Overview

overview

1

Static

static

1

hokkaido-fox-05.html

windows10-2004-x64

1

hokkaido-fox-05.html

windows11-21h2-x64

1

Analysis

  • max time kernel
    124s
  • max time network
    123s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16-06-2024 16:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hokkaido-fox-05.html

  • Size

    42KB

  • MD5

    76a89998f9009b32c8f82a606ad6c1cd

  • SHA1

    ed012eb4d70dfd4d93790dbe23052324f0f550e9

  • SHA256

    94ed7b4a3217d2813e1a0db612655ce0aa6ad2ac1f5d6f62409dd788dc755e60

  • SHA512

    12b6e8337c6d8f58a6e8e39d5cfede95823eda869120a688e5b0008c3b6221af423a2377dbe2748d1b656dd19829349dae1ecc58ce4ec13cb30c7c3dc0fa3f75

  • SSDEEP

    768:lH8RYFHFL+1eiD5FoAbeGKytd4UdEfAyWXICqnwlnAfHW5XTJQtBwCo3beGKYc:98RslL+79WUmxnenAfHW5XdQtBwCoLa

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\hokkaido-fox-05.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4156
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\hokkaido-fox-05.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4728
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.0.333464833\1281515177" -parentBuildID 20230214051806 -prefsHandle 1768 -prefMapHandle 1760 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a57471e2-aae8-46bb-95da-61f6fc421fc5} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 1848 15750c1cf58 gpu
        3⤵
          PID:4636
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.1.359274760\956227837" -parentBuildID 20230214051806 -prefsHandle 2364 -prefMapHandle 2352 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58c9b969-2f03-4813-8716-115658efc82d} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 2392 15743f86f58 socket
          3⤵
            PID:1468
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.2.1393994361\1351106579" -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 3028 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afa97240-2bd3-41c0-b035-167a70a4671e} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 2956 1574fc93058 tab
            3⤵
              PID:1496
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.3.76188480\1349762651" -childID 2 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {376818a3-7bc1-4273-b2fc-cd05378315c9} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 3556 157565da858 tab
              3⤵
                PID:4668
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.4.771496528\1225335195" -childID 3 -isForBrowser -prefsHandle 5104 -prefMapHandle 5096 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4b416ff-66e1-459a-a0a6-3b010e501159} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 5052 1575875db58 tab
                3⤵
                  PID:2144
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.5.205842828\155083667" -childID 4 -isForBrowser -prefsHandle 5268 -prefMapHandle 5264 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f6ce367-c486-401a-9e58-e55e6a49586d} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 5276 15758760558 tab
                  3⤵
                    PID:4852
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4728.6.1139020781\2091842736" -childID 5 -isForBrowser -prefsHandle 5412 -prefMapHandle 5416 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc75d271-5e92-4034-bc01-e66f750afa56} 4728 "\\.\pipe\gecko-crash-server-pipe.4728" 5404 1575875f058 tab
                    3⤵
                      PID:3464

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  23KB

                  MD5

                  7731f92de7eef806ab6195f55185ddb9

                  SHA1

                  619761728fa79432ef1dd52ada57754ed544e2b5

                  SHA256

                  684b65bc05066769fc31c801cfeeac8b321bb726c6712ccd1ca1286f68d17555

                  SHA512

                  728ad5c1a8a94300b583ff638244cf2758493914e147964ce4cd27b3f3de1e7c03cdc5d54938ac83eceebbc43632d3b14b5977033fcc20a3f4ccfcc6f6782af7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  b19204625b745788fedce0f86f57d78a

                  SHA1

                  46e5d8058cd2218821525008ecd49854aff36eed

                  SHA256

                  016e2025a81298d241fff0fd6ef246f900fa439f84c5c0fecb3ef8189bfeba60

                  SHA512

                  6968b83a0a931e520b8e591f68f30b6d314ef9a105a46b4fe4686cbd5ffb980e7fb5bf66a49a3ba63c3d7d01277a62cdb5b06d16202db9c2bc86b7cc871abe16

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  a6882160b180b4e0c0e79e7b9f865b5d

                  SHA1

                  1fba790d93513aac4b41cca336914032ab07678b

                  SHA256

                  19d8e3c46e7bb4df3c2b85b3c13884c626cf729c30287773e18b48012f45d044

                  SHA512

                  98c81ce8a01297a882324295e776dbb289fad1e1bedb51642e71648c1df14366efb0a2f775a3e50675b25c82c5ed64de36dd9cb8dd31e368609a52bde1b6b5ab

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  0e5f8d2ed074a05b769e907e3fd324c1

                  SHA1

                  6b73af79af61a6e8c49c6badbdc7e2cd763ce3c3

                  SHA256

                  b95d164b011dda6774dbcb16216a7b1aac5bc60ab68f0b23cf4ac74fb73fab7a

                  SHA512

                  04d9a1e735478a271f6cd267fd01bc0045d55f06f4db8e5158c545567e995c2edfaebebcfde5edafd82a563895c989dc73c5584bd5c74c7bf0cfaf7b47c0d2cd

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  5902cd7140c3d431d4f107a847b00021

                  SHA1

                  bfc642ad03ab42e0e7d0d6b1802b4577b415acf1

                  SHA256

                  ab5556affb66c6118ff9377b3951ff745f7eb49981bda353f4bf34d291dbdea4

                  SHA512

                  c93c7c3814c0af387eb70168748befe860287e10f294f5924d30dd6b01c1e121da21cd2a2268971a4d2ab9741176c73df995c69fc0ef8020bba739140829f02b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  86f615f83ee3c1054fc01019580e8f18

                  SHA1

                  05322a3d68d71a8f910a34768e2b75df5b58c682

                  SHA256

                  2a969b4807e2a383686e82f58981e00ac87f0f4ee7440ea10d4523711118fb96

                  SHA512

                  18f9f84766c3da90758ac42a456645240f59b07e62478bb2fba2844fd21b99ff2dcbcf649294a7601702fc75952af88abb475d3e22f2bed162301610bd02a8cf

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  b40936d1e844ca1e01128c21bd9d9d27

                  SHA1

                  5a6204d534d4b92f15775f1f9a06ca89880914bd

                  SHA256

                  6e03e27c47dc743d5f928d04d4f9653542e468e2a04ff000b73ce81dcfab381f

                  SHA512

                  91269f6b8410f89dbf155907fab9913fb258e2d09d79577c44a483eeeebee372cab19fcb2d85925c0576ca7804dd42c7ffffc00a2ab4a58094b5a50f5f45030e

                  Download Submit