Overview

overview

1

Static

static

1

urn:aaid:s...0.html

windows10-1703-x64

1

Analysis

  • max time kernel
    21s
  • max time network
    17s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03-05-2024 14:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    urn:aaid:sc:US:30046835-c0eb-4c6e-a03a-d104bba79aa0.html

  • Size

    640KB

  • MD5

    c4891463383d15053eb5665107979e2b

  • SHA1

    03350947b786821a782a069895e4d94799cf1d25

  • SHA256

    ffbf75fa0cd7592f09615521f57118cfed3385490f0127a1177d7491f6bd6c65

  • SHA512

    6bab5d61cee84e4c71be4ccfbaebf9cf505358115493f6b05fc430f06fbabe1cfa22028f8f4be2837095154bdf4d4299dd0dc350ba3ab59e3bc91692d350ec57

  • SSDEEP

    3072:dfpAwmLGFKZFKerIXHwZNkqsolKt8GkeEpfM1PICBgzoMfD4BTxn:dfwvrIXHwZ/O8tu1PIcgzoMrkn

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\urn_aaid_sc_US_30046835-c0eb-4c6e-a03a-d104bba79aa0.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4768
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\urn_aaid_sc_US_30046835-c0eb-4c6e-a03a-d104bba79aa0.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2896
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2896.0.1132030279\1124609271" -parentBuildID 20221007134813 -prefsHandle 1744 -prefMapHandle 1736 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca078bc9-14e5-4419-8ae9-72826904419b} 2896 "\\.\pipe\gecko-crash-server-pipe.2896" 1824 1dd42bd5858 gpu
        3⤵
          PID:3780
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2896.1.1688628506\1085781409" -parentBuildID 20221007134813 -prefsHandle 2188 -prefMapHandle 2184 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1ee70f3-60c9-4eb4-84d2-673bc30b10c1} 2896 "\\.\pipe\gecko-crash-server-pipe.2896" 2200 1dd42aee558 socket
          3⤵
            PID:3536
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2896.2.521942925\12743993" -childID 1 -isForBrowser -prefsHandle 2876 -prefMapHandle 2872 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22403dac-7025-47be-8020-57cd3d1605ae} 2896 "\\.\pipe\gecko-crash-server-pipe.2896" 2888 1dd46acd758 tab
            3⤵
              PID:5024
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2896.3.1416192480\388816760" -childID 2 -isForBrowser -prefsHandle 3268 -prefMapHandle 1056 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3818fef6-7044-4475-8586-e0c81b2511d9} 2896 "\\.\pipe\gecko-crash-server-pipe.2896" 3192 1dd37b65858 tab
              3⤵
                PID:2004
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2896.4.2019671335\2096504560" -childID 3 -isForBrowser -prefsHandle 4396 -prefMapHandle 4736 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffefd4e0-f8df-49e2-b641-fec2959e3771} 2896 "\\.\pipe\gecko-crash-server-pipe.2896" 4748 1dd49c9e258 tab
                3⤵
                  PID:5084
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2896.5.257648151\1692179466" -childID 4 -isForBrowser -prefsHandle 4972 -prefMapHandle 4968 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7dd9633-064c-4c12-a90b-5fe6f1aa788a} 2896 "\\.\pipe\gecko-crash-server-pipe.2896" 4980 1dd49c9e558 tab
                  3⤵
                    PID:2380
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2896.6.365800213\1112918184" -childID 5 -isForBrowser -prefsHandle 4748 -prefMapHandle 4980 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {168a2758-5e87-4ab0-a8c8-b6366965d0b2} 2896 "\\.\pipe\gecko-crash-server-pipe.2896" 4872 1dd49ca0058 tab
                    3⤵
                      PID:1880

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  c267d6a5667268e208b4aacf2bbeb536

                  SHA1

                  42009359101653e07fd42afde9a215edff272689

                  SHA256

                  c712eabb9b82d2cef0c65e68f741c182a6a431e74241509b61c875a01e3ce708

                  SHA512

                  bab9f739493b814748133bd6b6e07fd09935cf940098532a527f135aeaa72af0b1f8508a5f971f66e839b84e373d87d828f21e2db304694e6fbf6b8e9a8b02b4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\8b9013ca-3dd9-4256-9a64-58ea83f0cd30
                  Filesize

                  10KB

                  MD5

                  50b7e9c64fb92637d90e22855d2ed9d2

                  SHA1

                  9c29bc7fc1e0657915c822cc6c8774ac1570da70

                  SHA256

                  a0195997b3601f3a0ca04d48f66e0cf878ab1aa3c813bff3c518c160ff5a2131

                  SHA512

                  2b9cbdeafcf0e817725ca305be191c583cc4b24522db51734bf13c853c0494f84a36ddaa3ef696689d53332d64e383fffb5e0109b46be6db20bc60db1cd79b1c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\b0ff9e59-9871-4919-9f91-0a05009784c6
                  Filesize

                  746B

                  MD5

                  38e770bf13af6c708ee37bfe10890a1f

                  SHA1

                  0b448b86ea382e878490fbf3203db4dd8d2b4065

                  SHA256

                  0d55fc2510e18c7ee84abfb2b5596f7227f5853194ff584d2f6588e70bce649a

                  SHA512

                  4e9e7911ca3d8352c9a7153d621f985d93107e83b6e354e744b993a63eb17dfd8017a2a5d5cfef66a7e41ac564b7ac0b29ec7fc4f23287855d8e19f45f1fe392

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  f6e9b0dc8e3ff713d3193632a779396d

                  SHA1

                  17b0dca8ec324707a8ba1be699abd3135dea270b

                  SHA256

                  121d0befcaab71bc585145a2dceed9315db53b4075f24bd7de301bfec4f7d4ea

                  SHA512

                  81fc6df88381688c81d4c010d1d9aa33c359479037ec7279ea3a82d5f3d27f92619bfad1c912400129af3521e3795174341104158c7c1e5288c60aa3bc0d5eec

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  3af08589606e507a98367ed84ed30b56

                  SHA1

                  e61d0bdf8f3bfdd08a59f8c45e5c074f002fee9c

                  SHA256

                  395b4b85072dfd65c0129e30f7c476cc4a53fca3320e7bf043d13abdc3bf1787

                  SHA512

                  d5781f778f74aa9b15667fa366efef9999af75bfe8cd0a8ffe75df873f5bdebcb59da1e2c30e8b0c1d3426df985342805551aea201236715d4cbcc63bfde0b6a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  6fdca37b7272d963b188e7e40de73fc2

                  SHA1

                  7f65d3fe2d34174dda341e211d1d034c3aeeb038

                  SHA256

                  4f1014fa953dd397211d622234bc362a844f3a8c5aed8fdd2abd630684720158

                  SHA512

                  c15034714819f3f764eaf6a54ff4de0bc884388c51543e300b8c0ff9b152c672e69bc2320be5ba3438120c54ee324cd72fd1e5f627e480bd49e359c2e69f7276

                  Download Submit