Overview

overview

10

Static

static

10

GlobalProt...n.html

windows7-x64

1

GlobalProt...n.html

windows10-2004-x64

1

GlobalProt...n.html

windows7-x64

1

GlobalProt...n.html

windows10-2004-x64

1

GlobalProt...n.html

windows7-x64

1

GlobalProt...n.html

windows10-2004-x64

1

GlobalProt...el.exe

windows7-x64

1

GlobalProt...el.exe

windows10-2004-x64

1

GlobalProt...st.dll

windows7-x64

1

GlobalProt...st.dll

windows10-2004-x64

1

GlobalProt...me.jar

windows7-x64

1

GlobalProt...me.jar

windows10-2004-x64

7

GlobalProt...af.jar

windows7-x64

1

GlobalProt...af.jar

windows10-2004-x64

7

GlobalProt...64.exe

windows7-x64

1

GlobalProt...64.exe

windows10-2004-x64

10

GlobalProt...e.html

windows7-x64

1

GlobalProt...e.html

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

Resubmissions

26-07-2024 09:06

240726-k2ts4ssbnb 10

20-06-2024 20:05

240620-yts4havhph 10

Analysis

  • max time kernel
    1732s
  • max time network
    1744s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 20:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GlobalProtect64/.install4j/i4j_extf_8_7caten.html

  • Size

    403B

  • MD5

    a356a23fe603e2f25c01c8467ce1422e

  • SHA1

    ebc4dd99072be176a6ac5b521a6e6509cc281fa4

  • SHA256

    6ce092a75aed47fd71a6abbace57ee232f20c99daa0275f960d003010182df34

  • SHA512

    b57074ff838565de1081ba97333d11fdbb3e6a10fe53985743d12a7c2b4e5529ec4ad23dad07410322d5b650d69b202a868ea785ee54d706185923f88e8ff6f2

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\GlobalProtect64\.install4j\i4j_extf_8_7caten.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:436
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\GlobalProtect64\.install4j\i4j_extf_8_7caten.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:392
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.0.1279710882\704531968" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57d9895e-db85-4442-a1d7-53048da88ff0} 392 "\\.\pipe\gecko-crash-server-pipe.392" 1832 1894d60f358 gpu
        3⤵
          PID:4448
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.1.447236877\523521211" -parentBuildID 20230214051806 -prefsHandle 2412 -prefMapHandle 2400 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a77dea46-7e53-4524-9256-3f4b21c818a0} 392 "\\.\pipe\gecko-crash-server-pipe.392" 2424 18939389c58 socket
          3⤵
            PID:2996
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.2.346268616\1007821417" -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3000 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1e59f0f-407e-4a9b-a69e-751311f4eb01} 392 "\\.\pipe\gecko-crash-server-pipe.392" 3016 1895054d858 tab
            3⤵
              PID:448
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.3.1840565546\1600922366" -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 3596 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a876efcd-ea18-44ac-88f9-9a70b076118e} 392 "\\.\pipe\gecko-crash-server-pipe.392" 3612 18939340658 tab
              3⤵
                PID:3076
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.4.1666103364\581227186" -childID 3 -isForBrowser -prefsHandle 4944 -prefMapHandle 4960 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59e5e891-78f8-48a5-876f-5ee061adcb9f} 392 "\\.\pipe\gecko-crash-server-pipe.392" 4972 18953cd1958 tab
                3⤵
                  PID:4168
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.5.1318185213\1697997929" -childID 4 -isForBrowser -prefsHandle 4948 -prefMapHandle 5004 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe08a1a6-74a8-46a5-834d-2baac4d720f4} 392 "\\.\pipe\gecko-crash-server-pipe.392" 5100 189534f4e58 tab
                  3⤵
                    PID:1568
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="392.6.8203814\1423519451" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5116 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80ec5f77-0298-4d3e-a3f6-5aa284f779af} 392 "\\.\pipe\gecko-crash-server-pipe.392" 5176 18953cd2858 tab
                    3⤵
                      PID:3484

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e6zhegwu.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  23KB

                  MD5

                  804aebcf2c19452cef3a7c10efffdf6d

                  SHA1

                  4651afb4cc6104036424e6aba45e69e2a25d3f11

                  SHA256

                  2fa185798fc37648e15f5bd1261bc46b0d2feebeff7296dfed27bef772ed9691

                  SHA512

                  53c9490d2e8493919785a3d2d45522e1b3389d2904bda89a235f48802b266165c2d060c4da3341c61ff70b3b5dc85e63c4d8ac12128d91d9c22cf05d58d9f38a

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e6zhegwu.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2
                  Filesize

                  15KB

                  MD5

                  ca261753238157b1e682856e23a0a112

                  SHA1

                  b807785a8fe38c18c694253307abbeb9ce4c0318

                  SHA256

                  b15a492926a497064a4c1702a8bf1064456e2f51f1ebc10e8a09cb65ed729840

                  SHA512

                  2a82028f94ba6021109d31dadc1941a2efe5dbb891feab07a2be2bc4ee376ad0acc6c99d9c7bfc0ee193b12a8c6e34c38ee9bb998241491fe611c27ba96037e2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  7KB

