Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://antispam5.xe...

windows10-2004-x64

1

Resubmissions

21-05-2024 14:38

240521-rzt5eshd23 1

21-05-2024 14:29

240521-rtl7mahc4v 1

Analysis

  • max time kernel
    62s
  • max time network
    65s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 14:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://antispam5.xefi.fr/invitation?lang=en&id=17861d30-b8ee-4fcf-9cdb-fca5fafe137b&utm_source=DA-en&utm_medium=email&utm_campaign=no-robot&utm_content=onpremise

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://antispam5.xefi.fr/invitation?lang=en&id=17861d30-b8ee-4fcf-9cdb-fca5fafe137b&utm_source=DA-en&utm_medium=email&utm_campaign=no-robot&utm_content=onpremise"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://antispam5.xefi.fr/invitation?lang=en&id=17861d30-b8ee-4fcf-9cdb-fca5fafe137b&utm_source=DA-en&utm_medium=email&utm_campaign=no-robot&utm_content=onpremise
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4792
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.0.1400802683\1594346638" -parentBuildID 20230214051806 -prefsHandle 1796 -prefMapHandle 1788 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {569925cb-ab7b-4208-9b63-f4965c9d810a} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 1888 1c485c13058 gpu
        3⤵
          PID:4068
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.1.669536708\1241326091" -parentBuildID 20230214051806 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae530c22-cac2-48ed-87b6-88c4694873b6} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 2488 1c484b29258 socket
          3⤵
          • Checks processor information in registry
          PID:2664
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.2.548362179\1777123511" -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2992 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1088 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {154d274b-89d8-4314-932e-4911f8aeec21} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 3008 1c488349558 tab
          3⤵
            PID:4040
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.3.350319354\1660652752" -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1088 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae16c049-4690-4777-8b09-dfcdadbad64f} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 3680 1c48a8d7058 tab
            3⤵
              PID:4612
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.4.1443366400\440969054" -childID 3 -isForBrowser -prefsHandle 5108 -prefMapHandle 5100 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1088 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d35d7d3f-fa56-492e-9c42-dcc62dc10649} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5092 1c48c494d58 tab
              3⤵
                PID:1976
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.5.376901801\980801829" -childID 4 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1088 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e1b0b43-5cc2-4e82-a145-05febb3bb4b6} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5220 1c48c496e58 tab
                3⤵
                  PID:1512
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.6.411702378\562381915" -childID 5 -isForBrowser -prefsHandle 5424 -prefMapHandle 5432 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1088 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc225fd1-4f5e-4b07-ae8d-4e258583e29c} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5416 1c48c494758 tab
                  3⤵
                    PID:1156
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.7.221880685\1588528770" -childID 6 -isForBrowser -prefsHandle 3612 -prefMapHandle 3624 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1088 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec839bb8-1b37-4984-b3e7-b24d6f5ea22b} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 4640 1c484b27d58 tab
                    3⤵
                      PID:2108
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.8.54048770\85138284" -childID 7 -isForBrowser -prefsHandle 5852 -prefMapHandle 5896 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1088 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {537bbaa7-ccbb-47d7-8cc2-51abdf304d55} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5944 1c48ce1df58 tab
                      3⤵
                        PID:5364
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.9.1721249689\721344885" -childID 8 -isForBrowser -prefsHandle 3580 -prefMapHandle 5796 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1088 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {385dee53-53c6-4604-a43c-47ea744bfd24} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5428 1c48c6ec858 tab
                        3⤵
                          PID:5236

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      23KB

                      MD5

                      eba0817a06afc8f4f1b3041ab705c415

                      SHA1

                      7cf8e0785fc78496a2f2b5abecad03effa6e4de2

                      SHA256

                      140f9f948cb35858165441b261748694f6a9e780a95b34f079cab588a4aad46c

                      SHA512

                      8c62518bb2fc179b768362986ef9b802aee73f9ea652f1017173c03680a496bfb1886754f39a87bd71b2ed0c5b74abc6056cfd4525ad2aa9b90df203b67c7777

