Overview

overview

10

Static

static

1

URLScan

urlscan

10

http://steamcomnunni...

windows10-2004-x64

1

Resubmissions

31-05-2024 02:41

240531-c6sslscd2t 10

31-05-2024 02:36

240531-c3vsssdc77 10

Analysis

  • max time kernel
    123s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2024 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://steamcomnunnitly.com/get/activation/feoeer82794hFvrbgea6

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://steamcomnunnitly.com/get/activation/feoeer82794hFvrbgea6"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4904
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://steamcomnunnitly.com/get/activation/feoeer82794hFvrbgea6
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:388
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.0.1381333941\158028829" -parentBuildID 20230214051806 -prefsHandle 1820 -prefMapHandle 1804 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {478afdfd-555d-4022-8c82-713f25859d26} 388 "\\.\pipe\gecko-crash-server-pipe.388" 1896 258e6a0ea58 gpu
        3⤵
          PID:4984
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.1.1420081769\1574303156" -parentBuildID 20230214051806 -prefsHandle 2480 -prefMapHandle 2468 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e5e0bac-0cd8-415f-b2b1-3b977ad78a08} 388 "\\.\pipe\gecko-crash-server-pipe.388" 2496 258d9d89658 socket
          3⤵
          • Checks processor information in registry
          PID:4168
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.2.1499847713\2113685546" -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 3076 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {474e7cd9-b510-4752-9419-5bc8023df34f} 388 "\\.\pipe\gecko-crash-server-pipe.388" 1524 258e9b52258 tab
          3⤵
            PID:3016
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.3.837420904\1227053406" -childID 2 -isForBrowser -prefsHandle 4000 -prefMapHandle 3996 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ff1e89e-eadc-430e-b574-abd44528464c} 388 "\\.\pipe\gecko-crash-server-pipe.388" 4012 258eb6d5158 tab
            3⤵
              PID:4964
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.4.521441455\75324349" -childID 3 -isForBrowser -prefsHandle 5064 -prefMapHandle 5060 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a102c733-c777-417d-b91f-2bcd70d81103} 388 "\\.\pipe\gecko-crash-server-pipe.388" 5072 258eb4eed58 tab
              3⤵
                PID:2400
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.5.2013131501\137614537" -childID 4 -isForBrowser -prefsHandle 5260 -prefMapHandle 5284 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bc5ae8f-9d47-4998-968b-b53fd10b435f} 388 "\\.\pipe\gecko-crash-server-pipe.388" 3240 258e9b55558 tab
                3⤵
                  PID:4848
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.6.1835015037\1082977015" -childID 5 -isForBrowser -prefsHandle 5392 -prefMapHandle 5292 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbb097d4-3a9d-4b3e-93ea-6787fee5c827} 388 "\\.\pipe\gecko-crash-server-pipe.388" 5400 258ed297558 tab
                  3⤵
                    PID:1836
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.7.272766078\476607370" -childID 6 -isForBrowser -prefsHandle 5536 -prefMapHandle 5540 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1fb1f75-7b81-4aaa-bacb-4b459dc31346} 388 "\\.\pipe\gecko-crash-server-pipe.388" 5528 258ed3a7d58 tab
                    3⤵
                      PID:932
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.8.1056297250\902102722" -childID 7 -isForBrowser -prefsHandle 4268 -prefMapHandle 3672 -prefsLen 27962 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c0ad69e-d252-40d7-985d-67ff47a76344} 388 "\\.\pipe\gecko-crash-server-pipe.388" 4264 258ecb6d658 tab
                      3⤵
                        PID:1520
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="388.9.681478410\1462124976" -parentBuildID 20230214051806 -prefsHandle 4728 -prefMapHandle 2808 -prefsLen 27962 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3a783de-b916-40b1-80b1-e2c901abe3f6} 388 "\\.\pipe\gecko-crash-server-pipe.388" 2804 258ee370f58 rdd
                        3⤵
                          PID:1008
                    • C:\Windows\system32\msinfo32.exe
                      "C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Desktop\UseGrant.nfo"
                      1⤵
                      • Checks SCSI registry key(s)
                      • Enumerates system info in registry
                      • Suspicious behavior: GetForegroundWindowSpam
                      PID:3236

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      25KB

                      MD5

                      04d3ae2be11e9e2e1ba97b59603fdd60

                      SHA1

                      8822a6b39694f4de9f06b73f44d7d3f4709e97d7

                      SHA256

                      8aaa8083590b525f80fd2cbc693638c103abaa4146c71682dbb1d379bed1c95c

                      SHA512

                      49496545e1334da0c86c77dd47ff16260bfde6db323c5df546bfe6c7dc24369edefff529be27e62db2422d58c5a552b077f945764eb4d03cefacae893c152f3d

