Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://aimbot.pages....

windows10-2004-x64

1

Analysis

  • max time kernel
    27s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 20:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://aimbot.pages.dev

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://aimbot.pages.dev"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3868
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://aimbot.pages.dev
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4908
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.0.963201001\1958614023" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce13cef0-85a1-4973-a293-e7041aabef16} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 1960 255acfd3058 gpu
        3⤵
          PID:1996
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.1.1764796953\1695955025" -parentBuildID 20221007134813 -prefsHandle 2360 -prefMapHandle 2352 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b71c557d-5d4d-47b4-b2b6-2e240d7f197c} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 2384 255acefa858 socket
          3⤵
            PID:4928
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.2.174803714\942738805" -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 3240 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ed3757c-35be-45ee-9ccd-b981bf0d34c8} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 3208 25599469f58 tab
            3⤵
              PID:368
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.3.738745273\1528299264" -childID 2 -isForBrowser -prefsHandle 3940 -prefMapHandle 3936 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9912425-1185-4c26-a10c-6cf0e80c43c3} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 4008 2559945e258 tab
              3⤵
                PID:2528
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.4.19177925\1667746074" -childID 3 -isForBrowser -prefsHandle 4508 -prefMapHandle 4524 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee6c408a-0f79-4645-877c-cebee3c13296} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 4664 255b30a6c58 tab
                3⤵
                  PID:1828
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.5.366141714\1849280363" -childID 4 -isForBrowser -prefsHandle 4544 -prefMapHandle 4540 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ac2ca7b-8921-4d6f-94c7-1ff02851dabf} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 4644 255b30a6358 tab
                  3⤵
                    PID:3044
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.6.81245701\1272490625" -childID 5 -isForBrowser -prefsHandle 4920 -prefMapHandle 2840 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59d0d17e-6a20-47f7-aea0-27b3b5e03581} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 5040 255b36b6e58 tab
                    3⤵
                      PID:3992
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.7.1692486736\1681419313" -childID 6 -isForBrowser -prefsHandle 2712 -prefMapHandle 3288 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f299942-0581-40cf-b489-0cd29e49d228} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 3132 255b3f86e58 tab
                      3⤵
                        PID:376

                  Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
                          Filesize

                          2KB

                          MD5

                          7ed46f7a4065742f4ea6a169f5a380aa

                          SHA1

                          7224bf689b0d6f48fc15d0829d887df861fefc56

                          SHA256

                          10ccfbae40f52ab12b35698ada5ca667d28b971db3391bab69a9ede0cabbae98

                          SHA512

                          65138276bcdfdc2fe998e4843bc4c0f1a317f20021310d28904bc1792ff7e05de1542c09cd91d9c0e3526ef804a7a77d2f89ba494908b5cbbd5c38eaa351a345

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\2a854c49-185d-4e5b-91c7-dea95f121d95
                          Filesize

                          746B

                          MD5

                          365310e4b93fd6a6696ec2175c79b5e5

                          SHA1

                          7bca7875ef583bc4d15d3d29f41a2a9861a78953

                          SHA256

                          7508087946fa54e7e553c82f2dd11094ca994018267b16720b16d3988e4661be

                          SHA512

                          a45b43112ca113cc3df15c780733cd10a211a33a9cf6cd9f9a50eea7be2fb701dda7316a3c2fc731b0ddfed6344039b04c10c0c039fcd04f64aaa78416b5afbc

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\893116cf-ecbf-4031-845f-1921506b5202
                          Filesize

                          11KB

                          MD5

                          b5ddd1b7ac38ddf9aa794dcdf286bfd0

                          SHA1

                          229abda3b59617bc09477bad41244820752d6aba

                          SHA256

                          bfc5cef7d4d373a9bb4141286e8b25327492344c9fc90bf837415ec38337e396

                          SHA512

                          a44b988474f99778361e80c84d0d8b8c792a57f1ed1c3d71e695605df6cd2c4704de59db3cce725a48cb75982511248d68ce54351cce5c4669f3096196fc23cf

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          96c7bc4d2c0de77e608263649a76e981

                          SHA1

                          958d7400425da3924d91131c0b2020e8f8551078

                          SHA256

                          3c800257b551bd812eba11089209355916242d8fb17f9e57c55553df5682e148

                          SHA512

                          b5f27237abbfa396b3b97c6a58c7fef86c412ce603919289f661ff1eea3f8c4c68a3b3f876a6f5554d05009998ad6ca31b6dd93f15b791e35c7c40943bd64981

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          082f1a90ee5f100ab370d6d87981a70f

                          SHA1

                          760a26a2b9644bbabeac56c6c1eeb1499bb8ddf1

                          SHA256

                          84f8c864f63c84bae084a3244e6ba65c827ac04cd224142e6318f43114c4d3b3

                          SHA512

                          23f1769c5dd5824343e5dc3f8cb8d9dd37d9d00f4a3fec78c740df7417e48225b6e51a8c508979f845e3ff423d33ea790b16ea5883b6f1d3bd4e5c78446c02f3

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                          Filesize

                          184KB

                          MD5

                          89fb414d778d11d3a12991de60301815

                          SHA1

                          1d7a63ca92d9ad28930ce2feaac8c71c3f699ef7

                          SHA256

                          935ba660008416f0b46a028a709944f11f9c2858243a2f7bc0b57aa1d96314be

                          SHA512

                          49f06dc78f2e08621ba4ed19925d8c7ed040502f13edaeedc7df3d675e77417d8b7b3c0b3feaf7f4fcef989091b363f5af1fa9258de57cee5bd904e1d7a31f9b

                          Download Submit