Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.soloinsi...

windows10-2004-x64

1

Analysis

  • max time kernel
    12s
  • max time network
    13s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 13:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.soloinsight.com/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.soloinsight.com/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4228
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.soloinsight.com/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4756
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.0.2024428932\223056924" -parentBuildID 20230214051806 -prefsHandle 1728 -prefMapHandle 1720 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4587782-7e87-4799-a826-1f6d376e3cbc} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 1808 2b87fa06f58 gpu
        3⤵
          PID:2380
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.1.574260511\1552857540" -parentBuildID 20230214051806 -prefsHandle 2376 -prefMapHandle 2360 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7770bb2-3c31-4067-b6a7-54d4456a1d8d} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 2404 2b877485958 socket
          3⤵
            PID:4016
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.2.1359295586\1275896156" -childID 1 -isForBrowser -prefsHandle 3156 -prefMapHandle 3152 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e817dd4-3e34-4baf-9cf6-c0c4e4fa40dd} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 3168 2b807135a58 tab
            3⤵
              PID:4560
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.3.1758129389\1558844072" -childID 2 -isForBrowser -prefsHandle 1256 -prefMapHandle 2568 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6fbeb9f-b240-49bf-8b8f-f88b8181afc1} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 1020 2b808f61558 tab
              3⤵
                PID:2192
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.4.1564095179\9095657" -childID 3 -isForBrowser -prefsHandle 5068 -prefMapHandle 5056 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2881ae5-93a6-4381-8b9b-b1d1cab191cb} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 5028 2b80adb6058 tab
                3⤵
                  PID:880
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.5.1238924724\1125609270" -childID 4 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {062cd5e4-8d75-4696-9483-ca75b775b49c} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 5240 2b80adb5458 tab
                  3⤵
                    PID:1696
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.6.775317947\984158101" -childID 5 -isForBrowser -prefsHandle 5436 -prefMapHandle 5440 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f036d8f4-1ffd-4de3-8292-c933e5194e5f} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 5428 2b80adb5758 tab
                    3⤵
                      PID:2060
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.7.1491661087\1386406593" -childID 6 -isForBrowser -prefsHandle 5848 -prefMapHandle 4896 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a190496-81e7-493f-bc72-65d81ac24343} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 5816 2b805b9cb58 tab
                      3⤵
                        PID:5632

                  Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          27KB

                          MD5

                          fc6816c34dca7a49b38b8da64b3d2a8f

                          SHA1

                          b0939e7983190dcd123d802fe104c966ed0a7c8a

                          SHA256

                          10dc36fbdab73d904d718e11cf544f32068cf2b71e3ea831ecbcdfabdd60b1bb

                          SHA512

                          fd2c8f9f438896c1ce3bb3ec72fc55ed4718960ace7a14e8ca8868482ac7007c0b8e87390d94ba2e16fed81d81061add8437fa2b188c7583b841929704c3d6fe

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          f2ee6ab2086329cae0f68b2f759a2a27

                          SHA1

                          f8f3bf80b7575d1931780caa9a35396bfc129c61

                          SHA256

                          0bc1cc9183c302546022a8887cfb9a467609663df72a8980f5eeba5b9bd58f6a

                          SHA512

                          ce1b7e935e1cd6138d727c9b440c14f8636c62d039799d7e68bc2480b6ae20cc2d0942b4fc68cf357a4faaab7128a4f92a89f90a1f7557164197d3ddf0ab45bf

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          81b465dcd8212b5b901c1f2cdf4edd38

                          SHA1

                          c6dd1a70f36e0faabe2adce0a9fd3ede607d50c5

                          SHA256

                          d3d68c3b9bf04a7f6a554087a2191b58d124bf680d9e6c525cdd1605e55d44d1

                          SHA512

                          d1014aabcbdccdfe49e4cbc089dc75b5f0e43a286f02b874904c728c3456a47fccb705773955ecfa394c68f2f3763367146b8f3cccecba8100e71e93180a3547

                          Download Submit