Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://sukegarakyou....

windows11-21h2-x64

1

Resubmissions

07-05-2024 22:11

240507-1395gsdc92 1

07-05-2024 22:10

240507-13rm5sad8t 1

Analysis

  • max time kernel
    7s
  • max time network
    12s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07-05-2024 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://sukegarakyou.yotube.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://sukegarakyou.yotube.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3720
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://sukegarakyou.yotube.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4252
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1940 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82f53d9f-3442-4784-b138-4b3ac9f70ec6} 4252 "\\.\pipe\gecko-crash-server-pipe.4252" gpu
        3⤵
          PID:3556
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a69381bf-8ef1-4fc4-8eda-a6fa167d8ee5} 4252 "\\.\pipe\gecko-crash-server-pipe.4252" socket
          3⤵
            PID:2464
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1252 -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 2840 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8acc737d-b1f2-4cdd-9627-0b34d5662bde} 4252 "\\.\pipe\gecko-crash-server-pipe.4252" tab
            3⤵
              PID:3012
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3664 -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 2584 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {537ed851-fcfa-495e-ae8f-124ccc03506a} 4252 "\\.\pipe\gecko-crash-server-pipe.4252" tab
              3⤵
                PID:4900
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4776 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3628 -prefMapHandle 4760 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61e83910-9025-44f2-84a7-51d91d0464c0} 4252 "\\.\pipe\gecko-crash-server-pipe.4252" utility
                3⤵
                • Checks processor information in registry
                PID:2620
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -childID 3 -isForBrowser -prefsHandle 5440 -prefMapHandle 4444 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd98e86e-02af-48a8-afbb-e22e947f14d0} 4252 "\\.\pipe\gecko-crash-server-pipe.4252" tab
                3⤵
                  PID:4392
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5608 -childID 4 -isForBrowser -prefsHandle 5616 -prefMapHandle 5620 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82c14300-b06c-4915-8fb5-953c9aa27d0b} 4252 "\\.\pipe\gecko-crash-server-pipe.4252" tab
                  3⤵
                    PID:4444
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 5 -isForBrowser -prefsHandle 5808 -prefMapHandle 5812 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3c980e8-f1c3-4451-b471-712b69210a29} 4252 "\\.\pipe\gecko-crash-server-pipe.4252" tab
                    3⤵
                      PID:3264

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  361f9780a220fabdff3fed56bf3a083c

                  SHA1

                  e2b52122d950fe749e2e8563b872eae39d7f3a24

                  SHA256

                  4133cb25eb101c1dc3f0a3341265aeae32ed178d25700de1d0d28ce85b59572b

                  SHA512

                  34129d45c9161178fbfae504c6f503f9113da2f640e0fca1084b53436581f25335433b44954e05c17aee05062774ee0f57aa4a5dc6eb45a609cb795e3901eeaa

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  31522ab9bbd415c6fb61783204037a6b

                  SHA1

                  249a1831e8b5017ad756ce7e28e4849d2a16a61d

                  SHA256

                  10c0f3078d0656220028dd9f24fe410b87486498de1f0af187a6286eaf368549

                  SHA512

                  aef655f4b650310d76ef58594f7400e01e8c25a6bae0d577c80a198c080c44c6677e69870589e911ff59cedca4ffb4bc0eee8d183aae538db5e9747442b105f0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\54f0394c-28a1-4ca6-9c74-ae8a9e0ce6fe
                  Filesize

                  25KB

                  MD5

                  108934d10720644ff7620234ece3e66e

                  SHA1

                  aeccd3463c18b93cef75846dec29dce8a8f0bd10

                  SHA256

                  df17602191b913214c5468f6975ef843f9590cf3de62db1b748ea66b2a8d9795

                  SHA512

                  7fb28a445edc42a0c7be8322ddb3120f32bd1e12a6d6758535982b9deefeaa8ae9118990474ad31e48340c1f53cc7c447adce9ea14ae5b7997ffc90b1868ee56

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\6292be1d-28db-4fa5-ba9d-138d5d591e47
                  Filesize

                  982B

                  MD5

                  f9f62ef58c83189d2fe67d84aad9515a

                  SHA1

                  49c9b1635159496a0af4968ec2ed8b3a365b069c

                  SHA256

                  926d0f46cab7d62150a66d268b731f17fa90ccd5919363e44161c1662b9a6737

                  SHA512

                  c2538719326737fc8c9091f8509434616537bafb157ae1d6b8e7094bcf72abaeba67c0466e40fac6bdbc9cc1aebcd3037f4c3f0746751e9861d4c9a8027cc109

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\ea486528-314a-4055-9a38-615ce9686849
                  Filesize

                  671B

                  MD5

                  adca5de9f35401d7851815010262736b

                  SHA1

                  8ce0a91d9397f5ef3d0448764a5e6e1cbff83f32

                  SHA256

                  c3620cdb56696462920496f06baddf69ee8dcc9f4b5b321d03e1bb37850e3113

                  SHA512

                  f59a0a49d56c5baebb0c4642ff1f6ccb3c7fe58c35bea2bbc64937092518042d8822b8fc4480b644123292b2de2b343ba4f25d9d1b1f04f927bfd8d2bd07adbe

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  d344ad440953495e0b5fd48fc0e58418

                  SHA1

                  26ac4090b043c2cde8120ac151ee2a19b8cf26ea

                  SHA256

                  81ae60f8d7001f232bd417071dafbf6a9740d6ccc2579b9efb1101f86cb9228f

                  SHA512

                  da3c7c1b333b9920aab53fd84e65377d4ff5d5e0e0d2115705ef71de9a36384275db75a435f252daf345eaf7b79607d5cd50d1bc09c7e84a3dd3cf8641ed8fa5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js
                  Filesize

                  8KB

                  MD5

                  a3da4f9ee06fe8fe2f35a61640acea91

                  SHA1

                  a6172830ceae26e7db8be45076db5a3216bb5590

                  SHA256

                  07398c0ea1fe96cd28a21bf8c6a3c924a40010668f12341e8e63f466315b9169

                  SHA512

                  944e4ff2703c87d91b212238f18a2800f8092bca3fd611bd2d9a483cc82204b828dde740e635639b1d31a2320281509496d2ac8d955e2048938202d43a8e9524

                  Download Submit