Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.surveymo...

windows10-2004-x64

1

Resubmissions

23-05-2024 00:39

240523-azt1zsfc29 1

23-05-2024 00:35

240523-axs1xafb45 3

23-05-2024 00:18

240523-alrcyaed8s 7

23-05-2024 00:10

240523-af279aed52 4

23-05-2024 00:09

240523-afk9qseb9v 1

23-05-2024 00:08

240523-aewn3sec92 3

23-05-2024 00:06

240523-adv16aeb4x 3

22-05-2024 23:41

240522-3ptlpade5x 7

22-05-2024 23:40

240522-3n73pade4s 7

Analysis

  • max time kernel
    26s
  • max time network
    31s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 00:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.surveymonkey.com/tr/v1/te/akU_2BQc2vAhAsa_2B264x1g6_2FpF_2Fhy3EhxbpxJDHYpYZT3PErDK_2Bf6OjNYOPsqZdKwg_2FdGRiGnm_2F0m8noAHL9RnT836_2BYB8hBwteIGMtJsa3Y1vxLzMQx8hQ_2FIcHYekp4uZGtyNOKmLj8uWYeMIRBECJQxK6aoUPBuYZsxlyfy8J0u00yFYvNWLFaJPH4Vds9VvgVOLmxU7CcX1Vswz6ckLCveIH0qxIepHjn5Wd9isAk_2FystH3tW8IXVH8bueBv_2BZx

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.surveymonkey.com/tr/v1/te/akU_2BQc2vAhAsa_2B264x1g6_2FpF_2Fhy3EhxbpxJDHYpYZT3PErDK_2Bf6OjNYOPsqZdKwg_2FdGRiGnm_2F0m8noAHL9RnT836_2BYB8hBwteIGMtJsa3Y1vxLzMQx8hQ_2FIcHYekp4uZGtyNOKmLj8uWYeMIRBECJQxK6aoUPBuYZsxlyfy8J0u00yFYvNWLFaJPH4Vds9VvgVOLmxU7CcX1Vswz6ckLCveIH0qxIepHjn5Wd9isAk_2FystH3tW8IXVH8bueBv_2BZx"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1804
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.surveymonkey.com/tr/v1/te/akU_2BQc2vAhAsa_2B264x1g6_2FpF_2Fhy3EhxbpxJDHYpYZT3PErDK_2Bf6OjNYOPsqZdKwg_2FdGRiGnm_2F0m8noAHL9RnT836_2BYB8hBwteIGMtJsa3Y1vxLzMQx8hQ_2FIcHYekp4uZGtyNOKmLj8uWYeMIRBECJQxK6aoUPBuYZsxlyfy8J0u00yFYvNWLFaJPH4Vds9VvgVOLmxU7CcX1Vswz6ckLCveIH0qxIepHjn5Wd9isAk_2FystH3tW8IXVH8bueBv_2BZx
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.0.592919320\317714345" -parentBuildID 20221007134813 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d54ed609-fe9a-418f-9541-35de1e3772c1} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 1996 115934c0a58 gpu
        3⤵
          PID:1972
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.1.1229730511\85032472" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a76f0ed7-a069-4c16-80d8-84c7a65d8bed} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 2404 115933f9558 socket
          3⤵
            PID:5108
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.2.923183614\958156522" -childID 1 -isForBrowser -prefsHandle 3048 -prefMapHandle 2952 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {879de8b0-b5c6-4ab4-9fba-6f49ff7a3073} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 3032 1159345d858 tab
            3⤵
              PID:3052
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.3.521086013\436616829" -childID 2 -isForBrowser -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30ad5af0-9798-4fcb-8202-f9678320ab5e} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 3940 11598834558 tab
              3⤵
                PID:2856
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.4.2037251716\829613935" -childID 3 -isForBrowser -prefsHandle 4600 -prefMapHandle 4612 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f4def42-213c-4a75-be86-d159db99ed93} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 4844 115999eb658 tab
                3⤵
                  PID:1208
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.5.1294851899\30816400" -childID 4 -isForBrowser -prefsHandle 4956 -prefMapHandle 4960 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb3dc0a9-6210-4200-9afe-605d41e2b513} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 5040 11599749d58 tab
                  3⤵
                    PID:2228
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2144.6.1773924094\361378020" -childID 5 -isForBrowser -prefsHandle 5156 -prefMapHandle 5160 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2e6f306-b414-4fc3-96d4-48bfd95553b6} 2144 "\\.\pipe\gecko-crash-server-pipe.2144" 5240 11599748858 tab
                    3⤵
                      PID:3732