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      28578bc683f82b8d9e0f434d5adbcaaf

                      SHA1

                      a5de497df9a03026b1b5848bc7170e004067b394

                      SHA256

                      760aaeeb96ae046bfc28d29ab05c0cecba6aa38076bd85ddd9043404646fb02a

                      SHA512

                      feec4155ed2528391ac13758f2275987016095dd929d1eef52c71c4ef50e30b5fe368a79429390941ad31a819272ae9f6d17e0d91eeec189f02ff1d2f00b9d2f

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      67e0c9ba4a736220ed7a6a5234addc21

                      SHA1

                      5084c72fb398422da6ec0162540350eff57d6403

                      SHA256

                      fc4073cade367e8767a1069bbcf5653a6d8789c91eb210af22be1e7923b26de0

                      SHA512

                      97bb115d0919d10a59e039f50d4c176ea9ed8b35d9f4818c6b648bcdb396e40cda9287b01ef6f5e1dadd60e293594bdbf9ca9c6cc6bf79004782127e0afd72da

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      57f545d1985f2007d944e2bedf57630f

                      SHA1

                      5b69728adaec2370c90f87d9071469780f4ef1dc

                      SHA256

                      d1ba646e212c18692471ffcdc7f5cd5f3cb64c9c9f0bc0a4a6236456b3a54833

                      SHA512

                      191132015aade0e330f234263325dded943ab7fa3c261b3730c0675b79cc9a339bebd97f64091724fbc527eaa368c6bc40cc97838021e5ef427db7b6abb0d7f3

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      4KB

                      MD5

                      5f487fca5cc2a789493d384ee3d79982

                      SHA1

                      94999028d903dd7a54fcba37be0e45252a7ee554

                      SHA256

                      3458f1a2aad8ea947a591a739de7b9fa87d58896de7a305b7098e5d9f6d96f4b

                      SHA512

                      567cbfc08811f7c6687af9e878c56e62d270b1ff378385c5655f81bbc863b846edd6edd485264a80d4811d97e1a2387e371c41f1007a5d5e3b3a16fabb2e0422

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      bedadb510d4e45ef661905c331680fde

                      SHA1

                      76acdcc33a9d6acaa56e15b2e7633e7190b1029e

                      SHA256

                      305b8a4dd4c837b516a71d4deccfd53bd2da37939dfe387dccdfb82de1b4957c

                      SHA512

                      49b07343750c8b5008a83bde12ce4c5ef56bdbf5a74babd15dc91d9ce1df118733f729c0b98dbb70ecd4a5d82f48d01e00dfd1d9fa5a3555b3d55bbb75100bac

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      4KB

                      MD5

                      5033c3b65223d8f69b561a7b8c6f2bb9

                      SHA1

                      cced4f0c63f8160f7245a82cd057ce057c39ee43

                      SHA256

                      c32d443aff0f62c777b60bd8156f04f08d0fc182c39487ece95ec2f02b7af962

                      SHA512

                      8086d69299d9b68d81c34288a359d20aa4a5dce5fb2a1f8838cec68957a2d904d1fff43fb423cba9e1798479fef27ad003e8e5b6309a32bbcf04bb98fe89feb3

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\h6dhg2l4.default-release\sessionstore.jsonlz4
                      Filesize

                      4KB

                      MD5

                      a407f90268503ba4615a84c76cc7d182

                      SHA1

                      575199ebb1fc26dcb5a35c19dc948b8479d5f8cf

                      SHA256

                      c21e0daf09fbc32c32682ec09609dec8961909d3f3e83d3116004ef5045b1a81

                      SHA512

                      0854580783aa1aeddc4274fa3e9fbce6a942c29defd7488b0edfb030a0ffe31a26583aa9a8e2a933de67b3e37efd96243961d2c09b8bb70003c016a9bda361ff

                      Download Submit