Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://vlt.me/.30mtk

windows10-2004-x64

1

http://vlt.me/.30mtk

windows11-21h2-x64

1

Analysis

  • max time kernel
    14s
  • max time network
    14s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 02:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://vlt.me/.30mtk

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://vlt.me/.30mtk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://vlt.me/.30mtk
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4872
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.0.2114811852\1435961955" -parentBuildID 20230214051806 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c33586b-86b1-4665-bd3a-cadee36403ea} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 1900 13cfea22858 gpu
        3⤵
          PID:2660
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.1.966936299\510253588" -parentBuildID 20230214051806 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a32df0c-1096-4b29-b986-7376b18ecbb2} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 2460 13cea88a558 socket
          3⤵
            PID:3232
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.2.48131956\500920115" -childID 1 -isForBrowser -prefsHandle 2876 -prefMapHandle 2856 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac14e1e0-f5c4-419c-a206-be1c2d43bff2} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 3012 13c8254be58 tab
            3⤵
              PID:5036
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.3.498791905\2077079001" -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbb63614-1216-46bb-8189-eb19a75a0803} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 3672 13cfefaeb58 tab
              3⤵
                PID:4660
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.4.1388931276\1352174289" -childID 3 -isForBrowser -prefsHandle 5128 -prefMapHandle 5124 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40e48922-eccf-4342-a504-68171beec6c4} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5140 13c8539f258 tab
                3⤵
                  PID:2392
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.5.1189632218\52092800" -childID 4 -isForBrowser -prefsHandle 5288 -prefMapHandle 5292 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be9a1403-2bdc-4e06-9da1-99bea2e0a113} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5276 13c86014358 tab
                  3⤵
                    PID:4828
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.6.1402004078\224052306" -childID 5 -isForBrowser -prefsHandle 5480 -prefMapHandle 5488 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {473e494f-069c-4297-bb9c-7895f7257ea7} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5564 13c86014658 tab
                    3⤵
                      PID:3188
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.7.751234659\136011245" -childID 6 -isForBrowser -prefsHandle 2696 -prefMapHandle 2880 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22fd7476-043a-4680-a8df-c37d56198793} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 3060 13c87003558 tab
                      3⤵
                        PID:3668
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.8.1697649791\1579689984" -childID 7 -isForBrowser -prefsHandle 5904 -prefMapHandle 5912 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6fe495e-274f-44e2-8cd5-c31dcfeeefd6} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5896 13c87003b58 tab
                        3⤵
                          PID:3200
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.9.211572572\400873036" -childID 8 -isForBrowser -prefsHandle 6064 -prefMapHandle 6060 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {979e5275-bdb9-4a1a-bebc-547186f0538e} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 6076 13c869c7358 tab
                          3⤵
                            PID:4960
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.10.716576190\1219861558" -parentBuildID 20230214051806 -prefsHandle 5788 -prefMapHandle 5308 -prefsLen 27697 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bb02166-d6cc-427b-aa02-f6e2d565898d} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 6220 13c86cea058 rdd
                            3⤵
                              PID:1832
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.11.1916297073\940780016" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 6212 -prefMapHandle 6076 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c30174b9-5e65-4253-aed5-4cb64576afdd} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 6240 13c86ce8258 utility
                              3⤵
                                PID:3840
                          • C:\Windows\system32\AUDIODG.EXE
                            C:\Windows\system32\AUDIODG.EXE 0x460 0x468
                            1⤵
                            • Suspicious use of AdjustPrivilegeToken
                            PID:5832

                          Network

                          MITRE ATT&CK Matrix ATT&CK v13

                          Initial Access

                          Execution

                          Persistence

                          Privilege Escalation

                          Defense Evasion

                          Credential Access

                          Discovery

                          Query Registry

                          2
                          T1012

                          System Information Discovery

                          1
                          T1082

                          Lateral Movement

                          Collection

                          Exfiltration

                          Command and Control

                          Impact

                          Resource Development

                          Reconnaissance

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp
                            Filesize

                            23KB

                            MD5

                            b44b142aae264dffadc4415369a041a7

                            SHA1

                            406c4233d254eacd933d5b8d19efd2b3aceb8d7f

                            SHA256

                            23697c744f1a4c6e253a0714c39e0dafda806d607bcfcd8a1cb724804f3a1c7a

                            SHA512

                            41de28a0b51b0eafa53bc2b33bbd8e7b4659798acfb14cf3f5574219e43067d249d7e76e6cf018b48179c875d2a1364814ad32c2f32bc59731433dc0dedda389

                            Download Submit