Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://socotec.gac-...

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://socotec.gac-technology.com/public/fps/index/url/6a0cc0ca-27dc-11ef-8b56-005056b88dae

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://socotec.gac-technology.com/public/fps/index/url/6a0cc0ca-27dc-11ef-8b56-005056b88dae"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1840
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://socotec.gac-technology.com/public/fps/index/url/6a0cc0ca-27dc-11ef-8b56-005056b88dae
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2364
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2364.0.160305781\2071281176" -parentBuildID 20230214051806 -prefsHandle 1800 -prefMapHandle 1756 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {300636ac-facc-471a-b370-e87a4883d46f} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" 1888 1a866b0d758 gpu
        3⤵
          PID:1412
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2364.1.1154642660\1241589918" -parentBuildID 20230214051806 -prefsHandle 2468 -prefMapHandle 2464 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2d1a710-d497-4902-877e-694c19a00c78} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" 2496 1a852888658 socket
          3⤵
            PID:4760
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2364.2.2005220275\1709987506" -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3000 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 944 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bac1ec4-5c13-49ff-8443-9e8684f662cf} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" 3016 1a869a3e258 tab
            3⤵
              PID:644
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2364.3.1662709836\630346163" -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3568 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 944 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {144b130c-1e7f-4243-bc0e-f7c6a830d0f6} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" 3672 1a86b6cfd58 tab
              3⤵
                PID:1132
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2364.4.1435579541\1385797444" -childID 3 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 944 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0db85bb5-97c1-484e-989b-fc9389546386} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" 5092 1a86cec0258 tab
                3⤵
                  PID:1732
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2364.5.141789858\1764951417" -childID 4 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 944 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28ecf92f-6667-4d09-b18b-36e04ed3a78f} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" 5192 1a86cec0e58 tab
                  3⤵
                    PID:3812
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2364.6.51196904\154167332" -childID 5 -isForBrowser -prefsHandle 5476 -prefMapHandle 5472 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 944 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b8e2d23-e52b-442b-ab3c-bf90fa1fa62e} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" 5404 1a86d665558 tab
                    3⤵
                      PID:592

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  23KB

                  MD5

                  9f05ac59e4a1693b29b5ef4d20921735

                  SHA1

                  69f667226b467f2182a7e627c70d483d74097415

                  SHA256

                  69fb873e40282e88aa2b7a7cf332c4f087379f78564b271592daf1b81652dc11

                  SHA512

                  9bd4237362c379fd6386755e4cd16b69786b59fa280e0ad476df84fe1927912c9dfb4f09846655bc50998869283706bcaa414db9839f0f3145ef7d51a0a36437

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  a5614f5160a68ad0d06c1c444df36012

                  SHA1

                  fa245f18fb7283ccdf96e3d79f89fa230a142917

                  SHA256

                  f6b00a48eca23d566e3ee31b2e4582a2f450dd4e90bcf18316145ef86711412f

                  SHA512

                  cb8417ee264316f1218e27dd8e35b922abbd1152ee7581b9d12dc15924023c7f60b4eccf9428870722e7f32e07db7d7091560c81396b52168aabab07fd9f8a6a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  2e0636b49214ba516029ad857a57ac4c

                  SHA1

                  2d41111f9573eab6bb0ea4de056c133deccf7e03

                  SHA256

                  29a851cec52bbe2ee9056ef02a1a19b0a4af2ef7f548a017b7a3ab7c3740c2b9

                  SHA512

                  a659f9fd402081805375ee61100d63aa4eba0a756e557fa9873f56b7cc51c86b93b7ee36ab4e5f6b7082684cd39acd69e854c965d45678b21159c7a160be1679

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1017B

                  MD5

                  6c72746e1ae788863fdc6b88c188521a

                  SHA1

                  3dd35ca65a47ab16723bb570ad8b7b8f2815225c

                  SHA256

                  482b72e7a9544683c8b421706e81ce839f961b9e4d3574c559dac5f6bab4cf54

                  SHA512

                  f13b58d886488c3bd7a74bf08352eb42b5d1c363bfdc2347bfbf6f7c47a23c66c1b59b061e8c4220b43e3cd7c2d1bb2b3fd3fd9893bb3796bc02b5dd63402fe4

                  Download Submit