Overview

overview

7

Static

static

1

URLScan

urlscan

https://llective65.d...

windows10-1703-x64

1

https://llective65.d...

windows7-x64

1

https://llective65.d...

windows10-2004-x64

1

https://llective65.d...

windows11-21h2-x64

1

https://llective65.d...

android-10-x64

7

https://llective65.d...

android-11-x64

7

https://llective65.d...

android-13-x64

7

https://llective65.d...

android-9-x86

7

https://llective65.d...

macos-10.15-amd64

4

https://llective65.d...

ubuntu-20.04-amd64

4

Analysis

  • max time kernel
    58s
  • max time network
    67s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-05-2024 13:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://llective65.de/invite/i=63719

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://llective65.de/invite/i=63719"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://llective65.de/invite/i=63719
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2264
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.0.1562262192\1299714134" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9c60e7e-59f3-4927-aa6b-720dceb42e79} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 1980 1f0110cf958 gpu
        3⤵
          PID:1892
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.1.1736235722\1285501173" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77fdcdae-df0b-495b-89e4-798ed1404531} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 2404 1f010efab58 socket
          3⤵
            PID:3420
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.2.209229882\1054858877" -childID 1 -isForBrowser -prefsHandle 3132 -prefMapHandle 3112 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae2783f9-cb9c-40de-a1c4-16e2f715e495} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 2992 1f0151da058 tab
            3⤵
              PID:3180
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.3.405182608\821315702" -childID 2 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa6537a9-5c03-44d5-bd0c-c96df917fc6f} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 3916 1f07716cd58 tab
              3⤵
                PID:1684
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.4.503362841\225159215" -childID 3 -isForBrowser -prefsHandle 4656 -prefMapHandle 4744 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8da4ed10-ccdd-4438-b09b-7e972d1c2d10} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 4756 1f016906758 tab
                3⤵
                  PID:4556
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.5.153208290\1685584423" -childID 4 -isForBrowser -prefsHandle 4772 -prefMapHandle 2752 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d9541ea-0667-467e-85cb-394f530e04b6} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 4032 1f077163258 tab
                  3⤵
                    PID:4316
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.6.1164772441\839709453" -childID 5 -isForBrowser -prefsHandle 5092 -prefMapHandle 5096 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a861ee6c-2dcb-4ef9-97fe-828aa9091821} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 5072 1f01777f258 tab
                    3⤵
                      PID:1108
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2384 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
                  1⤵
                    PID:5856

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    442KB

                    MD5

                    85430baed3398695717b0263807cf97c

                    SHA1

                    fffbee923cea216f50fce5d54219a188a5100f41

                    SHA256

                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                    SHA512

                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    8.0MB

                    MD5

                    a01c5ecd6108350ae23d2cddf0e77c17

                    SHA1

                    c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                    SHA256

                    345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                    SHA512

                    b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    3KB

                    MD5

                    1747035fbb7b9409ec0cb6761d2a5afb

                    SHA1

                    66b00468321d4a4032d3320ed236a6508c6a0208

                    SHA256

                    b25d42a0bba35fd64505cad1a1da6b6079dbc72bd06c1398aa653411f38b9039

                    SHA512

                    c231b2d3faf0ee9ede40ae0e22d64d61d0d5d01eeaf732e4149ac4fda7c26d35e8fc7edfedb3fbc4b9a9cfad732c989a0e480dc01e4088ba07e8d35e5b45a12d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    5d1fc283239b2ce7fa64421c2bb7120a

                    SHA1

                    6f0fb5dbc71e9bb810733ee55bfb146279d88b95

                    SHA256

                    f5ff98e68e6fdb8777a8e8878a29665b1802173668209c6748d0cc9935e84af9

                    SHA512

                    7a119ca39f21c261c1f6593001afd4d635ba9a6ed1b6f615743667b6263e04955861624d29b6350de77bd61492f5fa0b4d89737635cac5cfa41d329deaa4df48

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\6ea795a3-71c2-47f6-a4e0-ecd851a71e9b
                    Filesize

                    11KB

                    MD5

                    b467321fac51ea457b07f978c3863bc5

                    SHA1

                    b6a53a07a154240e806bb3c515f5ad81981f6e14

                    SHA256

                    0de4860118b03d8c7a9fb5c5615fae62ea6c7bc31bd14bbefedbd3be3c814c11

                    SHA512

                    03d00e2716ce512b62054e5996d0363566cfa6b9ae75adcd3164625669c352e93a7c1ccd3949ac8a12de0adc1c9d6026ab57df675b18f6531d0af1874f2e4635

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\8ada20f3-6a21-4cc5-8b50-e6898cdb1409
                    Filesize

                    746B

                    MD5

                    39db96a684ad4120ba614c64dd9457ad

                    SHA1

                    53dbe73c74e22f405b41da2317e777c94a7f1050

                    SHA256

                    dd986342f872aef6819dc00e7d73e87f1f879a86a901deda178345620e4c9f1b

                    SHA512

                    cc972b5d84a08f236be85535b217ff06ae1e9c9e8fdec2f111c99853864824d4fd31eb4bde25c5249ff88ff79d27fc118b11d21ca45a919335b6cab1d9612c39

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                    Filesize

                    997KB

                    MD5

                    fe3355639648c417e8307c6d051e3e37

                    SHA1

                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                    SHA256

                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                    SHA512

                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    3d33cdc0b3d281e67dd52e14435dd04f

