Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://bit.ly/459HBad

windows10-2004-x64

1

http://bit.ly/459HBad

windows11-21h2-x64

1

Analysis

  • max time kernel
    522s
  • max time network
    534s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12/06/2024, 19:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://bit.ly/459HBad

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://bit.ly/459HBad"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://bit.ly/459HBad
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4980
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.0.127802246\1947986589" -parentBuildID 20230214051806 -prefsHandle 1744 -prefMapHandle 1736 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fa9c89a-fe00-4695-8734-0334f34844f8} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 1840 28853e0b858 gpu
        3⤵
          PID:3348
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.1.1282773859\53679240" -parentBuildID 20230214051806 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c66b271-a593-4266-a408-dab4344609b4} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 2396 28847088d58 socket
          3⤵
            PID:1976
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.2.1657227415\891575980" -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 3168 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e37d7e43-060e-4a73-a518-ae4ac9253167} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 2736 28856b34858 tab
            3⤵
              PID:5084
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.3.161795416\124703446" -childID 2 -isForBrowser -prefsHandle 3936 -prefMapHandle 3932 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {110a7d35-56b0-43d4-8fa1-a27ebc22c6a9} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 3948 28859c4d758 tab
              3⤵
                PID:1560
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.4.1647015638\482999589" -childID 3 -isForBrowser -prefsHandle 5100 -prefMapHandle 5104 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce727b32-b645-44d3-8d2d-0d54fe17cdfe} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 5080 2885b7be958 tab
                3⤵
                  PID:404
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.5.1615348479\11746322" -childID 4 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ce47267-65e5-40ac-bd6e-7ef4acf7aff6} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 5196 2885b7bfb58 tab
                  3⤵
                    PID:1696
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.6.2115416191\112651504" -childID 5 -isForBrowser -prefsHandle 5400 -prefMapHandle 5408 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1344 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9095fe23-2843-41fc-8c5a-9b2356a8fd3c} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 5392 2885b94e458 tab
                    3⤵
                      PID:3244

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3qt190sk.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  23KB

                  MD5

                  e1cc7f919170e950ab9e498681eeddf9

                  SHA1

                  94144e8a5bacf49a5bbf795c20290814a68d05e3

                  SHA256

                  93adea62ae5ff8d6b97f05248036ce38d481d047dc295ffc28d0b789f59c20e3

                  SHA512

                  2b1e69358a5d333540bc57ac71f2ad874e9a26236eee5cb1e4e6bda7c1ad6d3e1b93d481e299b6e5716cfb327ac295b9d8bb879b6cb0d7094308661e1b1ccdc4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  5KB

                  MD5

                  54781d119d403d3a96de466f7c9658bc

                  SHA1

                  4ad4b62b3c0a0c01faf9ff8930d0fac9aad0b017

                  SHA256

                  52f8cdb8e64e2c8e2f6cad7192c72d0d2b71642387f3afc6f219caa9a2e8336d

                  SHA512

                  6a9375688bfc592c69251ca3f03de01c38f95f417a5f75be50c037eb028780817bd4f6c240bff31d791c93c2d9fae76b69de8aa407fd7b62e18247abef83b97a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\bookmarkbackups\bookmarks-2024-06-12_11_suW3jlX8MorawCiDOxmilg==.jsonlz4
                  Filesize

                  998B

                  MD5

                  e29ab902578c52589f843b13791f1458

                  SHA1

                  114afd8e23882730ce3d2144265214c5f326b150

                  SHA256

                  bddd419c85bbb2bb58a3fd5a44862e253485449781c893fd27b8a25b7f23f497

                  SHA512

                  8bffb38a5c861144303e32a76ff2869bd5872b39ca6dd52c7d0c4ec2e34951f32b91d7cd68843ff7c8ff203569887eb5214b4af35a2038f9c8dfeb7c7c2b7a8c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\broadcast-listeners.json
                  Filesize

                  204B

                  MD5

                  72c95709e1a3b27919e13d28bbe8e8a2

                  SHA1

                  00892decbee63d627057730bfc0c6a4f13099ee4

                  SHA256

                  9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                  SHA512

                  613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  cc0832baf4921a8476de25d79279b4fe

                  SHA1

                  7871cc8e3994945e23e56d02242d585a85037702

                  SHA256

                  66824aecaa8d8ebf9f06c8e25bdfc21ac44bd60099c92545597a91210460b496

                  SHA512

                  3cad324feb85bdaa672b2ad0c74412739f8055662d7facf3f21b784274cb2d018d08dc8f5d172b3c20e5ee237b6b9062d669671753b36c0150d254d0dc3fdb61

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  9164a728a7e04d813e0352f08ebba379

                  SHA1

                  16542f2f59cef2f8be1fede5e520cb9d689afb86

                  SHA256

                  ce5fa7534e5e81567a3a4a0923d97f424596eae4cf8e273a1590eac98b48d110

                  SHA512

                  5238a665ca38b0c59dc34f1e9d188c049e0685f828cf90b50e36b86077dc2b3ea2a1b9f4cc3abbc8cad189b24f2e5239d183a465bce6e43a32d74a7da01290cb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  678502a61ac7e9ecdcee498c510a0bf3

                  SHA1

                  b78c9c5c060e03e9eef1b34e3a30b4b5f66ac4e1

                  SHA256

                  4a1731a6126c1ef3035ba0b804a8381b6016bb806967efc84449b34e4c68895d

                  SHA512

                  b15367e67d9a23ec4086518bb109353fe1484744e6e03507f4c3a85694fff52123ed378266584845bc096b24f9512f7652ab279ee9606a3fc1cce341508c7c03

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1017B

                  MD5

                  1565e6f73f2e8167b9227f00c1833a9d

                  SHA1

                  adeaa910e31fd037d7764aba0334b25116d5b23c

                  SHA256

                  6c65b552b6cb47a50c0f198b7610e09ce2c4b3f906fa719930aac1eb49f90331

                  SHA512

                  38d50b79d8c01a22b70ae98dd8740bd8ae9a6f5d9627d2310f3a6d56323d2669d75749ed5e01b852773a8de28802bc34cb213bc425208292a2da9b58b0f6d1f5

                  Download Submit