Overview

overview

1

Static

static

1

URLScan

urlscan

http://shally@makerp...

windows10-2004-x64

1

Analysis

  • max time kernel
    32s
  • max time network
    34s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/05/2024, 18:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://[email protected]/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3288
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://[email protected]/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5088
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.0.1108833360\1966312266" -parentBuildID 20230214051806 -prefsHandle 1812 -prefMapHandle 1804 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3301c2f-240a-4b89-bb91-98caeeb996d8} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 1908 27713f0da58 gpu
        3⤵
          PID:2068
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.1.1446711471\651239246" -parentBuildID 20230214051806 -prefsHandle 2492 -prefMapHandle 2488 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb70af56-ff0b-4775-9c02-699e104ef67c} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 2516 27707186258 socket
          3⤵
            PID:4604
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.2.1822993815\596184395" -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 3016 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1100 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b59d2cc-5b81-4566-9af6-f0c95ddb71c0} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 2944 27716d42858 tab
            3⤵
              PID:4108
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.3.302160997\1080337648" -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3600 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1100 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {481d8354-67f2-42d9-bac5-f211aa549560} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 3616 277189cc858 tab
              3⤵
                PID:4808
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.4.1039414500\647659483" -childID 3 -isForBrowser -prefsHandle 5216 -prefMapHandle 5200 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1100 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {449d3c87-06bc-4486-83dd-92bd1f216d6d} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 5224 2771a961158 tab
                3⤵
                  PID:1320
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.5.1634054758\1846377407" -childID 4 -isForBrowser -prefsHandle 5332 -prefMapHandle 5240 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1100 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a224f19-63b7-49f0-a7fc-a6871e6c9955} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 5372 2771a962058 tab
                  3⤵
                    PID:2008
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.6.142183956\212883369" -childID 5 -isForBrowser -prefsHandle 5628 -prefMapHandle 5624 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1100 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ffe48f4-0d3a-4a2b-870f-314abc2b3150} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 5636 2771a962c58 tab
                    3⤵
                      PID:2312
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.7.2097064678\11828842" -childID 6 -isForBrowser -prefsHandle 5764 -prefMapHandle 2852 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1100 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee2ff282-7a8c-4c4e-92c4-e709a3ec3099} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 2796 277198e6258 tab
                      3⤵
                        PID:996
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.8.1656834231\1160119752" -parentBuildID 20230214051806 -prefsHandle 5864 -prefMapHandle 5860 -prefsLen 27697 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1251b52e-4b30-4e0b-ab8c-280bc537c380} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 5856 2771a817e58 rdd
                        3⤵
                          PID:3080
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.9.634988870\1425505133" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 5876 -prefMapHandle 5872 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7d2a15d-e5c3-4f08-840f-d86f20ccfcfe} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 5428 2771a818a58 utility
                          3⤵
                            PID:1364
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.10.599795896\1176355542" -parentBuildID 20230214051806 -sandboxingKind 0 -prefsHandle 6100 -prefMapHandle 6096 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f09d2b34-786e-409d-89af-466377033de3} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 6104 2771a81ab58 utility
                            3⤵
                              PID:968
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.11.352367268\138773408" -childID 7 -isForBrowser -prefsHandle 6392 -prefMapHandle 6388 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1100 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0409295a-ed66-4bc4-9275-a68dec155e37} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 6356 27718782858 tab
                              3⤵
                                PID:2672

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp
                            Filesize

                            23KB

                            MD5

                            e454e09c022d14976049733af329c9b0

                            SHA1

                            3f849194769a72ee09c14ce7e7ecb9bfd0304c61

                            SHA256

                            1d94f194c6c517b9fd40f26f221ed43d81f1dc82fd5753fa1a2882c078f3dabc

                            SHA512

                            af045076e212cb29d9d7461ffc62497e2b6896ee5f6311b70030c1aab4d4380b72304c06fe9142929c750d4231cb0c4a89826fe520464b7d93a4f6ac5bf9b4bd

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp
                            Filesize

                            24KB

                            MD5

                            dbde06d934726ee913c5189f57a4ecf1

                            SHA1

                            23ab626f8226a3fd26bc5bd164755873ed9a9e0a

                            SHA256

                            6d5ccc82dec5b9b0fbfdf43b24fec77171b846a487c21cbc47af0b638e492f91

                            SHA512

                            b0d056b515b28cc1758d10b5a1271023f2eb8de67106fd675c3c016e73f20df912fd9d1e6edaf77a9d2af2de5bfdcea8f36a675aae5a7662ceac35ae94aa38c8

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
                            Filesize

                            7KB

                            MD5

                            433412f1b23355cf8d15dad803092bec

                            SHA1

                            3741cbfca378fc08d45ec3cc3cdd91feb42f7923

                            SHA256

                            483af2efbe33a238182757045d7b3eb99e05ac70e94299c50946d0291eabec50

                            SHA512

                            ea321e2542b09e261ad839afec1f24914e8b98bcadbb04e63667da7bcad9d25f5d0cdfddf1be1aa2e222a53c7b77e1c7f703bd5cf49297410465ea4667b2af40

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            0453e9b0e5522f1ab4bd557abfe4661a

                            SHA1

                            59570b864b832f264cba1e97cdf6258aae6e8a2e

                            SHA256

                            6fed89bb27ed695d8ca91e1651bfd84ce0e61a1bdc0ee0849f5cfb0904c33bcf

                            SHA512

                            8e34b0cc12b0a696c614fcb8146e6934b6ec1d3e7158caa1b0b0315a15ae4f9327816729f44660b804a4c68bfe2d00acaf43c99813b822a497a185160e051179

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            ac8fa7170500560e58d4434228809367

                            SHA1

                            f860d5266f4416220831eb22bac7478724d74943

                            SHA256

                            fd12c01ac2074e799dcbb9dcfc48c2288a13ba3320e4d9462cee4c4230339a39

                            SHA512

                            6d87d4af06f4f4941814f70daeab0f5d7a021ef90588dcebbaa9a02ece364487ce4f951f51fb274bf2df3fa710eb45c51d507ebb435af929ef3733c506a25257

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            f729d3225d11dde71b53f32f2c58a200

                            SHA1

                            93866534cb2c03d64d49ef40f328f411a61257ef

                            SHA256

                            5f606a4eb9d360c4a22ff097836d2c0b13af3bebb144f7e6ed613a94f500f810

                            SHA512

                            723025edb24cd61dcc9b89796601f7f56b435e4572650404150d98ddc42fb95e2349debf8886d15e507b32d164d2690066940f58043d1236a2035c5aee414eac

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            3KB

                            MD5

                            f5b7261363c7d398afb268de232c342b

                            SHA1

                            6cd6c0a56bd4f150c4def1c73630653573d1236e

                            SHA256

                            e1b8e9096f051d4af84d85d7ccece8abbfe5b5dc046421748de1c50ad0dfe3e7

                            SHA512

                            106f2b77371058aa15ef17b116710066c10b223248bf10bd8aec8f79e8b23d35c88681f1601713653f2376b607756c5adf6aadb54bf366e410d11d680d4b254e

                            Download Submit