Overview

overview

6

Static

static

1

URLScan

urlscan

1

http://13.107.246.45...

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 13:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://13.107.246.45:443

Score
6/10
motwphishing

Malware Config

Signatures

  • Mark of the Web detected: This indicates that the page was originally saved or cloned. 2 IoCs
    phishingmotw
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://13.107.246.45:443"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4052
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://13.107.246.45:443
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4036
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.0.1086660356\926768590" -parentBuildID 20230214051806 -prefsHandle 1816 -prefMapHandle 1808 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17cd8477-7b60-499e-96f7-6530f276cb98} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 1908 153df526f58 gpu
        3⤵
          PID:1740
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.1.597889097\385510414" -parentBuildID 20230214051806 -prefsHandle 2468 -prefMapHandle 2464 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8f1e4de-4cb1-47d3-8403-7591f0c591cc} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 2492 153cb184b58 socket
          3⤵
            PID:3648
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.2.372416415\1663660579" -childID 1 -isForBrowser -prefsHandle 3044 -prefMapHandle 2808 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b77c609-190d-42de-9edc-63583653bf1e} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 3052 153e2546858 tab
            3⤵
              PID:3196
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.3.355773912\220744719" -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c23d2d76-4624-46bf-9d35-7d5fde47c726} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 3668 153e3faf258 tab
              3⤵
                PID:3452
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.4.1108605288\602915467" -childID 3 -isForBrowser -prefsHandle 4928 -prefMapHandle 4932 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {193e60d7-27ff-408d-90ce-6bd01843d6c0} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 4924 153e5e09758 tab
                3⤵
                  PID:3168
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.5.1463971181\622436927" -childID 4 -isForBrowser -prefsHandle 5212 -prefMapHandle 5216 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {588f7899-4160-43d1-a7bd-ec2111476691} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 5200 153e5e0b258 tab
                  3⤵
                    PID:4548
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.6.2083985200\388265990" -childID 5 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9ed03a0-dc91-4650-85d0-c50713385659} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 5388 153e5e08858 tab
                    3⤵
                      PID:2116
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.7.1782329059\1205740240" -childID 6 -isForBrowser -prefsHandle 5580 -prefMapHandle 4920 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0d2a0c5-a4d7-4537-abfe-e465d7548ff9} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 3608 153e2a15258 tab
                      3⤵
                        PID:5532
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.8.1329245889\576275159" -childID 7 -isForBrowser -prefsHandle 5468 -prefMapHandle 3132 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18bc8f04-06ea-4143-8263-4bca092768f7} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 5112 153e2a17058 tab
                        3⤵
                          PID:5540
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.9.104575198\1270488956" -childID 8 -isForBrowser -prefsHandle 3580 -prefMapHandle 3836 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77dd24c7-ceb5-47a0-8d94-f56f2df0ca1d} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 3820 153e2a15858 tab
                          3⤵
                            PID:5548
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.10.90898150\1662043771" -childID 9 -isForBrowser -prefsHandle 5476 -prefMapHandle 5376 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f82a297b-e886-4409-ad03-d8637196fd3b} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 5192 153e2a16d58 tab
                            3⤵
                              PID:5988
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.11.842391596\1230842492" -childID 10 -isForBrowser -prefsHandle 5248 -prefMapHandle 5244 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d2d59c3-5138-42e5-b190-ba27681bbf16} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 3020 153e3adb558 tab
                              3⤵
                                PID:3428

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\activity-stream.discovery_stream.json.tmp
                            Filesize

                            25KB

                            MD5

                            4c3127f12474ee4f78ef809ff0a318db

                            SHA1

                            114cd4799d267cf9a85dbc59eac0788eb96ea3bf

                            SHA256

                            00198672bc482101d4008cdd986a1ad5b67eac7feede8c3a5883a6299cea7bd3

                            SHA512

                            76ae5ba2fd93ffc72d887194d868360d529e4758038984a473e909cdbd1dbc1e04ddfebb5f1581d340e2ba05593d2a28b7f0363b735df347699615d1e6b5238d

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649
                            Filesize

                            13KB

                            MD5

                            45c090ca7cc7ad38a4d7d754b8733c0b

                            SHA1

                            bd9c2466b517ce01726ad7f37e6af09e2d8fce1c

                            SHA256

                            3b2544c77e2121321d11baa3d8d87a672908d4f781cb13ce05f76a467499f18e

                            SHA512

                            b34038c3264fb82a32ac0acc7117e2cde3b915e2a5ba62572078d3529bb118b77c55f19f786516286794c2b9155d8b26cf5fde876e506b89d698d5bd7b1120e9

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                            Filesize

                            442KB

                            MD5

                            85430baed3398695717b0263807cf97c

                            SHA1

                            fffbee923cea216f50fce5d54219a188a5100f41

                            SHA256

                            a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                            SHA512

                            06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                            Filesize

                            8.0MB

                            MD5

                            a01c5ecd6108350ae23d2cddf0e77c17

                            SHA1

                            c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                            SHA256

                            345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                            SHA512

                            b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                            Filesize

                            997KB

                            MD5

                            fe3355639648c417e8307c6d051e3e37

                            SHA1

                            f54602d4b4778da21bc97c7238fc66aa68c8ee34

                            SHA256

                            1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                            SHA512

                            8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                            Filesize

                            116B

                            MD5

                            3d33cdc0b3d281e67dd52e14435dd04f

                            SHA1

                            4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                            SHA256

                            f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                            SHA512

                            a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                            Filesize

