Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://download.tt2...

windows7-x64

1

https://download.tt2...

windows10-1703-x64

1

https://download.tt2...

windows10-2004-x64

1

https://download.tt2...

windows11-21h2-x64

1

Resubmissions

22-05-2024 04:29

240522-e39m3aca78 10

11-05-2024 11:09

240511-m9hrxsge69 10

11-05-2024 10:59

240511-m3ndtsdd2y 1

09-05-2024 13:02

240509-p91nvaag8v 10

04-05-2024 06:42

240504-hgj23ahe67 1

02-05-2024 14:21

240502-rpcsdscg77 10

Analysis

  • max time kernel
    92s
  • max time network
    96s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04-05-2024 06:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://download.tt2dd.com/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://download.tt2dd.com/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://download.tt2dd.com/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3928
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1928 -parentBuildID 20240401114208 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c007c1eb-7ccc-4a4d-ad54-ec38c682a27d} 3928 "\\.\pipe\gecko-crash-server-pipe.3928" gpu
        3⤵
          PID:2652
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2348 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 26375 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91730116-1cc0-4096-afbf-7d0251bcad04} 3928 "\\.\pipe\gecko-crash-server-pipe.3928" socket
          3⤵
            PID:2168
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3192 -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24c165cb-9719-4d32-84fd-7db27c6e6df5} 3928 "\\.\pipe\gecko-crash-server-pipe.3928" tab
            3⤵
              PID:1744
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3664 -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3308 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c676afff-e1f8-429f-8346-b214f007d618} 3928 "\\.\pipe\gecko-crash-server-pipe.3928" tab
              3⤵
                PID:1544
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4336 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4332 -prefMapHandle 4324 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91303c5d-b078-48c9-abf1-9098185c38fc} 3928 "\\.\pipe\gecko-crash-server-pipe.3928" utility
                3⤵
                • Checks processor information in registry
                PID:2032
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -childID 3 -isForBrowser -prefsHandle 5456 -prefMapHandle 5452 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bce994f-6e49-47b2-ba6a-53580fd6a172} 3928 "\\.\pipe\gecko-crash-server-pipe.3928" tab
                3⤵
                  PID:800
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 4 -isForBrowser -prefsHandle 5708 -prefMapHandle 5704 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4a136ff-4ed1-479c-a4a4-a2936f9f278a} 3928 "\\.\pipe\gecko-crash-server-pipe.3928" tab
                  3⤵
                    PID:1960
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5848 -childID 5 -isForBrowser -prefsHandle 5924 -prefMapHandle 5920 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2809906b-426a-4d63-b512-c3b0b9a35cd2} 3928 "\\.\pipe\gecko-crash-server-pipe.3928" tab
                    3⤵
                      PID:3912

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA
                  Filesize

                  13KB

                  MD5

                  d90ce39c7e8cd4477240b1c64f010e18

                  SHA1

                  5e04357c67dab56e5d9e0a99ab124d45a9874fe0

                  SHA256

                  eb1e3a24fd2ced4d5be73fdf682a29dda7083fff4752b8bbbe6f004b6aad0d05

                  SHA512

                  20acc72b1fd2af2fbfd7f1e1d1b54ab800a90132665132b10af1af529074ac77cb15e225aaa8f7768cba9b0add1b25dfe368de66507f618764532c0fe39887bc

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  479KB

                  MD5

                  09372174e83dbbf696ee732fd2e875bb

                  SHA1

                  ba360186ba650a769f9303f48b7200fb5eaccee1

                  SHA256

                  c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                  SHA512

                  b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  13.8MB

                  MD5

                  0a8747a2ac9ac08ae9508f36c6d75692

                  SHA1

                  b287a96fd6cc12433adb42193dfe06111c38eaf0

                  SHA256

                  32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                  SHA512

                  59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\AlternateServices.bin
                  Filesize

                  7KB

                  MD5

                  c6b4da371d271cd03b025d0305c7eaee

                  SHA1

                  42a6845f4375622b18fe6053dba4e1ab5d997573

                  SHA256

                  1c5d9e20808775607ad17703077f22ed3385eb7a6de5013af51f01b14c3e3ce8

                  SHA512

                  46eef545246898f4ef0c1894b7e75fb8c9d5484e56e398084e9c112c678e21e7409c693233bb7350fb290886b805d7e3578b97b899b2fb9fd226e6a113e5992c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  af5cb924219867d5e0434d43a8a0585a

                  SHA1

                  4be86967aa32155c87d11836a1f6b8ca6ad04d9a

                  SHA256

                  6cb0583d756a0918039a50e5b3af8518e595a3723565ac0e971fb2ba4e66045f

                  SHA512

                  d35a1f1ebc7155564c9b63c459b1f5c4b6080259e197060eafa289b12f3755113d612df38c7edf6e37f78d6083be8427ebf87e5250c20365e4273895d11938f0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  4f03f861d32809f2a2a99ef2d55ddc46

                  SHA1

                  f5b8df182db6d94c3907f8a78accd69b444b51e3

                  SHA256

                  d33eff009015502aaa2ccd769d9b8282eacb5ef5497c35dffff68d28c0c543a2

                  SHA512

                  0bc9033bae8ba4afcc7e7153be69b6efcd2ce55a89a11c7ff4e67c8665e3430d1a7eeba08fceb305270797f68fce9d6461cc5cd41201ee6a974594bf9450d5ee

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  6KB

                  MD5

                  4ea6848fd9d4629e6e8a4b020f7340d9

                  SHA1

                  458790aeb8a5dff99f8a0efaff3cf3d926ddf6c3

                  SHA256

                  bc1662f7e84b1471a5bf8de22d3445523046eec480ebe4589d3015b373a6dc37

                  SHA512

                  4bc5f170bf1fdfa68b710e5dba532cadcbec13773451382d9c40b8ab24d68257a5d7c70fa333019c85cb6a7ef81186eec628e4662e0cf342bb21288432616237

