Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://closingcosts...

windows10-2004-x64

1

https://closingcosts...

windows11-21h2-x64

1

Analysis

  • max time kernel
    15s
  • max time network
    16s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/04/2024, 11:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://closingcostsloans.com/wp-content/upgrades/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://closingcostsloans.com/wp-content/upgrades/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:752
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://closingcostsloans.com/wp-content/upgrades/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3016
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6daf6388-acb8-4a3d-b76b-c48d39a66942} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" gpu
        3⤵
          PID:3504
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76008fb4-cec4-4acd-97a7-75caa19fd320} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" socket
          3⤵
            PID:2628
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3012 -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3160 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfbeed05-b814-47d2-8502-ba38d6ff62c3} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" tab
            3⤵
              PID:4272
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3696 -childID 2 -isForBrowser -prefsHandle 3580 -prefMapHandle 2784 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77315f40-949b-4b08-89ce-5fcd5104173d} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" tab
              3⤵
                PID:3632
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2608 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2604 -prefMapHandle 2592 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {acf295f7-4eaa-4f94-b048-712740b7b334} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" utility
                3⤵
                • Checks processor information in registry
                PID:4720
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 3 -isForBrowser -prefsHandle 5432 -prefMapHandle 5188 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69cede7b-5d9b-4846-acae-10bf72255af9} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" tab
                3⤵
                  PID:4628
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5412 -childID 4 -isForBrowser -prefsHandle 5420 -prefMapHandle 5416 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4cc678f-2583-4b95-9538-4dbb1d7cbe54} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" tab
                  3⤵
                    PID:4324
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 5 -isForBrowser -prefsHandle 5740 -prefMapHandle 5420 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c77dc121-c3ac-4b2a-bac8-f0c9176e7164} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" tab
                    3⤵
                      PID:3556
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6064 -parentBuildID 20240401114208 -prefsHandle 6044 -prefMapHandle 5432 -prefsLen 30931 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9514af4-080c-41e7-bd07-43e514dea9e7} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" rdd
                      3⤵
                        PID:3908
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6072 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 5832 -prefMapHandle 3312 -prefsLen 30931 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d95d3de-9dc8-45fd-a632-de01264d2822} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" utility
                        3⤵
                        • Checks processor information in registry
                        PID:2776
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6228 -childID 6 -isForBrowser -prefsHandle 6236 -prefMapHandle 6240 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1857f66-7b1c-4172-b33e-663a3e95318b} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" tab
                        3⤵
                          PID:460

                    Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rvwtj7c1.default-release\AlternateServices.bin
                            Filesize

                            7KB

                            MD5

                            674e79e22e6155575f76daffce65baa0

                            SHA1

                            48d10eca34c28d54192d402e636db1510a6d7e47

                            SHA256

                            d0314f76f71f516c3d4e167fe04bec2550902e14784549b97f9273bbf2b54efb

                            SHA512

                            c9deceb4a85845b645776ea5e29e5996379bd7189016138dd470dba5102ee6d34466f73d1439f1e95ff9c9c2cd2b5c3cf0188d4f8125a0a6fac0d83f6572c89b

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rvwtj7c1.default-release\datareporting\glean\db\data.safe.tmp
                            Filesize

                            5KB

                            MD5

                            a28c366a6f981265f7c9207e0cd812c2

                            SHA1

                            2546234e4de011b64df5ec6d68c56aba06fe18e3

                            SHA256

                            5b09a4cfb5b62b081cb46bae79e264f2eac83ad03348d9be64ee2704a3d9e6d8

                            SHA512

                            828191174487ad3e7cf4cc6ae9521c08e403c24d23ce9c49d2a4dd81ef8a17cc1f72a49f35bd59c21bc9a89956a8615c2c02e5482daf0f479130ab331a841c4b

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rvwtj7c1.default-release\datareporting\glean\pending_pings\1bf43f5e-931c-4bf8-bdb5-639ae3bbed26
                            Filesize

                            671B

                            MD5

                            668d28664b0ba24634ae4e5b41eed95a

                            SHA1

                            2534d0ffe74fa1a205c30eafff5d1570ee29fa36

                            SHA256

                            3dea9cb4df82fa435604f4da0a551dd172941124446bdbd8a61e799fa6662b11

                            SHA512

                            fd0c93cdaf56893103c7bc32a3757ff9d1df10173aacabc022b02022d2ba235279a55b71c687a9c19b216b90ef64d07883149e562de6252851212d523cfdfc1c

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rvwtj7c1.default-release\datareporting\glean\pending_pings\4002746b-90e8-4712-952c-35a921f4106d
                            Filesize

                            27KB

                            MD5

                            d05f45724de484b20cf504856c387e2a

                            SHA1

                            c780fff6b6f1dceec19e607a32dd021a465f4e3c

                            SHA256

                            31beaa3f8b65f2edffbd1a435c6af0162c35119afe6688e2ab0d4994a9293839

                            SHA512

                            93f1da3f632244634fde518d51eba56d41a33b6cf633bdd927752cc189e90932e69cc1361437bb5b04b00e23f605e6bd78c9a3d3e4233a2a2a78e61cbeac3906

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rvwtj7c1.default-release\datareporting\glean\pending_pings\898258a7-13cf-4eaa-8840-e165d03d6286
                            Filesize

                            982B

                            MD5

                            13bb64b8981f3d699a62d2fe3f9a324b

                            SHA1

                            8a3368d196435e57cabff956de970b3120e8325b

                            SHA256

                            400c24a84b661bd237672324a499549b06a8271d2ef7223856dd217685e23d9e

                            SHA512

                            99aaf9e3dd60960863961e10996895e6a1df25f42408b79f72fac8b8ecdf22a88a1ecb9f9eb326c5de49e86ac4f2953478d838c10e54cbc00665a10b70b63664

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rvwtj7c1.default-release\prefs-1.js
                            Filesize

                            8KB

                            MD5

                            b69982314f6af1d219292834c44e1f2d

                            SHA1

                            4e75448ef239709a4bc2e5bf218af061bb0a5001

                            SHA256

                            23f7a7a00d0ad016a45fda69de14fee9fcce1b417338a47b0aa8b54a71686a78

                            SHA512

                            8ff23463a3c73104862f6b07d1bdae429ec5174b75395580a20e432df0efbf9bcf642c7bae95ded89cc914120c504e0a1cb9ba879e971475d30838b03f74e653

                            Download Submit