Overview

overview

1

Static

static

1

URLScan

urlscan

https://ep.us3.list-...

windows10-2004-x64

1

https://ep.us3.list-...

windows11-21h2-x64

1

Analysis

  • max time kernel
    245s
  • max time network
    271s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 05:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://ep.us3.list-manage.com/pages/track/click?u=68e6f2241d03c455b1fcf3d7f&id=b12eb3e11c

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://ep.us3.list-manage.com/pages/track/click?u=68e6f2241d03c455b1fcf3d7f&id=b12eb3e11c"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5076
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://ep.us3.list-manage.com/pages/track/click?u=68e6f2241d03c455b1fcf3d7f&id=b12eb3e11c
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5104
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.0.97321988\121989760" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fad8296-f705-4cad-b092-6bb6277af528} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 1964 27821db8b58 gpu
        3⤵
          PID:3296
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.1.120137807\692340824" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db565db4-c772-42dd-a5d2-d9e3e1e279cf} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 2388 27821cfb258 socket
          3⤵
            PID:5052
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.2.1550317998\1090150389" -childID 1 -isForBrowser -prefsHandle 3340 -prefMapHandle 2988 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5acb0d0c-d8f0-4e4f-9835-50a11d4b9fc4} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 3352 27825bf3f58 tab
            3⤵
              PID:2900
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.3.1501899518\1134663670" -childID 2 -isForBrowser -prefsHandle 4028 -prefMapHandle 4024 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b93541d2-7486-4b78-955e-1ff418e976fe} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 4032 27826fa7858 tab
              3⤵
                PID:4508
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.4.2073971968\1948870834" -childID 3 -isForBrowser -prefsHandle 4700 -prefMapHandle 4704 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26b1a33e-87c2-4a94-a201-b66a8fa54213} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 4688 2782806c658 tab
                3⤵
                  PID:4472
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.5.585874308\1142371389" -childID 4 -isForBrowser -prefsHandle 4840 -prefMapHandle 4844 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a578291e-b7b7-4e7e-82b8-e1ca64426b86} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 4836 27827663258 tab
                  3⤵
                    PID:728
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.6.1306872616\1418058723" -childID 5 -isForBrowser -prefsHandle 5052 -prefMapHandle 5056 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f27f738-5c4f-48d5-a11c-3afe7ba121e0} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 5016 27827663858 tab
                    3⤵
                      PID:404
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.7.1534072601\2126997734" -childID 6 -isForBrowser -prefsHandle 5520 -prefMapHandle 5544 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bcb36d7-3f02-454d-b07b-baaec89ebe7a} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 5536 27825bf3358 tab
                      3⤵
                        PID:568
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.8.630044637\894963984" -childID 7 -isForBrowser -prefsHandle 5380 -prefMapHandle 5428 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50eecdd5-6705-4ec1-9f7d-ed6550cd18f9} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 3420 27829442e58 tab
                        3⤵
                          PID:1716
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1332 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
                      1⤵
                        PID:5644

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\05B9AF79F21594D938DA33922F4F42C61169A2E0
                        Filesize

                        60KB

                        MD5

                        aa2dff5c57bbb6578d16be84c7da5af7

                        SHA1

                        aa7e98094fb99957673ead745c0ace82a661b7d0

                        SHA256

                        0c05bdc9e0550210dd873791e6e32cfb2efaa64e6a9fcfff324d35d2435cbd34

                        SHA512

                        d49413dd22e750276a5c2083dc4c3117a1cc46a473abbf255959519fb4eda3a5d20d0528db29f8f8f3b879025d843b5172995927eb870bca860015df7ca34046

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                        Filesize

                        442KB

                        MD5

                        85430baed3398695717b0263807cf97c

                        SHA1

                        fffbee923cea216f50fce5d54219a188a5100f41

                        SHA256

                        a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                        SHA512

                        06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                        Filesize