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  14KB

                  MD5

                  0945a3685d007a8b54885f94c5437e6c

                  SHA1

                  e5311570acdb4373b007ef0bfce1ceaa51e10cb1

                  SHA256

                  503215d2c02f5ea4103ca0c7c79a65ddb0a1dd9d77e71dd850c16f61445558a5

                  SHA512

                  f837ccbe0c1d18f99fd3dd953dc30341b1134e1ace24df28393ce0155d2b8dc4a19b830efb4c22710fb32b8f090cf4fe4a96714716c23545073d56b38a7ebaa2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\4a1b7864-637a-44c3-a3c1-f4e28f164ab8
                  Filesize

                  24KB

                  MD5

                  75241c4c5cedff30d5041f72336cbe90

                  SHA1

                  64fd89490a552646053e29045a60d740a94807b6

                  SHA256

                  b694025b206f2852a37f72e0353c9dcddd2a77b47bb34be2e42db86fa0e9dafc

                  SHA512

                  65ccfa8d0a7161941b4df4832b05ff0cbbf8414e2924880a152b1f5ac017cc802fed2c3545f39d90d546f37d4220d264d221afb6f3f70ab14c35cb1b81c65ea6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\74e97d13-ce79-4a7b-be3c-f6798d8b6f7b
                  Filesize

                  671B

                  MD5

                  c0f1d3ebc77f4ced053038072fb76b11

                  SHA1

                  cd9a8a8b8e8aeed3704b7fa0f5425d60ddf522b5

                  SHA256

                  a12ab09bd59c8d8593d966b7b45ead6da44794330ca35ba1b19acff5109701d5

                  SHA512

                  647bc1e2ecafb5371112888d460a4792add2b633400630f8e65c2094fd6985c3b1779005650374b4558ccf0fbce8697ea29019c10cfc720cf1aceee46164313b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\8d7c9839-ddb5-451e-9eab-e848f75291a1
                  Filesize

                  982B

                  MD5

                  5a8a384521143e84eab9eae498fd98cd

                  SHA1

                  711de07988c37e60a02aa2e47c097bb8088027b4

                  SHA256

                  74664d76739f800b62a532486580899ce9cde0e14ae084ddb1dd1d3c5e261053

                  SHA512

                  c7efdc9f2cc6a18a9b7177e4161eba814ecc49103230e2c6658c776359a39c17b59a2815de681826db808feeda5b47c14a5da50f137443bc597a2be38c672497

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                  Filesize

                  1.1MB

                  MD5

                  842039753bf41fa5e11b3a1383061a87

                  SHA1

                  3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                  SHA256

                  d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                  SHA512

                  d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  2a461e9eb87fd1955cea740a3444ee7a

                  SHA1

                  b10755914c713f5a4677494dbe8a686ed458c3c5

                  SHA256

                  4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                  SHA512

                  34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                  Filesize

                  372B

                  MD5

                  bf957ad58b55f64219ab3f793e374316

                  SHA1

                  a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                  SHA256

                  bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                  SHA512

                  79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                  Filesize

                  17.8MB

                  MD5

                  daf7ef3acccab478aaa7d6dc1c60f865

                  SHA1

                  f8246162b97ce4a945feced27b6ea114366ff2ad

                  SHA256

                  bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                  SHA512

                  5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\prefs.js
                  Filesize

                  8KB

                  MD5

                  eb70e4a749e31a3e788de4fe305c0269

                  SHA1

                  acb269b825d23066084a9fce7dd509d16bbf832d

                  SHA256

                  b0cea5ec325dcdb56577852630c58698ecca08c2774540ca0e3bb774b8897649

                  SHA512

                  837518d20b7b85a8c7e29265ab397df2d1cffe36702208bf2defeb42b66ccd0c5f6001b8289ade466782f993d28d5ae7521898b6c9a21cc678daab7c28c43756

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\prefs.js
                  Filesize

                  8KB

                  MD5

                  92b55472dea70e10bd3fcd2216cf52b3

                  SHA1

                  aa77e23c2b21a3ae18c8fed24f5a69e36fa374b9

                  SHA256

                  5c283cd322a5c302fcdb5a7e0876b453c267d4f5960089c0db27416026c5570f

                  SHA512

                  1deaffe4fa914b808d791a61e87a4b10f559a4a8cd4e64aa89e5ee6ca1d3e93e38a5de1439988022d68004847fafd0a892ac93d53eef95c9f781fea16e1bad75

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\prefs.js
                  Filesize

                  10KB

                  MD5

                  b4d00ab49efe8f16629eeb961983bc3c

                  SHA1

                  3c7a363bf437fb97fb23788ab613b2d3bef70c99

                  SHA256

                  ba878f05fb59602fccc0c4e93c24dd2b6ab30183b8ef053f1b229793c9e2f6b2

                  SHA512

                  6911095e1b2bff5034fdcb082fc94b678c1abe317a14dab157c4d04eb200025b2907b089ee27b8b1865afbfc85e223da3aab1caa515af1254b4e944a2cde67fd

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  1016KB

                  MD5

                  aa3f64016914ef593f1e300a5f392b3b

                  SHA1

                  3eb1b992263426c47d1d91fb8f47903f2eb71eba

                  SHA256

                  e96ebf4bfa5d27ec3242a8229223db8b10c2032fd232454edeefd8e849930ccb

                  SHA512

                  df313e2855da332edef21c8727340dfdde2af4aac9c80a4058968d153fe7ab633051c30abd77d982ea9187ac3f3be25f054c295d4ebd784006aded21614aa357

                  Download Submit