Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://api.strafes....

windows10-1703-x64

1

https://api.strafes....

windows10-2004-x64

1

https://api.strafes....

windows11-21h2-x64

1

Analysis

  • max time kernel
    7s
  • max time network
    23s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240704-en
  • resource tags

    arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07-07-2024 11:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://api.strafes.net/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://api.strafes.net/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://api.strafes.net/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2168
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.0.1001413430\1186788368" -parentBuildID 20230214051806 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1747142-84af-42d7-b6b7-b3eaebad2a08} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 1888 1a4781a7a58 gpu
        3⤵
          PID:936
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.1.33297151\1656054451" -parentBuildID 20230214051806 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3f6e500-29a7-42ba-9a91-8556764e1cf8} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 2372 1a46b489c58 socket
          3⤵
            PID:4940
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.2.1239607192\172337384" -childID 1 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 23028 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e5a8323-81e2-4229-b593-a5d9e34f0c82} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 2980 1a47719c258 tab
            3⤵
              PID:4300
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.3.653141289\208486786" -childID 2 -isForBrowser -prefsHandle 3288 -prefMapHandle 3236 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {756a8e28-5e90-41ca-974b-9d50fe71db75} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 3272 1a47dcf9758 tab
              3⤵
                PID:4840
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.4.1994029388\524761984" -childID 3 -isForBrowser -prefsHandle 5012 -prefMapHandle 4984 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7609716-1423-49fa-b485-b64fcc7bc390} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 5044 1a47814d658 tab
                3⤵
                  PID:3104
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.5.1300682627\1040931702" -childID 4 -isForBrowser -prefsHandle 5244 -prefMapHandle 4996 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3a026d5-c58e-4375-b8a1-6e9d0a44e2ed} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 5232 1a477125258 tab
                  3⤵
                    PID:4432
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.6.102385323\635188303" -childID 5 -isForBrowser -prefsHandle 5556 -prefMapHandle 5552 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1200 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2d26f37-e16d-48c2-9b33-666ff96610ed} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 5472 1a47b213558 tab
                    3⤵
                      PID:228

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1i7klk71.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  25KB

                  MD5

                  a2ee9f0d1a1c27f9d8735edeee351786

                  SHA1

                  f8ac927e27c270dd2290f38aba0de7a1fdded6ae

                  SHA256

                  8ddc8bfede7887d902bf6c1ca0add2841e590ccb390a59a93117ae1680b1b993

                  SHA512

                  09313f483e1f488ab68a956b83b5727936572d28cd7729cd121b01b1543c88d94d9a173b5d5fda2449ea56e91fb3f9fbb1296cf53fdc34928f9a0b6a00f86fd3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  af5e087c48692e1e63ed35bd14fb2d9e

                  SHA1

                  e50b69ee742631d4d25f5e0a65acdccb19d6fac4

                  SHA256

                  57b86623ff553e9ea2d98a8be59844a5f4f51d8831e6f43943cd704edd5ba70d

                  SHA512

                  643eae7b687ca1c90bfceb5968f14b487d05b1e2c812e5288152e23b9f56549f3b5ce9c2d871f419583a79ab4733a7290748122e336073b71be2d7a35a5e94ec

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  a2a1b595f50bf1ca01ac3debd45e9974

                  SHA1

                  12bb877bdbcfb5226a00dd7189462f982da20130

                  SHA256

                  b1c286c3703058d0eb9cffdd55470ccea4e713bf20be3e2d0e0444769de8ebd4

                  SHA512

                  aa82ec0b7f264ef69cbc0f87fefcabefe7526be638f1832aeca06572095ca50d561ed51dd88717553339707bc494b29db98f6cf72bc37c358ee4ab4d50e31466

                  Download Submit