Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file http://isopik.com was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Checks processor information in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:12
Reported
2024-06-13 14:15
Platform
win11-20240419-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://isopik.com"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://isopik.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b0e27dc-add6-4bac-a406-2bbfa694a45c} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a3578c-10aa-44ef-a98c-6f456396aad8} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3272 -childID 1 -isForBrowser -prefsHandle 3264 -prefMapHandle 3260 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fca37c50-6f6e-44b7-a507-09d57c2498b0} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e2e0deb-1501-4461-afac-e71647d4b743} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4372 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4380 -prefMapHandle 4344 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d5745e1-aeeb-4a2a-935c-ab30ee96cd71} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -childID 3 -isForBrowser -prefsHandle 5216 -prefMapHandle 3804 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f16495bc-c3e5-4519-93c7-0aca3a52764c} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 4 -isForBrowser -prefsHandle 5472 -prefMapHandle 5468 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d9b617-c868-4c77-9af0-9e8c7bf21d1e} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 5 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3ea2e5a-dc7d-4a38-8213-3351055e931d} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49737 | tcp | |
| US | 8.8.8.8:53 | isopik.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 127.0.0.1:49744 | tcp | |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | isopik.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | isopik.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\a3b2b1f7-d6cb-472c-b2fc-c129f190a958
| MD5 | 10c48b7c9897624850edfcdc4173d4d7 |
| SHA1 | 06fcf3413b915a147c8d61cf9b2786d08e28bdc5 |
| SHA256 | 81d0d875ba42f9007a823c1248598a6192f1bca6a610029255056cb880c5a788 |
| SHA512 | 79c8703cd3af2597bff857a8ff271b1afafeb71b4bccf5f32a1eac28f5b8510ec8d425d008c24ce5efc80ecbfccb7d2247a3b1a0f5d13d6bc3442643fb7d7daf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | fc53ab8d0b78dc6a0e7c7578c10327d7 |
| SHA1 | 3d90a0807c47e19e045fef0a53530f0b26903dc9 |
| SHA256 | 78282d942d791b666df922f2cbe99742d673fc499fce8e9fe2039d1a5b5f8d21 |
| SHA512 | ba91eae6f9b92e62807c739ecb04d520e5996ac574032a9bb5eb7f4906260c4ca6eb15ef185724ec4f1519877160740ee75ceffb87b663c3714a2c91e4a389fc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\71a7fb12-8fc1-470e-9698-77c8a0b4f163
| MD5 | 289174a9ee88ba7642fb741ecc6d47a0 |
| SHA1 | 58b4bf63e73bc613ea5070854d3c79eb857a0f6d |
| SHA256 | 29042b143772aef90f8071106813a9e3323cd5c8e2b99d06b212a965792c746d |
| SHA512 | 6555ee50cd8e6d441f39ac2145152b8fa486ea94711546bf25672b0c321badfa6c5c58d0f2084cf8229ceee56a2fd0eb62738699b82535e10e0a76f2e41227e2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\658e5690-451f-4e8a-bace-7ead9ee5c266
| MD5 | a91d275a50af8be1b93f7a6fafb1118f |
| SHA1 | 9e1502ea5c3f1b00846dbec5bcbb643646418332 |
| SHA256 | b62b7983f86081df352fb6e4fbeec3cc611708b91581e79947af4e31e811dabe |