                    SHA1

                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                    SHA256

                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                    SHA512

                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                    Filesize

                    479B

                    MD5

                    49ddb419d96dceb9069018535fb2e2fc

                    SHA1

                    62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                    SHA256

                    2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                    SHA512

                    48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                    Filesize

                    372B

                    MD5

                    8be33af717bb1b67fbd61c3f4b807e9e

                    SHA1

                    7cf17656d174d951957ff36810e874a134dd49e0

                    SHA256

                    e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                    SHA512

                    6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                    Filesize

                    11.8MB

                    MD5

                    33bf7b0439480effb9fb212efce87b13

                    SHA1

                    cee50f2745edc6dc291887b6075ca64d716f495a

                    SHA256

                    8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                    SHA512

                    d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                    Filesize

                    1KB

                    MD5

                    688bed3676d2104e7f17ae1cd2c59404

                    SHA1

                    952b2cdf783ac72fcb98338723e9afd38d47ad8e

                    SHA256

                    33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                    SHA512

                    7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                    Filesize

                    1KB

                    MD5

                    937326fead5fd401f6cca9118bd9ade9

                    SHA1

                    4526a57d4ae14ed29b37632c72aef3c408189d91

                    SHA256

                    68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                    SHA512

                    b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    0cf2d494c7127c627f822c8256123cbc

                    SHA1

                    81bd1a8b9e185eaa906bef472633de7cd25d3d2c

                    SHA256

                    291d6b0e34d0d431165173c11d1f6b29dbbba750e4663cb116751049689076d0

                    SHA512

                    ea55d9f6f3c3faa94927b61dd9c139ba7a60e46b43c9b18f4977c85d2d983aa40cea31dec4358a87e20e25f2dd3fa82890103349f2ad0d76637b6687f41c84fb

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    2a14ecc3bbccfc34c3af0e1416fd7315

                    SHA1

                    6636fe62049ca1fed9b74733e5db7e7be87508c8

                    SHA256

                    9f2105c4082a5b4a90ebe28c3825956fd9324f8c0fc252828a311b6ac9edbb1d

                    SHA512

                    e698e3e0aec5cd8a936c2177dfc066758a28d4559f5d7cc3a1924f2ca43f7e8f3c7b85c84dfe059ddf05e5320492048831ba0f87c5d479a519df1b83302726b1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    42b629c9f3efb24be8cde1846d8e9c8a

                    SHA1

                    7cd96d0867ae0ef8522dfbe9cf0fee1cff913280

                    SHA256

                    a05ade159a3e7a9dc3635b52fa37344c1285badc306d8c743f1b1a96ea86bc78

                    SHA512

                    ca6f13fbb97b63abf15e5eb3339279da497e6faf365a839355e112ad728bc1f9af469b9a3f0766b4267dd5cf9f0a588177116a4a26e2fd062dbd0d63c1907e47

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    99422b4fff4ba9c87c35cd0246431ff2

                    SHA1

                    63985dcf6402d02a47ed9c83e91c996a24211e1f

                    SHA256

                    6e94aa2bc7ea113f90e5e8ee91a4c2cb227a87c53e0b6158b0f64c9d67fbaf26

                    SHA512

                    03158de2e55e35d208982cc4bcd00bbde0d2ca71986540dc6e409bb510f3a5bb9027956d848ca848c09c987f346209bb6d80cd144efc013061aeb8352b9f06cd

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    aa020751f55c96ee2851be5cf8fefbd8

                    SHA1

                    c760df779a7195af6a4d012d5cc93e5aa0b544b2

                    SHA256

                    0a6f9f794a0ee27d218f96093bd9587f715fe69851bca54a059986af42ecde97

                    SHA512

                    a48f9604eb4298843f6d1fe7cd06712071c6f8c46145bedc5035a13b0d308099848329387e2e3045bafd8a85c4edd2836803302fa4941ffa2b9d465894902466

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    0c8d5ebe445c26c5dcc8421247a73230

                    SHA1

                    16d500324f177662d26e33249622631ca4f4e90a

                    SHA256

                    306c05433b81717940c82c70958794be17eb356f1f134fb593a475c1d37ca884

                    SHA512

                    431a86872fb351676bd0bd82e71487b86d8560e207ca3bddcd4e930e929d1fa7732944a08dcb36f8b52b4a71064e704d98d21ec921a390c2f3a07dd101524ae4

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    60309ae96c6af41fd96ecc55827f31a4

                    SHA1

                    9b7785334f85b88f7def5b309b517a1d977a2428

                    SHA256

                    a02ed74d2f388f085dfdc3d36b7e6bf94b60d49a8629f5c89e93e93288022d6a

                    SHA512

                    6d608eaa8e7bad7f13b17b7d91504d5a337cfa637e8501add7cc436af671de738ab9400e29b138995d51c789b9a89b09cbf15386523614566cbc9b7a33af128b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    184KB

                    MD5

                    89fb414d778d11d3a12991de60301815

                    SHA1

                    1d7a63ca92d9ad28930ce2feaac8c71c3f699ef7

                    SHA256

                    935ba660008416f0b46a028a709944f11f9c2858243a2f7bc0b57aa1d96314be

                    SHA512

                    49f06dc78f2e08621ba4ed19925d8c7ed040502f13edaeedc7df3d675e77417d8b7b3c0b3feaf7f4fcef989091b363f5af1fa9258de57cee5bd904e1d7a31f9b

                    Download Submit