Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://workable.uk.c...

windows10-2004-x64

1

Resubmissions

30-04-2024 20:59

240430-zspv5aff61 6

30-04-2024 20:58

240430-zskleahd78 1

30-04-2024 20:50

240430-zm2bzahd23 1

30-04-2024 20:47

240430-zlb1pafe5v 10

Analysis

  • max time kernel
    0s
  • max time network
    1s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-04-2024 20:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://workable.uk.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of WriteProcessMemory 56 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://workable.uk.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://workable.uk.com
      2⤵
      • Checks processor information in registry
      • Suspicious use of WriteProcessMemory
      PID:4104
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {126c0115-4b2e-40d6-aeb8-a7af02cc8b51} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" gpu
        3⤵
          PID:1740
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8659827e-96cd-44f9-b917-fc57c99c03d5} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" socket
          3⤵
            PID:4264
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3052 -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3180 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2d4150b-aed6-4c86-9401-ce58a88de7aa} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" tab
            3⤵
              PID:4072
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3668 -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94542382-2c4c-49e6-bf07-3df01c35ebc2} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" tab
              3⤵
                PID:5020
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4880 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4872 -prefMapHandle 4868 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94fd15a1-a815-4b78-97a4-3cde5b042e02} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" utility
                3⤵
                  PID:1540
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5144 -childID 3 -isForBrowser -prefsHandle 5212 -prefMapHandle 5208 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ccf1603-ed46-479a-b0ac-e05edd719d2a} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" tab
                  3⤵
                    PID:4988

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\datareporting\glean\db\data.safe.tmp
                Filesize

                5KB

                MD5

                d7fbbad49bce56aee60d372005b92684

                SHA1

                57e1fcd53330e8e5b93a034e796f67531198148c

                SHA256

                1de11b00bd1c7e5a2c9f33b312fe7d5ac589ddb9ef9efa7011e9b9f85338f620

                SHA512

                35ffeaea222381d7453a21991adf95952f42978f21c20e21c8ab32b7cf29627563890d30f75d3ad5e6bb4252052b64ba739c1379c40a7f7133d9c09e0d0c5f39

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\datareporting\glean\db\data.safe.tmp
                Filesize

                6KB

                MD5

                8b36973987b477456d15331136371d99

                SHA1

                4507276585a4352b6a0b6697f0df6f9386d1c9e9

                SHA256

                cff53911012c0f6eea0a10409bd5b3d0591fd973113ca212c20610b851d82fba

                SHA512

                e107862d419bd5706c0a4ab211610a388a3b1c5f7e6f32fbfd0c8e2489a9665d7177a7da12c5de55b6a249d5ba5cade01722f03c18fa51842392181c57e6a716

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\datareporting\glean\pending_pings\3c16bb9f-3ee8-44ae-a171-093542a3bab0
                Filesize

                28KB

                MD5

                f5ec32da74bf6e5de77752dbeb8b6ad7

                SHA1

                ade9a5aacdf538676736dde04bef4aefb2e1a5e3

                SHA256

                a9455f7fd1ed1a0d2fe2afdae0c2895d10dfbe57528f6b858f558aff4fb6bc7f

                SHA512

                1b029bd3662f6ba479c38683d78f6da50dbaa32507c8053600a7f0af46a75a6408c3be7bc6c35ddd59a780a4fb24e74f6c3076803c19faf9beea3756e0a372f2

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\datareporting\glean\pending_pings\53d1cf32-bd77-4edb-a6cf-b346d59ba1d5
                Filesize

                982B

                MD5

                4ca0807732ac9bfd69f0bf674cb67ec5

                SHA1

                f0a14bb2eb8bc2439d41c78a1f0a02ca3f81e247

                SHA256

                c7784b3916c549f2d67f17474c99d73cbed6a4dde2cfbf32022c77cc9216cc67

                SHA512

                991010b650b86b163e5bf41a8fdd6c2295c46074db0b7a025e44493184b699bcbc21e4ee4f38f209862042ae88db863a52e78b3c34e1dd154038b8d834416156

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ihcffylf.default-release\datareporting\glean\pending_pings\804538c6-a368-4577-ae33-53df6a1dfd81
                Filesize

                671B

                MD5

                288aff7c279c3a9baf2ca5338139a4fc

                SHA1

                3b6f0e9b82790dff8369a66d8526b61cf40596cf

                SHA256

                c8a974ba21e3c5f416d99ffda53e742ca7a10554c91e63c92b7eeb9b5e2a2e5c

                SHA512

                a6af06774fdef53e3c85f05e7cc2f31bbaa7bb8961073ee7ef6b614a94b3ec93e11c3edd6e3cd3a2b6c6e052c943fa5bb4db4cd04519f9a5f0914db86b796fa0

                Download Submit