Overview

overview

1

Static

static

1

URLScan

urlscan

http://damanľ39.com

windows11-21h2-x64

1

Resubmissions

07/07/2024, 17:28

240707-v2b86swbln 1

07/07/2024, 16:46

240707-t968vavgpl 10

Analysis

  • max time kernel
    1786s
  • max time network
    1733s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240704-en
  • resource tags

    arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07/07/2024, 17:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://damanľ39.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://damanľ39.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://damanľ39.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1204
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.0.1471381190\327987087" -parentBuildID 20230214051806 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96a407b6-dc75-4264-95e5-66ca7757a242} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 1812 11c7000db58 gpu
        3⤵
          PID:1936
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.1.186747699\1421577765" -parentBuildID 20230214051806 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4ba28bc-2512-4002-b3e3-c64a74e835e7} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 2348 11c6328a558 socket
          3⤵
            PID:4432
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.2.1125609253\180717581" -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 3220 -prefsLen 23028 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {935542bd-8d97-4561-ac6a-d3c9651d305b} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 3236 11c72b35158 tab
            3⤵
              PID:4652
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.3.151387470\1058261694" -childID 2 -isForBrowser -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de31d8a9-94b0-4eee-a815-0f738451ba83} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 3940 11c63284d58 tab
              3⤵
                PID:2240
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.4.622319525\744185876" -childID 3 -isForBrowser -prefsHandle 4964 -prefMapHandle 4952 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eed62918-4b05-4864-a700-e2b13c4bf535} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 4712 11c77cc8858 tab
                3⤵
                  PID:2676
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.5.1571973270\1137492158" -childID 4 -isForBrowser -prefsHandle 5160 -prefMapHandle 5164 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10ff4d76-e588-447a-876e-d3124e27bf3e} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 5148 11c77cc7f58 tab
                  3⤵
                    PID:1496
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1204.6.711170374\1621232130" -childID 5 -isForBrowser -prefsHandle 5428 -prefMapHandle 5424 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {750bc51c-1667-4bff-99b1-03a77fc31992} 1204 "\\.\pipe\gecko-crash-server-pipe.1204" 5436 11c77cc7358 tab
                    3⤵
                      PID:3452

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tmdby34e.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  775b60b00cbbe42453f1c3d1e1700b38

                  SHA1

                  101c0a7b2b0db775dce5683489a740d52af8e7c8

                  SHA256

                  61a12b9ea4fd885dcf6ff6556df930605cf825375bae810a789b63d49b0d4ca9

                  SHA512

                  45b769ec06e9cf991111f13fda6b43b59dfa224843834068cf644a17557db402794e3fd778b6594117d4ec5c97dbe6b332db695b4944381f7face1fbf35b92ab

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tmdby34e.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2
                  Filesize

                  15KB

                  MD5

                  ed043e29c00a859ddbbdfc4ae1552469

                  SHA1

                  0f64778ba831305d3041c4338cba5a859550d6d7

                  SHA256

                  ecb4302b7abcb6236b190ab0f99fcff847adf60afc24d72956103a3e24aa1f6c

                  SHA512

                  a9aad02b1cb85a6ad46e889c86d249e498b7f22e8be3931b39c1065f45be8fa67b13af46284cf664bda6f781d51fb9bef986856c2762cde71f2e15084139b95d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  5KB

                  MD5

                  d0e4ab4feb4803ad4c721cb4266dcc2b

                  SHA1

                  ac3713740079a211cf73817bc4ad29ccf23d84ed

                  SHA256

                  e637315d78c135cb0283af58a8002d20423743364738a8a4acb64bb519f620fe

                  SHA512

                  a105d70dab9f19883bd3e1aed414bad0f819f72b2ab848850da4002e37558fde2e02f0d18f89095355b16c6e0dad8046ff8f8f3eeac172691f6d3b120ea08a9b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tmdby34e.default-release\bookmarkbackups\bookmarks-2024-07-07_11_mEYmGMJQ5YUTTLBxN5-pLQ==.jsonlz4
                  Filesize

                  999B

                  MD5

                  9753adb7da5d43473aa068121b74a597

                  SHA1

                  cc20f2144d2a873e45ea393a81ccd6bee3f4cda8

                  SHA256

                  18259d81e23205ba8ecf422e8b3218d983a6725aaeb857d0fe0e3c58a4b2b199

                  SHA512

                  fc81448284ca7021096911924cdc36a6ca901e0368845f4fcbd676e8c3d5e696d75ad1cd0fc68757ad725e086006d02a3d9e0e45d2c640c689190b0fe6f28ba2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tmdby34e.default-release\broadcast-listeners.json
                  Filesize

