Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://curious-chee...

windows10-1703-x64

6

Analysis

  • max time kernel
    48s
  • max time network
    35s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22-05-2024 06:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://curious-cheesecake-147cfb.netlify.app/

Score
6/10
motwphishing

Malware Config

Signatures

  • Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
    phishingmotw
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://curious-cheesecake-147cfb.netlify.app/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4412
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://curious-cheesecake-147cfb.netlify.app/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4452
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4452.0.340465730\67013407" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1b05ca5-f25c-43a7-9589-1a91bdf422b3} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" 1776 174930ebc58 gpu
        3⤵
          PID:1956
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4452.1.1448468276\600522487" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afff999e-807e-46d9-a301-27a2f685da6f} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" 2136 17492ff9b58 socket
          3⤵
            PID:4356
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4452.2.285597315\2109311710" -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 3004 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a34d2b6-b244-43ba-bce1-710b3b49cd2a} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" 2868 174970b2558 tab
            3⤵
              PID:4708
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4452.3.1330240169\1338251612" -childID 2 -isForBrowser -prefsHandle 3516 -prefMapHandle 3512 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92b2c6be-e04c-472d-a9d5-55d479cff5ca} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" 3528 17488069458 tab
              3⤵
                PID:2292
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4452.4.759674035\912751988" -childID 3 -isForBrowser -prefsHandle 4736 -prefMapHandle 4728 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2f386d4-5cf3-4e02-a3e5-356346644974} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" 4372 1749a214258 tab
                3⤵
                  PID:4224
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4452.5.646763785\324963789" -childID 4 -isForBrowser -prefsHandle 4776 -prefMapHandle 4764 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a00bdcc-8b98-4362-8c9a-1fd070acc73b} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" 4872 1749a216958 tab
                  3⤵
                    PID:1932
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4452.6.386044943\1333455085" -childID 5 -isForBrowser -prefsHandle 5076 -prefMapHandle 5080 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dd9cf58-c5b6-4a69-8af4-9a7ebf4eaf8e} 4452 "\\.\pipe\gecko-crash-server-pipe.4452" 5064 1749a217858 tab
                    3⤵
                      PID:2812

                Network

                MITRE ATT&CK Matrix ATT&CK v13

                Initial Access

                Execution

                Persistence

                Privilege Escalation

                Defense Evasion

                Credential Access

                Discovery

                Query Registry

                2
                T1012

                System Information Discovery

                1
                T1082

                Lateral Movement

                Collection

                Exfiltration

                Command and Control

                Impact

                Resource Development

                Reconnaissance

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\838695C922A8624650B8177A8436329C333A37DF
                  Filesize

                  54KB

                  MD5

                  142b6338ec9ee0dacbee7176aaf1c6e0

                  SHA1

                  d9b99255a6e3d3ebcad7861b37d949a8d0c94664

                  SHA256

                  3ab1448f4e38b0eb3e898ed0cecd165be885073f709cbf9c2833767efa6f3324

                  SHA512

                  3f4a764c1b4b8a7c249965317743b97bed63be48a2cb5e8133ab8538850f8ab253298e756789083cc9d4c24e570489fc254f768833d1b3f7db58a992c63526f8

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  39379c46ceb467a69aeb0574628ca924

                  SHA1

                  ea7b37166efd4146f8173046a2015e1b99287e03

                  SHA256

                  4ef8212f5ec499c8f2e87ca364c3593a2709ffa3885f0c736188dd0125b99fa5

                  SHA512

                  a5770195a38e7459a1485ed2900bbdaa61e36e3e741d81a780e57bc6be6e6d506ad37a20bd27f152c3ff18b578ec72512c5e6444e0c1c781c792da1fe5cd93fa

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\3c92662d-12d9-454f-a089-74e82a21ecdb
                  Filesize

                  746B

                  MD5

                  0fb450fcb739ef4830e43c6ea92941bf

                  SHA1

                  f4c603d65beb8d974c04e3db8d6082271e384a4a

                  SHA256

                  0e03eb60b426cb924de63f3052345bf77f67c34cd37b1b3c34a6129a0c85b93d

                  SHA512

                  9b8448be8f7ded07d09b3da98b5b473256a8c4d7a651a00378749e0391b37e7c886b10b9f8040898b47dbefd37f288fb5a50b03d3b1bfd93c0f32b9db543e6b8