                        8.0MB

                        MD5

                        a01c5ecd6108350ae23d2cddf0e77c17

                        SHA1

                        c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                        SHA256

                        345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                        SHA512

                        b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                        Filesize

                        7KB

                        MD5

                        5e3a091908b612cd5df0896a7bd9e5a3

                        SHA1

                        05b18b880b96f2d0bf63b2c245af860f9a98d64a

                        SHA256

                        12eb1a9c542418970dbcdd5bf9b73e763a2a4f8f13d655a6d98dd70fc992f7a5

                        SHA512

                        252d7773949b83391eec9f693d6bacb3cba3815ca8b8b7eb8344c2c30b6bdc3dac3b224b6e523af0b66524748bfefa511c821500e1569845b3c754711d536529

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        2KB

                        MD5

                        01eee24528095c6ae308f6702e7a5555

                        SHA1

                        7993e60b457980f656dbc08306182f8a372c51ea

                        SHA256

                        b595b9b4e844f516bb931f0564652f4007fe410fc54ea66435c0c292999c7ccb

                        SHA512

                        c22166d6fd53c3cea9673f3e018029eb4a9e274e79587e7375948b7a676dceac96e8f01518ceba6e779c6af46ec6f7e93be9b9afc660e52efc1259e9f390ed00

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\130ecd51-21bb-4d0c-bc6c-1fc880ccc533
                        Filesize

                        746B

                        MD5

                        9a050aea6074b5dca028a2474a9788a1

                        SHA1

                        977b460ab26919198dcf0f163d7b4ce00fdfd397

                        SHA256

                        d877ba9ffad5b473acf480e15de354b986ff31c86c9605608f5ae1a82e37673e

                        SHA512

                        5c2fb4f70d48d3581433f207e45a55182ee8fcb7380851295dd3e22b4e4a9106f985cbfa271350112aed50a46cb02814bbd1f614d50446db44394d93adfeb051

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\2e4eadfd-f890-4a6e-adc7-acb828742ca4
                        Filesize

                        10KB

                        MD5

                        4e855e7c9956a201d8d1537454eadac8

                        SHA1

                        eed4e5f66bdb19069769de92e2a47ec2fedf605b

                        SHA256

                        1de7e56f0bedbc4cb23cb03411dde25bf174ddfbd19a79176c507dbb363318b3

                        SHA512

                        c98ceec917ca11c23beea2cde80cd930592dd9d7b52aa9e1bdbeb1bc0b42d789304961c53c83ea141538eb37999109ba84c955bae5c376099801449a56f7a0dd

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                        Filesize

                        997KB

                        MD5

                        fe3355639648c417e8307c6d051e3e37

                        SHA1

                        f54602d4b4778da21bc97c7238fc66aa68c8ee34

                        SHA256

                        1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                        SHA512

                        8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                        Filesize

                        116B

                        MD5

                        3d33cdc0b3d281e67dd52e14435dd04f

                        SHA1

                        4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                        SHA256

                        f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                        SHA512

                        a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                        Filesize

                        479B

                        MD5

                        49ddb419d96dceb9069018535fb2e2fc

                        SHA1

                        62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                        SHA256

                        2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                        SHA512

                        48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                        Filesize

                        372B

                        MD5

                        8be33af717bb1b67fbd61c3f4b807e9e

                        SHA1

                        7cf17656d174d951957ff36810e874a134dd49e0

                        SHA256

                        e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                        SHA512

                        6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                        Filesize

                        11.8MB

                        MD5

                        33bf7b0439480effb9fb212efce87b13

                        SHA1

                        cee50f2745edc6dc291887b6075ca64d716f495a

                        SHA256

                        8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                        SHA512

                        d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                        Filesize

                        1KB

                        MD5

                        688bed3676d2104e7f17ae1cd2c59404

                        SHA1

                        952b2cdf783ac72fcb98338723e9afd38d47ad8e

                        SHA256

                        33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                        SHA512

                        7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                        Filesize