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      d8f43747c8d5548583d6a13821266a0a

                      SHA1

                      9e28fc1a12d2408ad425de6e0cec3af4b4e65145

                      SHA256

                      33d6a858c16943ed09b1f46fab9eb959752be787bf1c24be290e9cc46791fc44

                      SHA512

                      d4a48cb4d9d21d06f92818c220dfea27936b2d43526f38c15cb60f7ed5526f1afd1e25596392322b204508e6de0138fd6471a0d8e131cb43006bc9ab8d8e1b5b

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      846f4e1f9b0a25090e18208d77fdef96

                      SHA1

                      6a4cec225d51ff02f002a0c427eaed39ef172dc2

                      SHA256

                      0c2ee7a5b749f9417aa0f00a7dd307ce32089d90792465aca1923789a74e53a7

                      SHA512

                      a34523d6f9031a973a6fbf5a29124023b19f4e67063161c7dad1706110f8da604a6d0779f618ef8879762816d4fec34ad578545da234dc6a88f91812c4f1595a

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      62815d442667435beb5980bf57ff77cf

                      SHA1

                      f9ea4ae08714ed9b6dba172ed7f92f20eb5e23e4

                      SHA256

                      553d527b643259e6165c501f70d6554a7921247421a4ea11d793338c21be8ef2

                      SHA512

                      5ec9726f341df3596560517b0f31801dd7a9a4c05f19b20b2dd548e7986b85c973a7b0782deeaac1bdb3d5b9031762c65e51742d56f9a693cc60b5b9f0011264

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      c00d8666e1387a5ef278d95820724a0f

                      SHA1

                      1c0980ea13713568bd869422c2834ef50593a2f3

                      SHA256

                      acfcb747ce9486cd5c1c916eca395be5378d708f98daf91bb056aaa835d0abf2

                      SHA512

                      2414b533d8dfc4a6678dce1d9e5b156f9e7ea47b53ffc245a4eb8bbfb194e8ed251f620e0f93745508e92c4a6a313f7feed636b01d97a180f72e8fbfd93f7ac2

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      4KB

                      MD5

                      31ba873312425570739f7701e913724e

                      SHA1

                      538fbbb2f2fbcd04a374730fb8558be560a343af

                      SHA256

                      086e694a09c4d76acd147ea28ca19b69ed69ee5e75b6495077465b8322dbfd60

                      SHA512

                      e580ddb18d8a158bbd1ab6cd96a38b48c4868991f0c05edc2d1a3e10d6054c7f7705373f25992efd7a32fd65cd977e1e20c22ab9c30df09513288b3b8d8b89a4

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      44KB

                      MD5

                      a0cb148e4c0f5c2edd9dd313f8bdeb2f

                      SHA1

                      99a73b950f8695bb222cc13e489baacd44431de5

                      SHA256

                      0fa58cc2f9e9acc2659cd5cbf91cdab178c8ce05a9e150583f8e33dccbc83fa3

                      SHA512

                      3eef595585fa53f3a4517bfbce157685cca9c5af3546966688f44f98ec805f27b2c6d00d4bba64998ffcdbfa608cecfec72cdcc71d8fb572f0107e91805fe9c6

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      4KB

                      MD5

                      7e8571d8ba12557a300857ab6af180f0

                      SHA1

                      8aae3ab80b0647043410ea2e859af57e699b95f8

                      SHA256

                      a3a9307483b498fe5b6e240a72f81ebb209b8b0369cbf77dc8c751c58c9311e8

                      SHA512

                      6c2c95ff0a216e02999656bb5436293abae135141fb9aada1736cce5d4a7a27bb971be5f1eb835ac08550d549baaa053927369f8a82abc9da7f9d4cd63af2eb4

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore.jsonlz4
                      Filesize

                      43KB

                      MD5

                      bb02edca2e6e4481aaa81c831b8cc495

                      SHA1

                      58143eaed6093283172aa4b2bcd7ea8c15bcdede

                      SHA256

                      dd13104f80050d609671b343b08ccd2a336f11d373b7af36c6d8ad298afaadbd

                      SHA512

                      d755c94b1a6dfa254e710d2557d4ef06c4e3e2c2dd0eaa89c565ff24689aaa660507adb55cc04735703be4cdd7c15b4df5aac44172333fb07d92efadc47d9f1e

                      Download Submit