵
                • Checks processor information in registry
                PID:4872
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5140 -childID 3 -isForBrowser -prefsHandle 5196 -prefMapHandle 5176 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f16ec4e6-c2e4-424d-8129-fd43c325e633} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" tab
                3⤵
                  PID:2900
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5320 -childID 4 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6e6f0c8-0ac6-47d2-ba1f-f8e29074fecd} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" tab
                  3⤵
                    PID:3200
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 5 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adcd3a6f-d0d2-4948-9311-7df8861042de} 4216 "\\.\pipe\gecko-crash-server-pipe.4216" tab
                    3⤵
                      PID:3632

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\md1ejlmw.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  18KB

                  MD5

                  d734fc26350849c00a63906a8dae3709

                  SHA1

                  d9ddec25f4aa9732f8c34506bb1f00336160e3a1

                  SHA256

                  c03b7d4afd2f620a5b1c7ae401bef247b45de32b763bb035ecf238ef006cbb69

                  SHA512

                  62fac617a2f3ea8d74449cc490388e2e02e525d12c70b1cfd6259668638d40f0a5e3e53ec6327fc4e622fedc202bb729bb176fcaf71ebb3abcb99ddccc11e8e5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  5KB

                  MD5

                  6fa2b6c5d6b66125f7ab0ab3aa6a4252

                  SHA1

                  5b3e0202a5263ead4c4409e8949b63865b85e4ac

                  SHA256

                  058cef14d5eb01552c2d239776b9330a45c946107e6c5fdc947ad52e7dd71d43

                  SHA512

                  c866b66fd32507008136e4e60e49bfdb837266f4763e684fea548a06621c68eb5ab9a8aa1eb0c273c4e5e4df48d1a043d64a5f4632886c5810ad912dee6ab888

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  21KB

                  MD5

                  1aec265d0c64a097e2b0c35bad4663b3

                  SHA1

                  d30748ba39cfa4e07951ea951152a755cf14b99e

                  SHA256

                  93416bdcddf9c9c44d62292e92a9aa0b3ad68badf6fae840935e3e3529819e6f

                  SHA512

                  e8e86650963769408428c15365885531fc8b807cd02d067dfb8b0cb1aa68f9366c6f6c2e19f7468cc0aaf7c2caf588d1d190d27cfa8a573212be688e7d518216

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\66b529c7-286a-4482-9ca8-a7c682a20698
                  Filesize

                  659B

                  MD5

                  40cb9fe5bb1d66f1453e3912ac252f5b

                  SHA1

                  ee132e96b33c8944f5b5b8b8924440a470521ad5

                  SHA256

                  d8a33cc13449aa790b56b5ce6a628de9bd46f6356cf607492afa92e7dd273ccd

                  SHA512

                  1a205c254b3a6347187277b0121775726345f825734674a06697dd0c782361e821f201de9351ab35e057dc48b1be192a92abefa5031962611c253e3d9414c96b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\722e3a4e-4b04-4746-a50b-d878777d0309
                  Filesize

                  982B

                  MD5

                  13e9c0a20fcde1e392119203d73cc8d9

                  SHA1

                  302ca8714088ef61e97dd41777e507479d1bfc93

                  SHA256

                  c65c522be1d06fed0d0cb9bd878f92bc46ce8b5dd764337506c562f95f7cf8d9

                  SHA512

                  8bf5b1857071094f03ebd6b2ace957daa91ef8c63c3928912a2eefae1229d10091708afe457657a7f63421abf056b900d76c91489b61b032c23edf23ab7f810e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  857636f327952c9cc350e6714891314e

                  SHA1

                  8d2ba43466865ba60c120349fd18627e67aeba94

                  SHA256

                  3368805cbf680c345f1c479922d29a9e61003a53f929309eadf18e8ec4fcb883

                  SHA512

                  add99deabd2b0893232a2928e8cfcf29383251b6efab6fec293e98693d257aae1051802d945e98de3a0dfecf381b73d3ca7bf93a5be84b21418da1fdc223c7e7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\prefs-1.js
                  Filesize

                  9KB

                  MD5

                  85e67130ddf4e0cd3972836f12967196

                  SHA1

                  1c6c1480766d905dc4dc0d0841741b24ab7a08e7

                  SHA256

                  bd97095b04ed17664fd876a42bad2e6f3e3bc3f898489304d2d903bfb9872a10

                  SHA512

                  6c916c7c1fae4ce2d37e74fa9cefa61f09f3b2a92d15b942a440d1d8169def54772eb458436adde125db5663198bae11ded08669553b38ad12eaa47eb8b3b473

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\prefs.js
                  Filesize

                  8KB

                  MD5

                  67e39e5a5a311ffd0a7a611617587412

                  SHA1

                  330a65d13a18556847e427c0eb68dec637fdf4f1

                  SHA256

                  f0f94dc32bad9df92ee056b353dd1816c9e2e9310f55aa4ffc573f4e38592328

                  SHA512

                  fe8ec930f937b76d737249f8efe449adbbea1b9cb6dd8b3606ff67b2e1b5cab50f4e132e36011cc83704477d1c95c63d9530f7bf704e00b0d04af30ab6c8abfe

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\sessionstore-backups\recovery.baklz4
                  Filesize

                  1KB

                  MD5

                  6a0f3daa943e19f249eb0df63cbd1f0a

                  SHA1

                  dd13914ece55ee42d41b1fa6ae953d9481269dec

                  SHA256

                  17d2459e0f4788567208d067ecf883a04331c3dfa8620c84084dc46d7de61a7f

                  SHA512

                  b4e41c9ab1ee7add997090a40a0412d51a8220c76f911d5b2c0446e36c3f98d35faa5d9a896769255dadb86bbff790e5599979f7a1e991f4caa5a958dcd1a669

                  Download Submit