| SHA512 | 4dc82183f06d06dba63987c3e79861f5497c476bc705392a872e4ccefdb982652634b430db35cc431c85191049170f005de1b848365b203ee9fab0ec83c9645e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 82f2c42e58fcc80cb384bd0ccb033d85 |
| SHA1 | 41b254a542b05465c9230e0f19dc8a7db685005b |
| SHA256 | f138d058c3caffe6651aaa11416dca069425491f2bd1cb84e76cd94028030818 |
| SHA512 | 8341acb7e788aeeb0017554610eea8e188dff50ab9663a6ed77b81417016fd006161af024af6c6f54fe65f92eba4b3cf7447364fa2bd2fe9e3b9ee35af2a47c4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
| MD5 | 498c63a8a93425bce8df0e22d8b0eb7b |
| SHA1 | 00c44254c37d37e787bebac774ce4b5a878b5d34 |
| SHA256 | 733a8411f1596c1b030fbce7c84db7909b52d6433fde46a5a2b388d0940a8cf7 |
| SHA512 | a620a683739d02fd58e66dd4925b43af610556b0920b3b20321302b705563c9ccff5516921c877e61a2f2ae885e1b0ec72929e9b98553be45f0fc4358c96d232 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 2b6b63b5e0d0f670fc0e00bcb0ed0723 |
| SHA1 | 84eb5f421bf33698ed19e36bbd6ba55fd5886f75 |
| SHA256 | aa3cb80699e0d16f4d5b640255c059c755faf68992fa14210b6eb9ecb801dda5 |
| SHA512 | bbf7e734ab217531858a62b1db06529f828f11bfd6acca27e310a580cd454212408f47675ec4d86d2deab1d0fb4f8532bccd680aa0290dde7a46f310e6312778 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 89fc9b3478c5cae51f30903d5dda5264 |
| SHA1 | 5a142876b316dfa1a9e0892700890475c90bcdb9 |
| SHA256 | c357c58eb353d5d564c0f1bcb3880afc44a8d17b123c75647931a65bb1593180 |
| SHA512 | 38cbb6603cbb7989b24f12f2c3568e698a86d622c0ed90c7d38f76c828bd6c300de16726ca73cdb5e11baf4373c53a919d79baa511bae15f3949a1d32f5dce09 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 21d18157c6a14ac3cf014278c0b9c571 |
| SHA1 | c99a3757e3fed676e2fcf376ac66e57a764f26df |
| SHA256 | ec756a0307ceac3ed7a00dc19e642f9fe3b130ee7f1facda4bb3133f021df51e |
| SHA512 | 635338be2026a69679607cf4e7a4c3cb90f5b3cbcec9ef795949b4de59b769673f8a38ec66db1d28cb9bef1f4f6234918cbe0f31171d9a9f115fb0cc031f4ba0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
| MD5 | 55963377559e81119d72c3a763413474 |
| SHA1 | 79a104a45a767bd3cab9f8fbad5db26450ecf7b2 |
| SHA256 | 8acb99b655a345b96d0b6e1aea827cc0c7a88b29f1871ef36ba7493e189ef396 |
| SHA512 | cdd8a2868247844834c6d8e2edbc15ea6030d29a5fc272b30ad7f661004805020a682d706506a4da85eb6e8fd8f76a001c1a78d8f696b597c32773a87c11a41a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 34771cc66021f5bbaa09f69738393978 |
| SHA1 | 473f94fc00d217b5169deb7432c279e7b98af1cb |
| SHA256 | e39f7a393a0cf2d138378866cb74fb2c87e26974d1e1c142db59e55cb54f1ec7 |
| SHA512 | a3c317a825d3860a206e64ad0fd5c0ba195ef07200865d26969288e218a69bf2761c4664fa320aef520b1f25a2f9a4d817c72cd7a64add80ca5607440919d40b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | f9852f563e2cb950d860f93e6306b03c |
| SHA1 | 4b133be10d1c84e07e2525a325756fcafc35ae05 |
| SHA256 | dfd7406f52efecf5a01e8597e88038dfb9a60ba371c59dfc8f4d639b0f164d18 |
| SHA512 | e9b4266a1dfb055a3f6948fafa451278e5ce0274e00a8909dbdf11c197d0eca3597cbe56e774765a32222992ec6d8e839fa27530e1227e82f1a90a860d5ed59a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
| MD5 | bbf2c332abbcbe1314bf4ee2f8f440e6 |
| SHA1 | 6268f664cea43faa8153dffeb7f73c9a61c4bfbe |
| SHA256 | d92df93e7cfef615f45d07fd3e56dd1322ab2d80075e9b351346da7c57976d07 |
| SHA512 | a66686e2ce9f90a2b2ddadc28fc0349db2e8ad7b18d91b62ab532b74f34afab708ed6b004dd4e30b447f3189618c5f52e89eb24691e976f214338a5457d0150d |