Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://downloaddevt...

windows10-2004-x64

1

Analysis

  • max time kernel
    34s
  • max time network
    32s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2024, 16:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://downloaddevtools.com/en/product/479/download-hex-rays-ida-pro-crack-19

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://downloaddevtools.com/en/product/479/download-hex-rays-ida-pro-crack-19"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://downloaddevtools.com/en/product/479/download-hex-rays-ida-pro-crack-19
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1140
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.0.285719020\426410048" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f92e491-e5bc-4426-93cb-2e3060d99a41} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 1868 1b95fb30b58 gpu
        3⤵
          PID:736
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.1.1516921937\1357494065" -parentBuildID 20230214051806 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c946fd97-72c4-452d-9963-2491092ceff4} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 2456 1b94b789c58 socket
          3⤵
            PID:4496
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.2.1272728318\1111928907" -childID 1 -isForBrowser -prefsHandle 3056 -prefMapHandle 3052 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d0088dc-7410-4e29-8986-648951676dc0} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 2856 1b962939858 tab
            3⤵
              PID:1084
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.3.526593140\1210429908" -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b2e3b93-193b-4261-ae88-0c08034bd391} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 3528 1b94b77ae58 tab
              3⤵
                PID:868
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.4.2114621679\532932678" -childID 3 -isForBrowser -prefsHandle 5200 -prefMapHandle 5192 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {974cbf7c-313b-439f-af13-18650758d282} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 5220 1b9658b2e58 tab
                3⤵
                  PID:1496
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.5.745360980\577121746" -childID 4 -isForBrowser -prefsHandle 5412 -prefMapHandle 5408 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d07e9b8c-e315-4966-a6a1-6a56cb68ed2d} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 5420 1b965f95758 tab
                  3⤵
                    PID:5108
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.6.1619231972\396150851" -childID 5 -isForBrowser -prefsHandle 5604 -prefMapHandle 5600 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d132d9db-19e5-4cf6-a1f4-ddeba292a682} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 5612 1b965f95d58 tab
                    3⤵
                      PID:1004
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.7.2140563827\1977218556" -childID 6 -isForBrowser -prefsHandle 5920 -prefMapHandle 5912 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52c3efd6-2886-443b-b5ef-402c29afda36} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 5932 1b967810f58 tab
                      3⤵
                        PID:1248

                  Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          23KB

                          MD5

                          9f4eacf68d1a0dbd332a4ea4ab48ace9

                          SHA1

                          df669dfbfd18887bd10286f96a8286dfc6d1afcb

                          SHA256

                          cfacb23e905045e5bd035a154b4cb1eedcb7a42754290ecc2b479173625ba646

                          SHA512

                          cfe5f412a7bbe074230b9a7625fc0a6028f8566a89d9ce473f4d6c03ee1f02e28f06e0016733a97d472c017a4af80ed773e217f32e49eef4f63d82bac8c66bc6

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          db142affde6fb65a846001fc4d16cd7a

                          SHA1

                          eec66392fa6e09a153c32c3c26f3159e1a662722

                          SHA256

                          fcc2f9699522395c2076bebacfc183c48616b5bdf63c161fd635c0ab451eb8eb

                          SHA512

                          968d5834d7d427574971e08cf246c3ec77d62a4dad960a1f257fcd8a34ff6d3418df1ce28847db9fa24797d78e61782eee168ed348c035e57fbb9454743b261b

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          ee2488d4baba3d4d2471d16fd01a8f0a

                          SHA1

                          684491c9ea5fc08b4e3d5ea811e24bee01ee8db5

                          SHA256

                          b4611103d44eeaae4319017046d347210faa110f8d1c3947a09f131e6ccdcdd7

                          SHA512

                          d8ab02e34d3bdd8e729075a62f90d99e2ffe3627e521ed44898c17016ca8242872ae0e9648b87ccc253ee0faf46ea5bbe2b4b68bf3bbfc9bc01c8cf08ae2b3ca

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          7KB

                          MD5

                          873f991a49b771bf43e9213b0ea5c815

                          SHA1

                          84744049b3c47f5b275531a082e754f0e1be8dbf

                          SHA256

                          0a31a7720fef8522cd8c0338678046b917fabab7767ea30798e9c9e3b7cf92d4

                          SHA512

                          cc6494a09d1d3bb500a7c226177834ad3951c60ca05a9262741bb592890a5dcdb91788969f43705ae3446d7c8ca7c0caeab7914209c7cf053f7a7d34ad51e1b1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          7KB

                          MD5

                          0b1ddeb62dccbe2e5ff122ed45e80c59

                          SHA1

                          2f06dfab2de0308a6b7e519be9126db432734c14

                          SHA256

                          ee62faed881652ee8afc04ff37604e9389ba8336aeb23461e253ddd79c4acbd1

                          SHA512

                          052da417ef625de632359b94b125bffddb198c119103442265fb2e8b870968c7e9e82aca9921cfd187cbd73d78f275733bd87a98505a1db4161846839500a4c3

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                          Filesize

                          192KB

                          MD5

                          47291f5bffb17c1658b2811eee4df7be

                          SHA1

                          e030537635d7c86eb9fe73d9c7fc05f5c4165545

                          SHA256

                          1385c163850263d9c6806b1defd58aa25e00b04a0faf83446c25ec92ac761f31

                          SHA512

                          7582a960472b794ae598be82cf65857cb51b389ac657c20e394d041db7a46a1eae761a2530090f67ec0e4d90edf84a7139593bc846731130b14b44a13b8d4c2b

                          Download Submit