Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://lootdest.com...

windows11-21h2-x64

1

Analysis

  • max time kernel
    127s
  • max time network
    130s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11-06-2024 17:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://lootdest.com/s?x1ez

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://lootdest.com/s?x1ez"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4120
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://lootdest.com/s?x1ez
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1204
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.0.1199713825\583071393" -parentBuildID 20230214051806 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {800265bf-663e-4b88-a1c9-d82233e5c550} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 1828 1d4d4b0ce58 gpu
        3⤵
          PID:4748
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.1.1346918927\959743557" -parentBuildID 20230214051806 -prefsHandle 2364 -prefMapHandle 2352 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d30cb2f8-35b0-4fd4-a99e-b817a9a861de} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 2376 1d4c078a558 socket
          3⤵
            PID:4508
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.2.1786371628\1146621801" -childID 1 -isForBrowser -prefsHandle 2608 -prefMapHandle 3108 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4e1695d-a277-4e32-8a5c-d80c6e9d83bd} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 2924 1d4d7a3f558 tab
            3⤵
              PID:4684
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.3.1459566009\837645232" -childID 2 -isForBrowser -prefsHandle 3840 -prefMapHandle 3832 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f2698cf-1443-4976-b7fc-29bea4cf61c1} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 3860 1d4da764558 tab
              3⤵
                PID:4808
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.4.1170672417\1913650906" -childID 3 -isForBrowser -prefsHandle 5056 -prefMapHandle 5052 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fad3574e-0ce1-479f-8bdd-bea37bdfa44b} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 5068 1d4dc80a258 tab
                3⤵
                  PID:2868
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.5.571231814\1848360156" -childID 4 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8ddc5eb-12c7-42b7-b91c-bd1160e5350b} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 5156 1d4dc80b458 tab
                  3⤵
                    PID:1632
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.6.2137397222\140098589" -childID 5 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89528776-13ac-4c39-828d-2889d47fe9de} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 5356 1d4dc80d558 tab
                    3⤵
                      PID:1900
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.7.257802414\552242376" -childID 6 -isForBrowser -prefsHandle 3560 -prefMapHandle 2520 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8737281b-3ea6-4cf3-ade1-7775af09651e} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 4160 1d4d3a23b58 tab
                      3⤵
                        PID:1764
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.8.1813153767\1058763069" -childID 7 -isForBrowser -prefsHandle 4912 -prefMapHandle 3076 -prefsLen 28816 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64bd8089-25d4-46a3-bfd5-f84f0239b8ed} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 2800 1d4dc3ec758 tab
                        3⤵
                          PID:4864
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                      1⤵
                        PID:3128

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        26KB

                        MD5

                        93c92d9dfb3466d5fec7e26f3728e71f

                        SHA1

                        4b9d46f2ec93e59f2c51ae11c28fd51a160ad242

                        SHA256

                        9066ccbc255993f88592c20e8d40adaeb704aa20b1952cd32a13168163b16a6f

                        SHA512

                        a56a47163aaad0650ae781de36b5e2c8bac6ad83d1e32b4f530e2a528a3510ed1ed7966d05475ad4d92b81e55c28f3ef21bd07738fc1d9a7af7372de76f61ecb

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\prefs-1.js
                        Filesize

                        7KB

                        MD5

                        7ac68fe10a794eede1792e257432a091

                        SHA1

                        70d33a6e7a635fbc200125cc8955753435002760

                        SHA256

                        95e7616ada24447d23efcb6d05062f5cac8576eed6fd0f3bcff24bca34f154ba

                        SHA512

                        7b75141244f600e83a9d255e52897b183eddf50988ea106d9ee966e2290446fac78fb846413e35f8cf74fff96c152b30910b6f3af737332a6b09c7f07ca45ae3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\prefs-1.js
                        Filesize

                        7KB

                        MD5

                        9debfbfa50bfa35962a2df3e8e4f6945

                        SHA1

                        86dde4273110d4bb81b984486997fbfb0e219f24

                        SHA256

                        91a556e7d992bdbe9fcaca878a42ac92ef73ca7e0522c5a7881ff9614044b19c

                        SHA512

                        d2d703d753bc9f39cc77e88d39fbe1240bcc9e7a0d80db45cd282ad8786381a22ba2cbb6d77e9d06023cc8b968685bd4a5c012dc5e0c0ab6841c1bca9141e696

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        34b405f333925078ce386b20e84ce960

                        SHA1

                        cd97b1cca748d6000a213b599234beadc553d609

                        SHA256

                        3bd9630e2a64db34b93ff5ed7f68a8f3ec2cdf9d6a839098578779c49dc40b35

                        SHA512

                        12a89f8a4eb16ebe1a21fa4094e048fe35c0e8c6912ec6ab60b1fdabaa15ae34aa91726f646fbdb6ff9990dee85fc493e4d2b1e7c77eaf4687268b51a972545c

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        694064bf58abffd66db20e4a0f4d47d1

                        SHA1

                        feb10011584462e3def0373ccbedca511928d138

                        SHA256

                        c776d1012a5b44b7d9a0fa2ad711a545b214af67684453cf8133d771299bcd83

                        SHA512

                        98775c90942cf260252bedb9dfab0eb4c6e4431ccb8e808c03d22f64fa828cc57288a45905028b56588e4cee78a614ba783387dcf63217490e67c52275156923

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        9f0a973063378b389dd3d7d103d7dc66

                        SHA1

                        d388d5808bac75b075d2f9b27db59d3ac0ea168d

                        SHA256

                        8b44d6b36fbf2f49c4c8bde76bd896c4b15ea4a1bb2d4968cad7cbbfde2d28fd

                        SHA512

                        104cac876cef525595e8445f2e902356e79176ff4bd13449da763e3d21a4d8cceb9df05d576a724916899fc9d7250f66fa280b9ca756a557d2e99ed19b9e71bb

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        dc595dea4c332e35abbc9ea20b5a3148

                        SHA1

                        e602c18c0b0cbbd73e014dfd0550afe47874a4cc

                        SHA256

                        a3f9abef2f2b8c649aa3721fbb23bf0c5c00fb85e603e55d894c72286a130fc3

                        SHA512

                        83a96b84d9391eb9cf2396255073146e3566313df2452f909308e1c81263866f17e0cc9fd0b5ebb377821b259c050a9ea7bc79c30c1ea0aa0b19526da5056db5

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1018B

                        MD5

                        f94fbecdd21f062eccb20dbfc11c4cc8

                        SHA1

                        89ed7eed79b922d6aab5402d1b7b99491b76d613

                        SHA256

                        b67a51e4f4ed3de63441d5a61b8f288c35e512a556200eb022a55ae4833069bf

                        SHA512

                        0dc48dc33c3bc3758afc751e6da29e39ebba7d616e85a171d284740c8b990c92fb0e2ba490767f8fdd5d0e0bb5c881a2190bc9003c2538e9bc4e88c018938f11

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        192KB

                        MD5

                        d0417f57812a32322c1c80db41d9337a

                        SHA1

                        53962d48c7b5badde18d1db38785a4dee5886178

                        SHA256

                        eaa98704242a4a91d9ce451771e8788bce7cee26fb3de8d203f007a7417d0184

                        SHA512

                        403f8ddfe5fbe8944e833c359e2595b965380b65263831d393c2e95749c5025597e5e5091824568f8256a93747912563ae65dec3a98887d44747de6f8eb395e4

                        Download Submit