                  204B

                  MD5

                  72c95709e1a3b27919e13d28bbe8e8a2

                  SHA1

                  00892decbee63d627057730bfc0c6a4f13099ee4

                  SHA256

                  9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                  SHA512

                  613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tmdby34e.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  06ecef5776046ce90054ead42c4c3ff1

                  SHA1

                  f1be04aeb18336e1426e79293ab36ab95a182b98

                  SHA256

                  e7cae4cf62bb9816a89141a4c15900851b0974402a03dc7229804f6c1ee664e3

                  SHA512

                  102b4e6a654972f848019901300ff5a64c86457ef906751751e063fa7c601496dfb5cd8d7f125c3d0c1b2cc8d7dcde79e3b2de21b57561ef2ae6d2d4a022ac13

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tmdby34e.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  5a76155f5459b50c6432523809289d7a

                  SHA1

                  24fffff9b41eea09dd674de67251b5c8674bc216

                  SHA256

                  54e5fb5d883e66afa3a61261b164e0095257b48c1f832cbc82d3118f3cb29261

                  SHA512

                  241527e45e83b5e8e671ef781c10806519edf2b5139da29034fde48331f403eb5a81ad0928eae07931bfbb5cadd95aac5ceae091355b90c8a26225ee75facc6f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tmdby34e.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  fd819bc223adbc6fb2f1640b0a30fc4e

                  SHA1

                  9ec9d95330278477eb98072af565c3b6af975dfe

                  SHA256

                  27be03440a5649577265edaf3628b3816b1580a794bcbf6737131aaad5d61a07

                  SHA512

                  1aefe673cec5a15f1bef6c1c8d6a88b793557d7e9f14ec22780ef9231a7f52b616a7df60748b4f6b4f1b4eb18c3f48576ec46e0b8718bba6d5f3983a2063f2b6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tmdby34e.default-release\prefs.js
                  Filesize

                  7KB

                  MD5

                  c57be9c28699ce4e99774bd6edb57b2e

                  SHA1

                  08395c28d8da171ceae471c6a0e3a7525a1ce486

                  SHA256

                  01d9b88bfd5818aa98a8111b8bdfa75de555d1ee60b10fecea1dee06cfc10013

                  SHA512

                  687bcac83d623593f11d324a3a6fd8ca9759d74cf815d7fe148e349e8c15bd1b0acefcde4369e89130f3e2e7a9d56865e54af4426f4cbad790b8349625a82a59

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tmdby34e.default-release\sessionCheckpoints.json
                  Filesize

                  90B

                  MD5

                  c4ab2ee59ca41b6d6a6ea911f35bdc00

                  SHA1

                  5942cd6505fc8a9daba403b082067e1cdefdfbc4

                  SHA256

                  00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                  SHA512

                  71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tmdby34e.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1018B

                  MD5

                  89ac575f62547dba63b50cdfc0eac21d

                  SHA1

                  8cc78df4f16752cfab004344ee03a82c1ea589ef

                  SHA256

                  fdfb677f21a9c01691c347a880f6b603bae1295cd7edec3995a62ea46ad5c428

                  SHA512

                  556a753272a901cff5a7670c97c044d4b5d9d13014766bac3eb1790e892b0ae4f19fbaf38e4def96e5fb303f5530823981eec0b4dba2253d15a17adf99102973

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tmdby34e.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  70035cd8c4e6e6b1b6fda8b73a1e1999

                  SHA1

                  185a9fceaaca35b645c545810c4ef87379891ee9

                  SHA256

                  965bc5a4e727f39a8f8e322fd888111fa2e0f259b95a154292b905c5ed115f63

                  SHA512

                  c6e4c58ed02b80d31ee3fad26a74079425e21988c9596b21e3843eb2ffb23b78d66c8d4e0df71d666fbc65fca4a612562d3fd50649fa7970d79a53243b32ad00

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tmdby34e.default-release\targeting.snapshot.json
                  Filesize

                  4KB

                  MD5

                  74f759a086f98cc7d4f35dec67fd7bcd

                  SHA1

                  62c00e6d27a7929bca8bd08eddc67ff1180994c0

                  SHA256

                  94a6ef908dd0e3e2ff470d7ffff1b4b2f3f051372aa0680d30a6c1c5dace6c51

                  SHA512

                  80053715bc368607120e4ba6565ac189e923df0b0193bbc7a9e24bb980d4f7665cf7f7a63891a59e226b480b9e1712311e9b6cc07453c3f7c32d8bdba0649f8e

                  Download Submit