Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://pupfishusa.com

windows10-2004-x64

1

Analysis

  • max time kernel
    17s
  • max time network
    18s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-06-2024 16:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://pupfishusa.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://pupfishusa.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3736
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://pupfishusa.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1604
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.0.1264521505\1592191285" -parentBuildID 20230214051806 -prefsHandle 1820 -prefMapHandle 1476 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e94c55ec-5235-494e-a180-2dff6077ebcf} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 1900 1f6c6222e58 gpu
        3⤵
          PID:4960
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.1.843322986\1219468299" -parentBuildID 20230214051806 -prefsHandle 2480 -prefMapHandle 2476 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cd8be16-33c9-49b0-8fa7-15a3fa284f56} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 2492 1f6b9585f58 socket
          3⤵
            PID:2528
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.2.2054543413\292754765" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2996 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 968 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {780deed0-8f20-45b1-ab16-c84cea197884} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 3012 1f6c9023658 tab
            3⤵
              PID:1416
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.3.798189523\282135234" -childID 2 -isForBrowser -prefsHandle 3956 -prefMapHandle 3952 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 968 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6658c2d2-aa81-43d9-862c-48ab8bf2d60c} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 3968 1f6cae60458 tab
              3⤵
                PID:1260
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.4.141120023\1545625704" -childID 3 -isForBrowser -prefsHandle 5016 -prefMapHandle 5032 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 968 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9ac8e52-9f76-4968-bf8b-7b86ac224847} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 5052 1f6cc6a1258 tab
                3⤵
                  PID:4588
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.5.2100801973\2094066617" -childID 4 -isForBrowser -prefsHandle 3080 -prefMapHandle 5360 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 968 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24056317-9bcd-4d61-baa8-40d148374134} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 2916 1f6ccc23058 tab
                  3⤵
                    PID:956
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.6.1727269237\1837305736" -childID 5 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 968 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f084f356-698c-430b-86ff-10e526198561} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 5420 1f6ccc60758 tab
                    3⤵
                      PID:2688
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.7.522881027\1702741408" -childID 6 -isForBrowser -prefsHandle 5620 -prefMapHandle 5624 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 968 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cc13f10-c3f1-4b09-96d2-e916f3e7c47c} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 5704 1f6ccc5f858 tab
                      3⤵
                        PID:1740
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.8.476866269\858391717" -parentBuildID 20230214051806 -prefsHandle 3060 -prefMapHandle 5484 -prefsLen 27697 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c34d466-b1d0-4082-836a-bb91d1f5e499} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 5876 1f6cce61158 rdd
                        3⤵
                          PID:2216
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.9.1575569457\1375452747" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 5472 -prefMapHandle 5372 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b839e19f-0ffc-4192-a505-c03cf9881bdc} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 5860 1f6cce61758 utility
                          3⤵
                            PID:4652
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1604.10.1574992949\824312549" -childID 7 -isForBrowser -prefsHandle 6192 -prefMapHandle 6188 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 968 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {179ca649-53d8-4d7f-8ff5-ab2a4436e6c2} 1604 "\\.\pipe\gecko-crash-server-pipe.1604" 6200 1f6cdc9c858 tab
                            3⤵
                              PID:5252
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3704,i,14221647728265121051,6840906015709541562,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:8
                          1⤵
                            PID:3472

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\activity-stream.discovery_stream.json.tmp
                            Filesize

                            27KB

                            MD5

                            15566488650d0affd93f2fd9f7a14774

                            SHA1

                            058e61077fdbb8538b5b2e41cc5576f31807b103

                            SHA256

                            9076eb9bfb21dc2b352084bce7fb2ce3c5bcfa17760bed43aa3b48d87ee97039

                            SHA512

                            a82b3b8ddc3c07041a59d79c820f02b4e7a6a75b4ef4129cfe660c103292fb8bad6c32731ea16f7b30b5145ab9f3f7f35ac552e6a28ce5e56f56428c9350b7d8

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            b7e2e17e9ac772e5405e3fd9b7dcaa08

                            SHA1

                            93d509b0a3d54f1c2251bc5488f8dd619c0f44e1

                            SHA256

                            ad5e096437880c1d0aa6e3bd0706c7ce442e8c1b963e08beee8f7bf1bff924bf

                            SHA512

                            3d081ac8ad4790aded86d5260205d4d00618d02f7e9f254ebe77eb416907ff50e7bbad7a0c15957eefea4070c197c8d824157bf9efbea1b2d10dceab42a5fb84

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            89cb83a904dd71e479379a6f6626b4dd

                            SHA1

                            b1d4d6fa6812adc6cb13afa27a9bad2d7075106d

                            SHA256

                            136c14650c864f13aaae51ff54541c791f3518b5fb9fb74031fb0e5b0bc2a5cc

                            SHA512

                            29155607f7f0be7878e61faa366371777efb47f41e9ef7dcefbf9155ffd1e0c2cb424cd87038a6420a4466e246f04ed069bf2b3f4fa5b87a6dfbe5c811769f93

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            23KB

                            MD5

                            f41e9c4a0481364607ab232136f3fa54

                            SHA1

                            c185c1e950276cf7fcbe6ed4b1e04d18151fdc13

                            SHA256

                            31498a7de34b63e72e50eabc9c5e37fb9ac8d15178a3b5149d05973a8ebb1f44

                            SHA512

                            50b92a46baae5659b405ff46941778080d8209131458484ee73643bd5bc9c1426ab0fcb3ccecae31f38bd7186af4334b6564e713a83960e936dd1e8c159ab817

                            Download Submit