Overview

overview

5

Static

static

1

URLScan

urlscan

1

https://pixeldrain.c...

windows10-2004-x64

1

Analysis

  • max time kernel
    1681s
  • max time network
    1697s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 11:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://pixeldrain.com/u/qom7vpPm

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://pixeldrain.com/u/qom7vpPm"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:620
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://pixeldrain.com/u/qom7vpPm
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2060
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2060.0.1556624604\1576129286" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22244 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {980a6f33-2459-4f7a-a242-c94d19210ad0} 2060 "\\.\pipe\gecko-crash-server-pipe.2060" 1836 1da5b60b158 gpu
        3⤵
          PID:1392
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2060.1.1809041745\271309286" -parentBuildID 20230214051806 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 23095 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef4272bd-6ec4-4df6-8355-9af198d0e701} 2060 "\\.\pipe\gecko-crash-server-pipe.2060" 2428 1da4e986558 socket
          3⤵
            PID:1568
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2060.2.995595319\376663940" -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3012 -prefsLen 23198 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9260a1d3-f611-46f2-90bd-c9e8939e9a12} 2060 "\\.\pipe\gecko-crash-server-pipe.2060" 3028 1da5e52af58 tab
            3⤵
              PID:3556
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2060.3.341051697\101791479" -childID 2 -isForBrowser -prefsHandle 3976 -prefMapHandle 3972 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f86f566-a0f6-4437-ae08-61c1efd8fb79} 2060 "\\.\pipe\gecko-crash-server-pipe.2060" 3936 1da4e982258 tab
              3⤵
                PID:3700
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2060.4.1754329714\1975108893" -childID 3 -isForBrowser -prefsHandle 5104 -prefMapHandle 5116 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6e1b21a-4333-4c00-b597-ac34bde1160c} 2060 "\\.\pipe\gecko-crash-server-pipe.2060" 5096 1da61ab4e58 tab
                3⤵
                  PID:1444
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2060.5.494161311\1558281913" -childID 4 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b441f9e4-97bc-4553-9e55-dbc6b2527fb2} 2060 "\\.\pipe\gecko-crash-server-pipe.2060" 5160 1da61ab6658 tab
                  3⤵
                    PID:3484
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2060.6.696997388\1926743795" -childID 5 -isForBrowser -prefsHandle 5180 -prefMapHandle 5240 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {014f6840-a3d6-44f3-a02e-d2e782b1245c} 2060 "\\.\pipe\gecko-crash-server-pipe.2060" 5228 1da61ab6958 tab
                    3⤵
                      PID:3584

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e6zhegwu.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        23KB

                        MD5

                        13341bd6bb6b4c9897fc6e0098da3978

                        SHA1

                        60e27df7fae729270bffdf814248319c09a991eb

                        SHA256

                        a8cf933953a26a395683de05bb778453ee440d8b324ce59dfb6bf948fa955fd2

                        SHA512

                        8fa87639e8d96915e82bebe91631fc7fba55d9e51833b7c8f6a46bda08c1bf644d631034574a674733e25a66c7cf014e4c9aa9a6a85cf942cebfad71562f06d3

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e6zhegwu.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2
                        Filesize

                        16KB

                        MD5

                        304e8ff190733a9fddf440aa815e96e6

                        SHA1

                        7b90dad3707b11f6238c790c802441345e93cc50

                        SHA256

                        15de6732f2edbda6b5f27df5dc87d6c4476482e975da66306cf120adb9f1e074

                        SHA512

                        e869bf224d033c6c65d4559f5dac8901d2e14c029dad3f2a1f6c1f5961e73473b3616edcf4cdc6b181723e31e216b863d198c380c4bbcb33f35205c4f25c1171

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                        Filesize

                        5KB

                        MD5

                        184bed94fca4982bc65d9883d737e287

                        SHA1

                        607df85d56c8fddb8f07cd1bec04d1f390c4cff1

                        SHA256

                        f47304739e214e09027b789d9f127700dd9d685c18902052d35fc0541b0bba97

                        SHA512

                        9402b619d01a3ad6a4cdbd9c19bbf0678fb7ab053ac17b8cc6040de62f07ced7dc85299d6bb333e805202ba294d721f528ebaa9ebfb8b00e54af55d75d97e229

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\addonStartup.json.lz4
                        Filesize

