Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

windows11-21h2-x64

1

Resubmissions

13-06-2024 10:56

240613-m1y3jszdll 1

13-06-2024 10:53

240613-my22eswalc 9

13-06-2024 10:52

240613-myldnswakb 1

13-06-2024 10:51

240613-mx2dhawajc 1

13-06-2024 09:57

240613-ly4pksxgkl 1

12-06-2024 22:46

240612-2qfwjsxejp 1

Analysis

  • max time kernel
    522s
  • max time network
    532s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-06-2024 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.mediafire.com/folder/vtdf96q58kleg/Aspect

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.mediafire.com/folder/vtdf96q58kleg/Aspect"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4880
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.mediafire.com/folder/vtdf96q58kleg/Aspect
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1240
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.0.1738428303\1952859858" -parentBuildID 20230214051806 -prefsHandle 1744 -prefMapHandle 1736 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d564655-a512-47d2-8cc3-50bf83efa56f} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 1836 13f1260b858 gpu
        3⤵
          PID:3160
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.1.1612278764\2020223893" -parentBuildID 20230214051806 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9afee16d-ab50-4163-a945-c5156e9e00bd} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 2372 13f11621558 socket
          3⤵
            PID:2840
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.2.870714853\584206878" -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 2932 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7a9d6fa-03e2-4c78-ae37-2134311afbfe} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 2952 13f7af80158 tab
            3⤵
              PID:4172
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.3.1744084233\1645832229" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3620 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61f6afc9-6b05-4945-b84d-7190cf64f989} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 3640 13f17dc5658 tab
              3⤵
                PID:3020
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.4.1445585603\1762038399" -childID 3 -isForBrowser -prefsHandle 5100 -prefMapHandle 4912 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40fc9584-3bd1-466c-b8b7-39f555cfeb36} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 5092 13f1a30bc58 tab
                3⤵
                  PID:748
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.5.1801899729\1741853420" -childID 4 -isForBrowser -prefsHandle 5212 -prefMapHandle 5216 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7752700-cbb1-4efe-8130-818672952eb5} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 5200 13f19766858 tab
                  3⤵
                    PID:244
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.6.2109936169\1545393986" -childID 5 -isForBrowser -prefsHandle 5464 -prefMapHandle 5408 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3bd8cd6-07f8-4ac1-b2a3-a7df444b30c8} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 5452 13f19766b58 tab
                    3⤵
                      PID:2892

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  24KB

                  MD5

                  5837b25a3275e1d69a4f143d6fb0c649

                  SHA1

                  3c9236d6f99107fc19a34c87aae243744bb38ce4

                  SHA256

                  2ce66c380a2f00557464152d53e9910aada78d460b8f65b42f4fde93d0553bd4

                  SHA512

                  6d1f485e16d624e2132696f163a7d235671bd1ae8251e5bdd2824fbe406c2bdd1f3f0afa3b4a11975f2150f7251f71bdbcb3819fcc99f3baaebf2df1a5eabfe4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  5KB

                  MD5

                  3232ddf00b4b96249a02c74d010958cf

                  SHA1

                  585ee4fee91ca786a603bfa65914bf9e59bcc50b

                  SHA256

                  5d3aaf191f858a63e90a706e5a6682e7c2af480a8a8cc59c0f206c7cd51c2161

                  SHA512

                  9f88c6f7c608c418d4b198581b77d1463a872bc62da4e81b4ef6d4b8846cf1ebfb676a5832deaf7617d29e82c3574a0b4ee234f3abc174bd14823dda76bd9bde

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\bookmarkbackups\bookmarks-2024-06-13_11_Y1cFFi04jczTRYQpOVWYQg==.jsonlz4
                  Filesize

                  998B

                  MD5

                  95d95458bda378706a401df4df9000f5

                  SHA1

                  96489335fe8f4f44ff52bdec588f5b5ded1e8dec

                  SHA256

                  472eda9e614294604e4452c3828bc89e8a6936c5e0f6b9e4a95f5aa005c89f9a

                  SHA512

                  80490f36436210325d4bc26253b602114ca5d4839c9f0ae3174705862f08f8286984ae656ae8779164e20f9e5eb0bc264196da273ba04eef5dea14dd74073115

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\broadcast-listeners.json
                  Filesize

                  204B

                  MD5

                  72c95709e1a3b27919e13d28bbe8e8a2

                  SHA1

                  00892decbee63d627057730bfc0c6a4f13099ee4

                  SHA256

                  9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                  SHA512

                  613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  f9e740ef03043cb207e2158dc11bf835

                  SHA1

                  0e5b9842cdd90b4ec57fef936eb36a243d3db3a5

                  SHA256

                  e358499bc083bb3642a27bc667143d3089a77b23897513bd7ad7f299dd72389a

                  SHA512

                  5122839e00387bf2b57c16698e8e8056bd2d837f41dd06209f84f2c98edee57f5e82edb0579e0cb3c2040eac14aeddc9db7f0dd4e048e24d9fefd004fa7a602a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  f22a641012213700ffbfb2d99176231e

                  SHA1

                  c1f2b3c9811876da1e0a8a77c1b9b942168d479d

                  SHA256

                  bb259eddd3f17d2d2da34fa204ceadf914810a959948056e73147fcf23d76335

                  SHA512

                  8cad14a0362fba325803ddec908167b3b9c5f20c371362bf1cd166958871b712b7bb10dae9095f8dba23519dfcbe0367483eb08f26f7181d0d8b5cb9093069d9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\sessionCheckpoints.json
                  Filesize

                  90B

                  MD5

                  c4ab2ee59ca41b6d6a6ea911f35bdc00

                  SHA1

                  5942cd6505fc8a9daba403b082067e1cdefdfbc4

                  SHA256

                  00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                  SHA512

                  71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  c689e577d69b9db91d900e77850c7331

                  SHA1

                  c6b7145373c464fde1d702826ec2a68d47cb46e6

                  SHA256

                  a9de5c6706cf3415b833e49fbed79f10541e2a2bdcff3437b506ace0e871b376

                  SHA512

                  1138d9e3fb20ee3cbb7344827b822d4e40fc79e685b7e2ad43687ddfa18fe95bffadf8f425c1afc6fbc980cf3157e947c1d2377334efc828ff386e33585f303e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1019B

                  MD5

                  53053f896bbbc567bb1dee5bfb0dcf5e

                  SHA1

                  1551625f0b8bcd6e146ff077fd7ff0305712c4db

                  SHA256

                  64508cd741a60a971be3e81b9da08604b1cfcf26ab9716543fc17b023d434c9b

                  SHA512

                  d5c9f0d78803a38858ac54939b940eb0ac2d33717fd418ca09a0fff1f0e2d96c79abd6da58415d1a00f2d12a9b60a22e1bb5886de0c9ff06b59edbb97154941c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\targeting.snapshot.json
                  Filesize

                  4KB

                  MD5

                  c1e49482519a238ccf123e7d7176944e

                  SHA1

                  d6939a36654f0acfbc681fbac63bc0551082675a

                  SHA256

                  70aa96de8c7afa5d0e25ff58a5bd673abd5c3685cf0272ef919bf0dc8f296fc3

                  SHA512

                  bf976ccffb432493c8984b04d2ed778064a60337d8b54bc280ca8bfbf1add4a008b95958f36a5bd410ca79fa898c0b6c167d8b3a919a8a78bfa0724d89cc80c5

                  Download Submit