                Network

                MITRE ATT&CK Matrix ATT&CK v13

                Initial Access

                Execution

                Persistence

                Privilege Escalation

                Defense Evasion

                Credential Access

                Discovery

                Query Registry

                2
                T1012

                System Information Discovery

                1
                T1082

                Lateral Movement

                Collection

                Exfiltration

                Command and Control

                Impact

                Resource Development

                Reconnaissance

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  9KB

                  MD5

                  2da6f0760cd2f41b4250ccd17dd9a2e9

                  SHA1

                  1dd6080ac302e0ebcf95dd775a031ca8a8a79cd8

                  SHA256

                  a1e5ae7606cf11616be77b94d79741ca614a30e35f8dbed6269d10b7a1d50bae

                  SHA512

                  ee6e8acc260d71f430ab7b522edfc41aee9affc0d3a4f88fdd89d3c57b154c308f69ae86fb4286e3e5fa4964be53b2200af865b902c2aeab52aed0a2e2d089ee

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\84a0e85a-48a5-4b78-81a1-b6deb1c287d4
                  Filesize

                  734B

                  MD5

                  546021ecd8aa410ff5d735b8286f8f61

                  SHA1

                  aa8e4a3972e68103f1feac688e129030729dcec3

                  SHA256

                  f4ebab9f1fee39c4cd28e68e2abf61b809457464e9791d0fface761abeed67d4

                  SHA512

                  ffb37f1e00093d4d3a4aa32dc0b793e1cd9e32f02f6c003af4e5706173572ee96e83ed13fd933eb9d8c6f40676551140050efa8193ef0f431b4c5c26314f1991

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  e83f167de7fe30244a27d8068c5a4878

                  SHA1

                  1531c9d57dc1917adb22025168269068209da79c

                  SHA256

                  5eff0f9619a2816839149a3057243b230fc5126dd174b159377ae332dbcb4992

                  SHA512

                  310b80de6c1cb951034cd9d2440e2e6a738a519d995ff9f119df0c5c96d21b3000546f179df943fc35cb8384c67584e703f99daa1ba359120390afa063bf3d24

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  88db53b2a517683cb963ec6487ca54b8

                  SHA1

                  2f71f3ac192c8836c21d177a36f8afcc55ad3a5a

                  SHA256

                  7aba6c79433b8539d173a52d7f0b96730c06d5d262e362502a1266f3aa4c0dc1

                  SHA512

                  3bcf3a9920de7e08e5e712eb5aed6057209a560f914a0c32151a723e2ee6f51a6c68d0a388020e2c22f040cdba7ae43d1d1e17415d96b8f25cb220228665fb4e

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  7KB

                  MD5

                  9084c43df43a4a6fa3011e9275a55545

                  SHA1

                  0be563eabd1612a2de97431d6d0fd0a0bf14985e

                  SHA256

                  a0935fffe163e8327f57fad15ac0030d26bfc1a021ce34e7a797f05d262a85bc

                  SHA512

                  cca58ff3d1aa77b2fc1da3846a91c8a4c0ab4f1cd4f738d2b9f3866d77c50466e21d9a41c49816e41d67d07abcaa3030e78de04955fce998fe49522b376a2487

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  89fb414d778d11d3a12991de60301815

                  SHA1

                  1d7a63ca92d9ad28930ce2feaac8c71c3f699ef7

                  SHA256

                  935ba660008416f0b46a028a709944f11f9c2858243a2f7bc0b57aa1d96314be

                  SHA512

                  49f06dc78f2e08621ba4ed19925d8c7ed040502f13edaeedc7df3d675e77417d8b7b3c0b3feaf7f4fcef989091b363f5af1fa9258de57cee5bd904e1d7a31f9b

                  Download Submit