Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://179.14.9.152/

windows10-2004-x64

1

Analysis

  • max time kernel
    32s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/05/2024, 11:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://179.14.9.152/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://179.14.9.152/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4480
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://179.14.9.152/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4812
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4812.0.723251024\1560300900" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e79a498e-87aa-4476-8f92-911f469298d3} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" 1840 1b53970da58 gpu
        3⤵
          PID:4412
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4812.1.1360805167\180911439" -parentBuildID 20230214051806 -prefsHandle 2476 -prefMapHandle 2464 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f73506b-e391-4a0f-b3be-6b68ec064e71} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" 2488 1b52538a558 socket
          3⤵
            PID:228
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4812.2.819209046\1986757708" -childID 1 -isForBrowser -prefsHandle 2676 -prefMapHandle 2812 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3845e374-6c64-4d27-be9f-7d03ead71f28} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" 2788 1b53c74e358 tab
            3⤵
              PID:2020
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4812.3.299351863\844881120" -childID 2 -isForBrowser -prefsHandle 3944 -prefMapHandle 3940 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6a3e4ea-bcd6-4f25-b02c-a34840c8feff} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" 3956 1b52533e858 tab
              3⤵
                PID:1100
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4812.4.1288683407\1295579499" -childID 3 -isForBrowser -prefsHandle 4780 -prefMapHandle 5012 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27317991-8d34-4701-be8e-1cd374ba1d98} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" 5040 1b53f71bb58 tab
                3⤵
                  PID:1532
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4812.5.615922527\61961765" -childID 4 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {464b656d-4876-4f97-aa86-41e32e89ba90} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" 5140 1b53fb1d558 tab
                  3⤵
                    PID:4632
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4812.6.1847818651\2071455553" -childID 5 -isForBrowser -prefsHandle 5344 -prefMapHandle 5352 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cd6be29-b3e5-4ad4-a3e3-df8a566d1ba6} 4812 "\\.\pipe\gecko-crash-server-pipe.4812" 5336 1b53fb1de58 tab
                    3⤵
                      PID:3668

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        26KB

                        MD5

                        924af9195f101c0ed5e25dea5c9845e0

                        SHA1

                        9d8d01dea7f84a46e4016cfe5e0b059ad95ba56c

                        SHA256

                        e3778292b54fb6ee296e1446b34b6897820ddc4d8044ad4b44baec50a2b14df0

                        SHA512

                        841ade6d59b196319af3fbfcf323db31b9bca83dfb4a05a3973c139e57f36e2b81ae6f745ee8e75f46156b671ff15a7918a01baeb6bd99067c5a743e8ea4cac8

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js
                        Filesize

                        7KB

                        MD5

                        c22a243a2e0927930c8cc26e04878ccc

                        SHA1

                        da34fef4b9b6d7fd10d2c85b497b31993a660947

                        SHA256

                        031f19c3a9fd7c7e7ef16857947dac3464f6729d96d6393901745f21ac4f526b

                        SHA512

                        f1c83c89b5ea06621ffb81fd958c3598c355820cf41206b66d797b3e31d76663d9a6cde513c221285f7a3c2adb48fbd73f222d8860ee657dffc9949bc9357147

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        121872989e6629f681cf7f968813cad4

                        SHA1

                        69f35d4d376cbab05a033966e39fa243a14f12c9

                        SHA256

                        399d6cc4438a56f331e81f2b3618eb512b095329bf2fb9695d2224b1e19753d4

                        SHA512

                        5455df671c233c6d7999f71e70d46385e4ba8dba958e496d048ec9cafbf91aeb99580f4c5b52a36fb574d513ee159b35634a07e281f53a1c28a62bc0002d5e3d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        17807e10f62aa5c06804bc5750c9d678

                        SHA1

                        eab4e4cdd995f351f0897a372dd52d0d4eb8f408

                        SHA256

                        2d5028b1101d5ea7ed601946027c1a9a483ab24c6a7ae1258e1c27e373a95c34

                        SHA512

                        cc0c3720abb3b289fef8a9d5f9883b4fe7b506b6955164d637344d78742a228af5333faee2a7adab0c35fd1a6aaf795bd7378c355f10c6c494f9f3bddc5f101e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        ea34c5bfd2b339c0805dfc712922790a

                        SHA1

                        5a2cdc6cee9b8d687cc396e29ba435c6e130c760

                        SHA256

                        aca75185276e63777ca3fb35a92ee370e800f8a0696ffdb29f14b44385e9b1c6

                        SHA512

                        928ea35f01242552122cc75b4dd87a8beb0a60e10cf41348e92d1f530d55046917eae95881e1b40a04b578312ae02a93d3b43c506c1d9d88910e9d5be70d1db4

                        Download Submit