                        1KB

                        MD5

                        937326fead5fd401f6cca9118bd9ade9

                        SHA1

                        4526a57d4ae14ed29b37632c72aef3c408189d91

                        SHA256

                        68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                        SHA512

                        b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                        Filesize

                        7KB

                        MD5

                        339b6bc56721cf79facf6f8fd83f5b88

                        SHA1

                        38210da4580d252381d6144341793278039c9435

                        SHA256

                        eceb5319fd482bedc2e98dddccac5743f7596712ff25937e845c5a19266ba5de

                        SHA512

                        58b123cde82ca5d01ab94fc8b750eec523f7df66d9e1b46b7ac96fb645a4244a0e023fbd9598f03d68f8460767f0b984fa6f9db782b9bfed347a3b399dbcedf4

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        f73581d60c632fb98b25b2897d427442

                        SHA1

                        19e23593811bf797151a5c2558f3007385022afa

                        SHA256

                        5ddd2b6ba20ee553cd72807db05e570411fbf9c04c79874bfc6bcceaacf7e68e

                        SHA512

                        b7f4ca25adf061a34bdfae8287f757b75d561b1d4eee478ec26b358b32b0c64607945fa5638d491165a366cea7daf50cb29fb2373d47a904a11a1f1eadb2000e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        979ba7bdbfd1a2868ed700aaf6ca2e2a

                        SHA1

                        bebe354d3baccb6bfd2301cbca928356cd92a271

                        SHA256

                        35ee2fd7abc40c14d944fffd729687232baed9b8fc59a4b0cb59048a1b133f86

                        SHA512

                        0f296e5c38eed23eee2be4666e13b088a6ea085727466e6ee9268d4ca7506535cf613502989abfecb2c2fa60ffd06244086799f0b71477dcac2f7883b9dc69c3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        ee56d141e76d71adb3f515dac0ced4f0

                        SHA1

                        1cfff48e33149590f98f982e75ca40d70813ac7c

                        SHA256

                        1e4b1718c1067ddcfd6f7a900c0423d4dd1c07807a7c9683c9010c577c8a8a36

                        SHA512

                        27c1a668f6f4270805fdca44660bccd963bc2b222f04946848a64e5332282b673d213f7843dd3048252b7cf4e66df25ec9470a6040e13908fe7871cf100a8965

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        568934a988dc67dcfeac27178a7c7b82

                        SHA1

                        75b8035ce7e84a62db65142d4ab84eba41d32011

                        SHA256

                        902f98dba74273e49dfe071a0cad6007e0f489d842516e5e1d384975fbf77135

                        SHA512

                        0a655abd66c7ecff1aeae45537fa9d81d73805b19926ee0cae70609e88a5e7502852610f36457de52b086dc18a3bc2889f3d22b9e15ceeb8c467ee338f117079

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        93147db366a9776e9b9ce03e958b8130

                        SHA1

                        a9919c53e0332f9ae59fd14eeec60061ff153b5c

                        SHA256

                        516ba7ddee0643f949f5223c9436ab2f2e1d72061b60f4fea5403544db307ea5

                        SHA512

                        767d1ca6ff7bf4bc8a63ffe8ad4df55f46d4ae8ccf62bcf46c17727ecd70b8bb209d5e77cc63a5ed4951835a794b600a002583b418e779a06067772c0dbb7fc9

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        184KB

                        MD5

                        b961e7bb1730c5f57f727bb20db37094

                        SHA1

                        67d13906116a17aec43ae70405be79c0de04d1ad

                        SHA256

                        457783c0868b6078acb4be0991eb4b1e9e890c0007fd5c7c667ffa7cb66c017c

                        SHA512

                        3ee073f4f9b4516818cd1cd9aab70d25de5dd59cdddd6e4a0f7022b7a514dadf90291cafbe659caa2fe57e03d23e2dad4487c142ef72411e4d917008a10264d9

                        Download Submit