                  MD5

                  9bdd65b7e7d5d4f2176b31da41f30fe7

                  SHA1

                  7ebe9353b87e5e76333f29845f125c901bd0c229

                  SHA256

                  6aa8844cd023a980c3fbd9fb708d564400f3bd21da32896119c901f66ab65fa2

                  SHA512

                  2199de5b0259ab7f29d729266b85fabca57fe276953cf5f13d3a50252a20401e7caa88fad0978af3cd675aceb261d69f266d18738d341ab90c7a4a00736584b5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\bookmarkbackups\bookmarks-2024-06-20_11_6FbckyJm0QBdgL38IDXwrg==.jsonlz4
                  Filesize

                  1010B

                  MD5

                  9c8f179bffdf51883025521c6fa45420

                  SHA1

                  e5aa6965c48c6c07b2449dc9e883a4130773f1fd

                  SHA256

                  712d45cdbe4f40f8f927606700c290a2c2ae7b333b35938f77e2335117c1a2c0

                  SHA512

                  1a9e0d0e8ac038c3e0b2b85cfed5ab125c28d44d09d7848d8efafabf73d0dadf75d722fe8bf5717e82118ff6b4bf4496b45794e101177afcb367829f90f854e8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\broadcast-listeners.json
                  Filesize

                  204B

                  MD5

                  72c95709e1a3b27919e13d28bbe8e8a2

                  SHA1

                  00892decbee63d627057730bfc0c6a4f13099ee4

                  SHA256

                  9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                  SHA512

                  613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  b8d6fd8321f398af59b266a734aac9f7

                  SHA1

                  418c37ea0586c401519603a9171ed135f2b4cafd

                  SHA256

                  c5d2cf36c60cf9c4acc1b488b3709daa440105a21108b4597d126a423eabe113

                  SHA512

                  d20ec96b61a827670aba93be52d4fade4c878943a538f3033e2ad2fe37c5250cf53e3d8286f911f7b7796c4a8ca83c64a7bf1024b0fb4095da38d3b39ba835dd

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  43794a0ec0922e27d725f335723bdd16

                  SHA1

                  697e0976f7e76267685500e7333cd22aeda7d687

                  SHA256

                  4ed42d0a36845692fb166ff959b20619d1b06ab32c721e4b9ada9f3e92de6998

                  SHA512

                  83b2d448f7df8feff93ca34ef27362338a485c4437e00cba7374d29867f475420fb40ec14c5fc743b34b841a16f367cd01a9e29cc9f9962b207438bc2e832321

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  565aaf1c363277e246a922fe9e6ab313

                  SHA1

                  f54c87643fc519624e352b2f2dd3061285a8bd22

                  SHA256

                  47340ab3c9485ca3c8722daff80414ad1afe06f60d28f4c8f4554c9ba65a6dc7

                  SHA512

                  d1a1eea4152d43c583ccd31f0bd15f79782b0f2dc41e5d51324dc37721ca62571a1b79eac09a59323a4b20f5bba51a90140ff58301fb9730a8f85fa89f12a206

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  724575dcd65675ec1ef98217f403224b

                  SHA1

                  cb899d8022f7f78eedd0a8a3a63edcbcf1b6a532

                  SHA256

                  986d8769851e69db722e3fe34b9546e791909ed63aa46148a94255366854196b

                  SHA512

                  d270ca01ec89aeb6e65eae0c25798346544afc4d7a296fe7e2fcbb340b9576141f589fd4da8cae784d077d097ea3e69ddf16919848507f849d39fbb753f6c375

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs.js
                  Filesize

                  8KB

                  MD5

                  7a8fe2c3ae3d5861e520f50762ed9ef3

                  SHA1

                  1f003d129b932ced05a75aa55c36c61a38aecb8f

                  SHA256

                  959fb6a22641ad3dfff5bd63258d3c0e2ab5c62a9f3dbf7707d048a2ac89dc45

                  SHA512

                  c66a574d9f1d26f68c757edf3471db59ef3e548d624d4271b4c1839f41849e56f764e606ef93d70f6f21380f3453fcc642cd62eccf82295a155f88835cf9058b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\sessionCheckpoints.json
                  Filesize

                  90B

                  MD5

                  c4ab2ee59ca41b6d6a6ea911f35bdc00

                  SHA1

                  5942cd6505fc8a9daba403b082067e1cdefdfbc4

                  SHA256

                  00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                  SHA512

                  71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  ff01dd0334a77a24970a6618075be9e1

                  SHA1

                  bf7a251842d2a79b9eaec362612eb354eebfd414

                  SHA256

                  54d5ff6464169c24f569149e5f729ae5e7060e9d49941c3684ccebd1e61c0f58

                  SHA512

                  45a36fef35d76ed32c958bcae763e17eee8749af73117a1cdd698ba674679c8e842b3c6075738a6e9609032322f7384d224ba57145d4cc1f29fb97e04376cc82

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\targeting.snapshot.json
                  Filesize

                  4KB

                  MD5

                  9346d775c707df4a334f41147ae4f280

                  SHA1

                  f0bb6a4e151c14c2d14861a378d6131960212e87

                  SHA256

                  b2def22c2a977a298a5cab7aeff8bd42f8b1d4ae183fc9f81c554b00070956b9

                  SHA512

                  c1ce57cf1157de3d58c43f88098f15d48f8f46b51e0d01e156c444230c3a6c2058e9e5997d7eb33345c48b28486dbc1c2668c7061213107dc43652990650e265

                  Download Submit