Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://s2-download....

windows10-1703-x64

1

https://s2-download....

windows10-2004-x64

1

Analysis

  • max time kernel
    19s
  • max time network
    21s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27/06/2024, 21:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://s2-download.xyz/371d7227d30c1fdd?ref=c2cc590a1f90e2f060ba1e8a627581fc

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://s2-download.xyz/371d7227d30c1fdd?ref=c2cc590a1f90e2f060ba1e8a627581fc"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4100
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://s2-download.xyz/371d7227d30c1fdd?ref=c2cc590a1f90e2f060ba1e8a627581fc
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.0.1701782962\620590080" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1696 -prefsLen 20767 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e717614-ac8d-4979-8fa1-f6a5c4733879} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 1780 2756f3d8158 gpu
        3⤵
          PID:2136
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.1.1199931190\2138289044" -parentBuildID 20221007134813 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 21628 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9f592af-59ce-42f2-be51-8b0fc5e16d9e} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 2156 2756f2f9258 socket
          3⤵
            PID:4564
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.2.1355470997\1828385609" -childID 1 -isForBrowser -prefsHandle 2876 -prefMapHandle 2872 -prefsLen 21731 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3046c50-543c-4c27-a16a-b27b9f00a5e8} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 2884 275732f4758 tab
            3⤵
              PID:4468
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.3.1311999813\1819477000" -childID 2 -isForBrowser -prefsHandle 2904 -prefMapHandle 3024 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae2f1dc7-77d9-4fda-80e7-a6c03851d759} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 3500 27571d67f58 tab
              3⤵
                PID:304
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.4.566813046\1451228185" -childID 3 -isForBrowser -prefsHandle 4788 -prefMapHandle 4784 -prefsLen 26370 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c788b91c-afa5-4ac3-962c-d6a2fe276bde} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 4812 275756c1a58 tab
                3⤵
                  PID:5024
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.5.2084836970\255349611" -childID 4 -isForBrowser -prefsHandle 4948 -prefMapHandle 4952 -prefsLen 26370 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdae733a-628a-4ef7-a3ca-ba92a3004caf} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 4940 275756c2358 tab
                  3⤵
                    PID:5052
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2700.6.1669715215\594386305" -childID 5 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 26370 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20bdf22d-9602-4f77-bbf1-11164752fa75} 2700 "\\.\pipe\gecko-crash-server-pipe.2700" 4336 275756c3b58 tab
                    3⤵
                      PID:4476

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  29KB

                  MD5

                  f3977fccc5b355ea1b112bc8a49dec31

                  SHA1

                  261302619bedbd3a05b474039b63446b7d166ac0

                  SHA256

                  58001b466127fec5a1bd69dfa4d996468e8bb3c6e082f31cde946758e5b1effb

                  SHA512

                  810382e86832f73fd2399fa1ec72cd61dfadf6badf32afedc2df1d89bc23fe858b4a6c5d2c62ed9839669c1e1a8e9088cab8ef62cbf25328a408e161d2da8efe

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  62551f85327a01f9e6d5a30ceba9d963

                  SHA1

                  666ef508f25d38401edc18bed475aa2cf7c5713d

                  SHA256

                  ee385560a40715765264a2aeb04d286dbfdfd367621b4b80c698a68fa620d17b

                  SHA512

                  ffe545f5c650767425dc841201c7bc65c85cb462a0b613a5bf07af3a6a1143d934864c66ad52bf3634f6711f988c2a21a86a1bb6912db18459b35e598af57f58

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\6b5e479f-eeb8-4a95-99be-a49a4aff8172
                  Filesize

                  669B

                  MD5

                  0615312e9d42e65074b47efc7098c574

                  SHA1

                  5bfc136626e4d1e5633dc3b67705bd27f8ff89d8

                  SHA256

                  2629cb7fe7fd6d4d176c5a100c63b185a9f335a75402fb049446c1af8414571b

                  SHA512

                  ec80bcb0ab956aca73dd3d2fe7f25042bd36209db408ada43685e931349ff75e2035fe90be994be05b33b41774a40460d81779197917af148bbd3c4d031ce3a2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\c7ae7596-9952-4161-bbd6-a395754f9cf2
                  Filesize

                  10KB

                  MD5

                  f3d5d80e92ed90bf813ccc2608fda608

                  SHA1

                  184dddb4420c7a3401b19e7416e12ce0dfab8fc1

                  SHA256

                  8e256eade1e85eed0d9a2336981e6a8ef3fb44a6cee85f44d0a9b8242c7ca504

                  SHA512

                  787feb741966cbfc40558d28f4a6c86240a47c4ef8841b5032927cfaf7dcdd66b332dbf20741a16dea394a7cde892e4a50f5a1ea7bebdf97c74915f8000b9399

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  28082103abac22502f4ba336b70afe3f

                  SHA1

                  ecae10ca9a028dc294a3a27decd4b026ca618614

                  SHA256

                  dff4d670e2071fd5a55d18f3edc2a365283ecf2c63c658791940b82c39dae4c5

                  SHA512

                  10704b19c752bf7514bb793a5de1258083e5d4167f5ad4650562c37336cb9ce6892f6a8b708ed7c5aeba005d23ab445511fa59cdbabb2dfd83b4899b8c9c6755

                  Download Submit