Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://t.co/1QsKn49...

windows10-1703-x64

1

Analysis

  • max time kernel
    13s
  • max time network
    5s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    13-05-2024 16:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://t.co/1QsKn49V31

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://t.co/1QsKn49V31"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://t.co/1QsKn49V31
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2920
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.0.31379245\1916911323" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {348bce25-c6e0-4d1c-9f1b-cb6933e5dba2} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 1776 2382f8c0058 gpu
        3⤵
          PID:312
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.1.1624389680\2061100445" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6018b75d-14b0-47aa-bee1-7f9b14db0da0} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 2152 2382f5fb958 socket
          3⤵
            PID:4328
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.2.1294452871\1067610504" -childID 1 -isForBrowser -prefsHandle 2844 -prefMapHandle 2784 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e364c90f-815e-45e1-be20-14f140df0cd2} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 2796 2382f85f658 tab
            3⤵
              PID:1584
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.3.1710814494\731628631" -childID 2 -isForBrowser -prefsHandle 3404 -prefMapHandle 1072 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2664e8df-b866-4c8c-a5c4-b07f22196ff9} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 3476 2383498b158 tab
              3⤵
                PID:4516
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.4.1010701714\1579097676" -childID 3 -isForBrowser -prefsHandle 4620 -prefMapHandle 4624 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bffe6b99-4e46-4c0a-b2dc-a0a1974767b1} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 4660 23831a6ca58 tab
                3⤵
                  PID:3128
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.5.1230226518\1239655554" -childID 4 -isForBrowser -prefsHandle 4924 -prefMapHandle 4884 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ab7c7f2-637f-48ba-bc9d-8cc8558608ba} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 4932 238366c8958 tab
                  3⤵
                    PID:4236
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.6.119959768\1590859017" -childID 5 -isForBrowser -prefsHandle 4980 -prefMapHandle 4984 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7ec934c-4ead-4e8a-930e-9eeb3c04a5fb} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 4972 238366c7158 tab
                    3⤵
                      PID:2404
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.7.479353084\1709453694" -childID 6 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21d50760-212c-47fb-869a-5cf55b2efdcf} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 5168 238366c7a58 tab
                      3⤵
                        PID:4832

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    f4b247c7a9df2e9c47d19f665593988f

                    SHA1

                    171a6871d4dd44e8988019879f6bed1b2304f470

                    SHA256

                    430d03e916d49c68cb69386cacd781869786eaca401801c620a13e01db2a153b

                    SHA512

                    b6a88af98d6f953d5c3265cf342105b4a34b79967165aae49836b654034359c310bc6b6962ee866f28102305a7513f00d0ed2799e36c9b04a18d9b5134301e20

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\7a8c3246-26f3-4d43-aa84-36d4c7dcbeb9
                    Filesize

                    10KB

                    MD5

                    a2fcd2f12176da72cc12983a74ce7b0c

                    SHA1

                    867271668b3c0e6ce91a6ed4def6879cb3774793

                    SHA256

                    1da029d4a6832457f1c01e64990add24afc4b5254f51c0effa2a8ff1944fb784

                    SHA512

                    a006c9b87fcae3d4dc3f046de588fc39ac4b15edcf5477693521b2a3fb18f46542767a35665873917e053a44e30af8303c261f99c28baa289ee186fc115ec05a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\f6db7cf5-9b0a-4ad2-abac-91e082ba98aa
                    Filesize

                    746B

                    MD5

                    9d9de680b2931f6c10df1c59582c58d8

                    SHA1

                    68ee0c2bf9e5f9b5d1de871aac0dea2ea59ffb16

                    SHA256

                    dbae031b20cc9f509d7d3cd1bdbfb2b1db73b712dab82122cba155e110e41ae2

                    SHA512

                    e85309c667858e39b20427e011f1f352d91e9d91409fca279784a638ca166c1affdb8395142318e70b0342173e5b2698d2a4f255aff5332115726fa8f5ed4fb7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    5e866b863e12e9afd925bd1a36043617

                    SHA1

                    45428a0334ca2a211dd394bf942b7d735f81a273

                    SHA256

                    cf3d194c260d8939480a75989a6da4ae5e0e55466133797b4c4db95a0a84af3e

                    SHA512

                    63cda34505f77cf9e5ff8aa050468391955de850fd2c5424ed8947cbeaf141b9a41dbd2100427a9af063080e3207bb48186072f351122ff4bc37094a98a736d1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    ff6236ce5c6cc278900753ef76a77bcf

                    SHA1

                    f55fa592a5a2717e615353f4ae1e6a71b8a3cf61

                    SHA256

                    ebf763e7b905b48de82c892d918ebbe5551821f9af4a86675ba3ee11d1959393

                    SHA512

                    7e8015bf38e7399a276bae4b3747d9a5451332ef2b11b66df29d649c02615591a5c31ddb8fac10dd45f24f911682cc5564f1ca234bbb721e098095984e7847d2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    7a67c83e326d8ed214898f32ba86518f

                    SHA1

                    e2cef46961a4422696140eb3f720a8ca999d5d93

                    SHA256

                    2ebc8c4219a8025a3248fad0c7ba08108583b8f27e67854e7650847a6029552b

                    SHA512

                    5bc4bc619424cc30f9f200d720491400f97d7e8475ae86caec3ecc80251d12138ac049e7ba73275415e0ba3aff64fdb4650213eec3300359195384c98bfc7b3a

                    Download Submit