Overview

overview

1

Static

static

1

URLScan

urlscan

http://mailto:contac...

windows10-2004-x64

1

http://mailto:contac...

windows11-21h2-x64

1

Analysis

  • max time kernel
    7s
  • max time network
    6s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 02:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://mailto:[email protected]/?subject=FOLLETO-SUBCONTRATACI%C3%93N%2B%20Nombre%20%2B%20Tel

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://mailto:[email protected]/?subject=FOLLETO-SUBCONTRATACI%C3%93N%2B%20Nombre%20%2B%20Tel"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5100
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://mailto:[email protected]/?subject=FOLLETO-SUBCONTRATACI%C3%93N%2B%20Nombre%20%2B%20Tel
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5084
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.0.1879752932\1671019951" -parentBuildID 20230214051806 -prefsHandle 1812 -prefMapHandle 1804 -prefsLen 22244 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32a28dba-5fa3-403a-b764-7cf5748f86a6} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 1904 2457ff10458 gpu
        3⤵
          PID:2988
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.1.231974003\781864996" -parentBuildID 20230214051806 -prefsHandle 2464 -prefMapHandle 2460 -prefsLen 23095 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0f6da0e-9336-44ef-9fd5-4d12c811e0b5} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 2492 2450a490a58 socket
          3⤵
            PID:5032
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.2.872403683\553011862" -childID 1 -isForBrowser -prefsHandle 2700 -prefMapHandle 2824 -prefsLen 23133 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c4d3a5e-294d-49a1-b556-377e05e1ca6b} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 2796 2457ff11958 tab
            3⤵
              PID:3040
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.3.858603679\469759050" -childID 2 -isForBrowser -prefsHandle 3708 -prefMapHandle 3704 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa170b2e-af02-48ce-bce6-d9f8e354983b} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 3716 2450eccb958 tab
              3⤵
                PID:4412
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.4.1218407419\1960353977" -childID 3 -isForBrowser -prefsHandle 4600 -prefMapHandle 4936 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ed60d37-8329-49c0-98fb-0cf23317670f} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 4944 245109f9d58 tab
                3⤵
                  PID:3152
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.5.1541394483\582678905" -childID 4 -isForBrowser -prefsHandle 5112 -prefMapHandle 4976 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c8ff676-7e3b-4f1b-8193-e0344aa46244} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5100 245109fa958 tab
                  3⤵
                    PID:4920
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.6.915504973\1320091204" -childID 5 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 964 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e945fcb0-f2a2-488a-a65a-e39ad92381e0} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5300 245109fb558 tab
                    3⤵
                      PID:2948

                Network

                MITRE ATT&CK Matrix ATT&CK v13

                Initial Access

                Execution

                Persistence

                Privilege Escalation

                Defense Evasion

                Credential Access

                Discovery

                Query Registry

                2
                T1012

                System Information Discovery

                1
                T1082

                Lateral Movement

                Collection

                Exfiltration

                Command and Control

                Impact

                Resource Development

                Reconnaissance

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e6zhegwu.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  25KB

                  MD5

                  8d2a79617692c02e88d0cf4d0958ef3a

                  SHA1

                  d223621015d4c5e0ed999208d19c8ffacb292327

                  SHA256

                  d30588ec9e19366c834e78e3ef9ad0d197ce8801e62a4e03e8f9afd446a8712b

                  SHA512

                  46cfb7046cabe3d093fdda49e89a95951fc821c22866477d8b79ded27bb4f49dcdf627a7b6cef8549ce0338e6538b4dee7a70eb3703cea70619dab4444e6e2b8

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  fdd158920d73efdd7f78f198732d6513

                  SHA1

                  a90a977d7f180f719ef5c729fc8fa30e6317cb90

                  SHA256

                  3ef0ccea4efe5b07f1e121b3fcf80dabf4131cbb7299c135a4c17887c0e45989

                  SHA512

                  69c24212ef8a9324e7c3a35e7fe8b3576e48477ae1e206c754fe39daeb9f10fb5d7d3de46b57d717d93041a74564543ad706a3d9d57f06429124814ca4883a73

                  Download Submit