Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://s2-download....

windows10-1703-x64

1

https://s2-download....

windows10-2004-x64

1

Analysis

  • max time kernel
    38s
  • max time network
    44s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 21:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://s2-download.xyz/371d7227d30c1fdd?ref=c2cc590a1f90e2f060ba1e8a627581fc

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://s2-download.xyz/371d7227d30c1fdd?ref=c2cc590a1f90e2f060ba1e8a627581fc"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2580
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://s2-download.xyz/371d7227d30c1fdd?ref=c2cc590a1f90e2f060ba1e8a627581fc
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4852
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.0.1870473748\1508030445" -parentBuildID 20230214051806 -prefsHandle 1744 -prefMapHandle 1736 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e3d0893-c7cf-4833-b324-68d2e4f1417a} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 1836 205f3208158 gpu
        3⤵
          PID:2476
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.1.398490500\1890655019" -parentBuildID 20230214051806 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {451a9d84-59e0-4a93-b6a1-3d9d39e400d2} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 2428 205def88a58 socket
          3⤵
            PID:3132
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.2.981092796\312115890" -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2988 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc43a7c3-80be-4c2c-a81c-002e1d397295} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 3004 205f6153558 tab
            3⤵
              PID:392
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.3.1618644399\473478968" -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7e69f5e-7750-476e-bef6-f6a9ac812f18} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 3668 205f7f24a58 tab
              3⤵
                PID:3172
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.4.1813084332\746405286" -childID 3 -isForBrowser -prefsHandle 5116 -prefMapHandle 5088 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f365247a-cdea-467d-bb74-a763d933708a} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 5012 205f9eba658 tab
                3⤵
                  PID:2988
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.5.709832150\983723572" -childID 4 -isForBrowser -prefsHandle 5272 -prefMapHandle 5268 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9c8fbe4-c6b7-4458-9feb-d121e5ce4b3b} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 5280 205f9ebb558 tab
                  3⤵
                    PID:3280
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4852.6.1730140513\513798534" -childID 5 -isForBrowser -prefsHandle 5456 -prefMapHandle 5452 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d07054b7-79df-4594-bebd-70cfed389482} 4852 "\\.\pipe\gecko-crash-server-pipe.4852" 5464 205f9b62558 tab
                    3⤵
                      PID:4388

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e6zhegwu.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  23KB

                  MD5

                  7ceef9a3c7142f23fe38755539f93653

                  SHA1

                  57a4fcf3fb72285f5ad26b7d1084cb4f0a291b76

                  SHA256

                  7ad486435457a7df0c90724b0663ddeabcc0616f4375cd5a07b23dd1af257ed4

                  SHA512

                  d2d0dc172b021fe3b7f007d56c4b048a341742b12dbfe928ad3a804fa3b2e731b6878e1d0ab2c498a16e65a13f65fd87d1fadd970928bc302c5e1841cf14e8de

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  fc00a7e1555900b6b206e9568e02f0fd

                  SHA1

                  22d69ab838d0132121bc11cdc0b8a13ffadc74fc

                  SHA256

                  c92fd2d5a01cf33cbfe92fb64ab8e86a9b29e7dda4cfa810453f57d5a780ff38

                  SHA512

                  a517ea76463fa6e5b5cb1421dc56324ca7895635d7c7f4e6a430063f2faa4dd7fab40c15c7fcef1274864609aa108c63315f349405421d7d4d14fdfe7838489e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  4a29cbff7bcc17139492b8e688bf9e51

                  SHA1

                  415d5a854920e06ce84edf07eb8ae75e35d54bbd

                  SHA256

                  93147739d65827d55a45d65d29c49ddaf96de36a9fd2e5d809b96ff13ee88e4f

                  SHA512

                  64842aea58e56a4557b2fbe5fe43c445c53fbe74da2277d7458b36b88b6e1bee399f2c7a2516bca636f85f0fd7e31db53c7047a63a5112bb84892cc5fea5c47b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  d7b41af96fecb56a15717fcafea78118

                  SHA1

                  771b305de327bd2a18a4a61420b0ebe110ff3e6d

                  SHA256

                  bf081693c1633b980a02a45a7ffcc175e866890a9b7924af3f3595798e4cb5cf

                  SHA512

                  2042b4f1a1e53e6112da6030d9843ced2da500c5026732b9a100d69235d0eeb40e8895ea8f46f1ad95826a6c0f6b3421b59c81fcc0c33eae500ac93a00693884

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1017B

                  MD5

                  9fa4dea5a9d85469b4527503986050d6

                  SHA1

                  698962a6ba9707faa1942346fa746bfb31bb25bd

                  SHA256

                  8c56cf3a6866dfedd340469596f828ac595ceabb8941e8e656c464d1c386fe51

                  SHA512

                  ac7c4fa82883e907cde048d4a4aaf6437334bba546730191435166617bc1b3c29eaddded0532c73068c4ca754f84c44d8e1f61b329b70f3f1085dcee05f9c290

                  Download Submit