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\a3addbfb-d367-46e8-a1b3-37da68d44970
                  Filesize

                  10KB

                  MD5

                  9149437c8baeb000b6c5fb01505fc5e5

                  SHA1

                  f99ee8eb892d44a61e0a2a9c5442f2fc81aaec13

                  SHA256

                  be9471a604f5b4a69c11579d473fd1373fcf95f414622f2d702d0e655e0a2caa

                  SHA512

                  0127a0a1a863cfda9bdce0d07ceb9897cb7d0e074550aef5647c4a56593e7d7f1a562b6c565fe7c10d09554f271a92603a1aea02b4137d84e20fa9ba6bf8601b

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  00f7e5a657639039ff8f2cbfefdaaf41

                  SHA1

                  1947c2ae70b51468b07812972922229935f1d7b3

                  SHA256

                  6944470aff7e5f13442c1c0407877a2d7f4ae0751f1e7ac848d61f70d768d7c7

                  SHA512

                  4a07780e39b1c44dd6d4c66f19f94609b8ee105bc92d637f4460420a6bcbf1516c386b12bcf002b31758d1f88007f985f424b4f2e5bed3f4b6874f88cd09424b

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  b1d66fb5cea9859f97f75a528ff0a61f

                  SHA1

                  4bd65f81a1c7875cb54fa41e95e62bcafcba6f6b

                  SHA256

                  95bd17bc6960a43e84045329d13ffae5b5d366c8e7071b837319d910bbccd247

                  SHA512

                  5cecb28689d39307821852471a8ea0c5eb555e52eb591fc77eda5e024502c2c3231fe31d2a86e3b20ace420d184308701afa342c844e74a58498fd9b1da0dcb8

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  e34e98ee0f3c9eb0b7dca311260397e3

                  SHA1

                  9a710f143068d7e348e4d241f60d9dd3a9635616

                  SHA256

                  ecc4113c7756193b9a82fb04e99024aebde17a33188f9943c587a34823b0e4e8

                  SHA512

                  1084025f025dafcc380884a2bde10305616cd888e3b5aad7f097dd376dcd3c8fa3ae7bb67346390ecb62e997cf7478f08d13b0c5106cb350dc2471cb18e7e086

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  2KB

                  MD5

                  b701892492af9c7516b95ebfebd9ebcf

                  SHA1

                  63822c504b2343835eed101085e73e79d8d90ec7

                  SHA256

                  0e67ecc13b378dc7b6b92bd278e6e856e6c8e2b128697544f73dc1c6870f11fb

                  SHA512

                  552a77db568c5f63f1694b12830bfdbcdf7652694602132c7870acb8929e4d9ef80097fdd2c0063a5368f371bb2d3c022e75c5953d3d581a1ccf9d7b026d54fe

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  2KB

                  MD5

                  5b43dc6ca23e7149e5a625b2303d248d

                  SHA1

                  1232106751364e77f24c52552401d4c23e604d54

                  SHA256

                  870d7934ede725c4b8b7100d83c2a7287c3caa42a6a8379fc2eea0edd159eebe

                  SHA512

                  97daf04db5670fdec5f9490068519650bf6ec473a29342c256aa16382c951a08586302e9f76fda3f1e99f75f291cb6bc44d5e70ea48a290c1aa122db83bbcf16

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  2KB

                  MD5

                  12356194e364f3beb60ffe8bf4190133

                  SHA1

                  6033fd608e0b7c0eb6f683b351092784af4e5145

                  SHA256

                  a28742640edc9ec1424c3744f6b2fce454ffb502963b3f930cf8fc2a96fe1a80

                  SHA512

                  c9d5e903b1d1c03e7c616f85f5ad61b80878bedb4b0aa3d358e34f6e6d00500faaa23147141993b48c5e1986c22b604da34988a23d054cd48c330d02bed4b051

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  a4627d94b477e3f653435fcf27e2663d

                  SHA1

                  d5dc31c0165277e469d92453c556786995e2800d

                  SHA256

                  7c1ea6cee0386d6af3cb7523167c2b880592657ceacc4e56edbc2394575c5c69

                  SHA512

                  7619d8f8f790c6b47faa75eb3f834640fe6ab684209f2eeb6eff26017c7ebb44972018463bb15d0e7955bed5bde4ebff809754b3c2057d7749bafe82dbe48455

                  Download Submit