                        5KB

                        MD5

                        3b460cf3a61ee8cebd738ff118d02c88

                        SHA1

                        9df1bb14f3640329ea4a09554255d9f137409d1f

                        SHA256

                        f4ba745e081cef9be7f772463ffc87be5872fef6312955828af2a28c1da4ec82

                        SHA512

                        7df52f652d70a85f6809ad7bd53a267d4a5ac5f4b0eac288780f9779611acb4b39dae5a19ee5f94d6f2dae49759a61995e6ebc1c83100852f28c91a1baad4b86

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\bookmarkbackups\bookmarks-2024-06-12_11_6FbckyJm0QBdgL38IDXwrg==.jsonlz4
                        Filesize

                        1010B

                        MD5

                        9c8f179bffdf51883025521c6fa45420

                        SHA1

                        e5aa6965c48c6c07b2449dc9e883a4130773f1fd

                        SHA256

                        712d45cdbe4f40f8f927606700c290a2c2ae7b333b35938f77e2335117c1a2c0

                        SHA512

                        1a9e0d0e8ac038c3e0b2b85cfed5ab125c28d44d09d7848d8efafabf73d0dadf75d722fe8bf5717e82118ff6b4bf4496b45794e101177afcb367829f90f854e8

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\broadcast-listeners.json
                        Filesize

                        204B

                        MD5

                        72c95709e1a3b27919e13d28bbe8e8a2

                        SHA1

                        00892decbee63d627057730bfc0c6a4f13099ee4

                        SHA256

                        9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                        SHA512

                        613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs-1.js
                        Filesize

                        8KB

                        MD5

                        4bc60accc1f81c15a03fdcaa972ac2fc

                        SHA1

                        938367ee460d5e38d10ac70bec455074109bc100

                        SHA256

                        0b3c22df5e592b40e8298829c8ea0b56ace70a0efe0de1386fb78437bf34936d

                        SHA512

                        cfc9f0bbfefd3cffa4e2a6672cfd3de28a8665e838a88f240a51bbac6a9c8941e9362bdfb179cbcbea599660c3b6f1aac3e89bfcfb1c97c69f03784f61977b21

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs-1.js
                        Filesize

                        7KB

                        MD5

                        f0e40a6b6917f179abf717ee9d3d5d5a

                        SHA1

                        44def30abe10585722c31c818453e866e0d9b875

                        SHA256

                        9478cbf401b64bb60c0dc6acfe41a860758933a9a1cadc3d8aceda2234dc69d6

                        SHA512

                        f6cde8fc3a70d754ed336601f3a997b8182b7f080098eb0b39e3b138dbe8a8e9e7b6d2425fb874219ced6c12e34bea4fe7195cfbd4d82feec1392c1e61e30fb0

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\sessionCheckpoints.json
                        Filesize

                        90B

                        MD5

                        c4ab2ee59ca41b6d6a6ea911f35bdc00

                        SHA1

                        5942cd6505fc8a9daba403b082067e1cdefdfbc4

                        SHA256

                        00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                        SHA512

                        71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        f6de4410a04318b9b313df10c8169f3e

                        SHA1

                        d1de24280b43c198b81ae6b75a80c93a54e5277b

                        SHA256

                        5a5c1d79563cc386402225206f6100138300228228d644afe590ca23a5abe0fa

                        SHA512

                        0c16d070ec3a96855dc647ec233d3c7dc13e9d96c04f414093a51c709e2da80e2a9994502be87adda7240afcfba38e730be93dc7021554d07e794fd94c848496

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1017B

                        MD5

                        1e251d0a9b8ae76626b9aa95869780d7

                        SHA1

                        f8de0c46b7db193d68153a1ddb54edb174444d8b

                        SHA256

                        edf6a6908d054ee4a1bf54849cf4525aeada93d1bf950d1482fb1ecc0b9e3965

                        SHA512

                        b5c8d0e79a850d011461fc43c071357dad945bb265d10c47cb40844dac6164c4e8f2ca90f539b5f753ec9e0f5f08c85edf2cd2f5dc30543a2a759d93d29f516b

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\targeting.snapshot.json
                        Filesize

                        4KB

                        MD5

                        6ff90d60cd22ad78b6b1fe5dc65b6f1a

                        SHA1

                        70c9a19770e7da3700326a372ac545a3ff466ce7

                        SHA256

                        72fcbbd73ec11d6a216eca04ec21678e47f4c6034801c62bfd3d2c54d5f1d576

                        SHA512

                        7d0f81abc2c50faa1d55d8f380213bfb830887b865412d715c659c563ff3797cecbf25874445b3eef2c922f085fae7f962a63c34fb40b60c1df8e259412d86bb

                        Download Submit