                            479B

                            MD5

                            49ddb419d96dceb9069018535fb2e2fc

                            SHA1

                            62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                            SHA256

                            2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                            SHA512

                            48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                            Filesize

                            372B

                            MD5

                            8be33af717bb1b67fbd61c3f4b807e9e

                            SHA1

                            7cf17656d174d951957ff36810e874a134dd49e0

                            SHA256

                            e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                            SHA512

                            6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                            Filesize

                            11.8MB

                            MD5

                            33bf7b0439480effb9fb212efce87b13

                            SHA1

                            cee50f2745edc6dc291887b6075ca64d716f495a

                            SHA256

                            8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                            SHA512

                            d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                            Filesize

                            1KB

                            MD5

                            688bed3676d2104e7f17ae1cd2c59404

                            SHA1

                            952b2cdf783ac72fcb98338723e9afd38d47ad8e

                            SHA256

                            33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                            SHA512

                            7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                            Filesize

                            1KB

                            MD5

                            937326fead5fd401f6cca9118bd9ade9

                            SHA1

                            4526a57d4ae14ed29b37632c72aef3c408189d91

                            SHA256

                            68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                            SHA512

                            b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            e5362ef18b4a64f0734d9c81ee94ecfd

                            SHA1

                            518c7117c52c5bd6ace5e60af51d45b90ab4f06d

                            SHA256

                            eb4d00f4899f9f96c8d6bb290598bc64dde591ef22950ec10058503d4fe1ef8f

                            SHA512

                            ef4ae864174895a4db6e7e57195ccc492714a375226e1e4c65da4b68ec9f3a086bd312a0e361844ce4d714c48cfdb6c1fc05ce2e85109060f9fd344d76f45fe9

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
                            Filesize

                            7KB

                            MD5

                            3638725a480fd91b1d18f69ffed78f44

                            SHA1

                            43744130ce0d1eb03ab7abd3803a8e2757b252f4

                            SHA256

                            8b570dba654a41c6faa447d81ed896ff2ae8bffc78fa8d0c5edfb677f14aef31

                            SHA512

                            1bfb23b537f490a9d3499515a6f94647ec240c60273f3c6ec1bb8586f9c8ec5b8a001b3c54aaebb1b33f35606be226fb80f09d42f19f65089d4b325af549b70a

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
                            Filesize

                            9KB

                            MD5

                            51ffc71bcfb008e1ffe4f07a5ed00d83

                            SHA1

                            423b3ba3aa233609614b370895d163f72de8088a

                            SHA256

                            5572a5ce4c258b0551c77e651d7ab8368619c610d170a2cb4044f4c9f88adc3e

                            SHA512

                            8102784da494697eefee3ae8ff5f9af98af077284fea7b8974313b721a37968e4e124c63ae4edcaa06c7e0f61337b54f9b4467649ffcfc45f0951a22e999605f

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            8e9c7620627db2d740f4afb74f5337a4

                            SHA1

                            51ab5d34e2914aeb31362eeed1bb80cef565d406

                            SHA256

                            58c2969565cdd79d0cdcb2d28fea37db24dcde1c3cc9be13cad3ac4393db8b29

                            SHA512

                            04b5160d249eeca82b11e7cdddca3ef944aa830ae25dcc57e7f473d86ecf7d136634a1858b46d0e0bf575431ab56b0b733f5c9d582318a8cd99ec6ad7f3e1240

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            659c95ca6aa97b38701a281c3a46013b

                            SHA1

                            f5a938c88ae2073582f523706457fe282c55a4c6

                            SHA256

                            cc0d7c75a3c8aee00c278f71757ce7034779c237b8ee9f179aa807a4a5122305

                            SHA512

                            f2054baa568a693a5895cf10182479a7cb4cbe9bd2cd6ddb58aa2bc8dab3995bedd231d9b88121d2684a7d633761c3bccadedb2b2e2f493ec7ecf306feb50a49

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            3KB

                            MD5

                            7eebba023a842138a0af3ab16b46603c

                            SHA1

                            e71a6f0b6ca610eec5bb266317216dbd2b17b5c7

                            SHA256

                            3ef6d3dd34de81e6aa5dc9f469943dad2a5ab34235d4b702f38e06fabea11786

                            SHA512

                            c00a46fdaf0361a49e5b2423324353407b27f82532af72f0103ae6a1036d22bfe39811bd7b9ab97c5b8b3d6bb4ba252e6e5feb438cf8d6835db3d2c0c858f5e9

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            615c26fe54d1975db372e737a26fd5c2

                            SHA1

                            5b6cb346f8ee86557e480e1c35f542feeffbc986

                            SHA256

                            4511d243107b5b300c4609f7c4cdc710b4db46a060130d865060eb5418ac76ed

                            SHA512

                            bbf4b6666e1d5576b41ff8e36adac71fcd1804b36e65ea6af3c82f83aebc68807642d857131229b8916c776412a5522850eae50331f7914fd11f40e32f17bd28

                            Download Submit
                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            3KB

                            MD5

                            ae463c0443c19afe7162b75759f0cffc

                            SHA1

                            e012204d85bf1d22df69b0c076c67976ca68bf99

                            SHA256

                            ea2e873acb7eea69417b09acc2efeb3a6ddcc35d00ab1da6e279833bed67511e

                            SHA512

                            1316ce7210e49b95add45d640f3d2b5197298e1389b0986fce09aa4e903ef90d5197bf6230da3a2f4b779ddaae7e7374eaa221114671040b335dfd6d4764eab0

                            Download Submit