Overview

overview

1

Static

static

1

URLScan

urlscan

http://github.com/ro...

windows10-2004-x64

1

Resubmissions

08-07-2024 02:35

240708-c24z3s1apa 10

08-07-2024 02:34

240708-c2gjsa1alg 1

08-07-2024 02:25

240708-cwrgssyajk 10

Analysis

  • max time kernel
    45s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-07-2024 02:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://github.com/roylikesdick/one-click-method

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://github.com/roylikesdick/one-click-method"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2492
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://github.com/roylikesdick/one-click-method
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4912
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.0.1219566948\1712952759" -parentBuildID 20230214051806 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 22244 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b40994d8-7df9-4733-b70b-109630d56e4a} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 1832 2a203c08458 gpu
        3⤵
          PID:1264
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.1.1885762406\1717985978" -parentBuildID 20230214051806 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 23095 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {169bc35f-3afe-4b67-881a-9048bbe8a355} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 2424 2a2040ae858 socket
          3⤵
            PID:3084
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.2.460626882\393193909" -childID 1 -isForBrowser -prefsHandle 2828 -prefMapHandle 2884 -prefsLen 23198 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9070c7f-79ef-40cf-ae11-15506bf28bf5} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 3028 2a206b20e58 tab
            3⤵
              PID:4484
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.3.280367775\2117141230" -childID 2 -isForBrowser -prefsHandle 3924 -prefMapHandle 3920 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d93b515-721e-40bd-8dca-81828537ab8a} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 3936 2a20888cc58 tab
              3⤵
                PID:1988
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.4.202692995\952153256" -childID 3 -isForBrowser -prefsHandle 5040 -prefMapHandle 5004 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3beaf8fe-bb8f-4389-ab13-9e8b367c6434} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 5028 2a20a2eab58 tab
                3⤵
                  PID:2400
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.5.1265606782\1151498717" -childID 4 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcf4c652-63d9-4a53-b965-26ef2d5d5492} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 5176 2a20a2ea558 tab
                  3⤵
                    PID:4432
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.6.226915830\265127182" -childID 5 -isForBrowser -prefsHandle 5456 -prefMapHandle 5452 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f32ab7bb-1ecf-48bd-81f9-e23dcc742ea9} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 5468 2a20a2eb158 tab
                    3⤵
                      PID:3736

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e6zhegwu.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  23KB

                  MD5

                  5b0c0eab16a263e138a1b915f3267abd

                  SHA1

                  812ee2e278394fe32f759c92880b78d83ec2f0a0

                  SHA256

                  526af338fe8e36b54e03aa520a5906dd99c41e4a98cbe2dcdcfd4a90a565ae62

                  SHA512

                  54d5e28bd9c46c19186772be96a6282d899b3249a575d66fd040f70828f40c4dad3ef41ca3c2c0d65a11a001ce93904d5ba20bbedc71e7e5f0e532f89e60b06c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  dab686454ba44adbb8228247f7c17d91

                  SHA1

                  1c3aa9378cffe263584f3677ee0d09a4ad70886e

                  SHA256

                  4e0ec66bc9156765e8bd8950138f6b166e560ff8df76cf71e7cf4d7a97e78777

                  SHA512

                  72383822234414e94f86ca5f9dcc5cdb95934733c18929dcfedca94c9e23bb4223fe68368d4243200961cbe6bc6325d8d5904453fa7c0d1f402a29a21c9b959b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  b1d03f315b4ee2566f9ffd777da54601

                  SHA1

                  0ac9821cf71d2ee0481a3ebb8a79e4b53f8d28ae

                  SHA256

                  b6a0a4a7d1d9126c38f1643822e536bf1f7d9d0bb0e5d3f4c15371305de28051

                  SHA512

                  a20aba79e6d46caacc480a51c09df1d3de3c9aae3e87a629ac204cc32494978992e6af44949574071c9598e843b438b2d1b646d49481d057b1cc41283552a47a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs.js
                  Filesize

                  7KB

                  MD5

                  d5c56bfa1aed8d9563d21c37ffb21448

                  SHA1

                  ae06832bc5505c871f9f6b80031cfeae24edc8d9

                  SHA256

                  bfc747f1ca10bfa3b7fd92a304c91219c56385d9c4797ce1c9fff0e78e417822

                  SHA512

                  367d240f8c9c22edbb35d4892dc64b38fa2b88e96b70c42592cb75e4ae293a1627493d8deb900d045980361477f619e1c21e7015f3be71b40cc0812dc4f33e18

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1016B

                  MD5

                  def6e75bdecdd0a96d2b728ed53c7b7d

                  SHA1

                  97c2d8d4b8e9284bd4f4616cc1ead9dda0a31570

                  SHA256

                  2046cc1f32465e6e2abba1ee67e73f327ba71a3897accca710d76ad74024d113

                  SHA512

                  51bd0a77c3f36dfe6dccb2da99138010085d3b028f0449a1929feb961cc7ac615e30976251dfbe49daccb4820a2e7fd8e39016dfd24cdd92262c82283b1477e1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  2cefbef37a72555a6b9a2b899510c0f3

                  SHA1

                  a04580287f4f5f725fbf70837b4983218f064d29

                  SHA256

                  ee0bde1d01085cc807d3396d58c87cdce45d06e98284b6ac6a3a0dcab5fd09d5

                  SHA512

                  31d0cca30bbd648a6da15e7ae38ea39fe98aa45abe8db43648cca8d2c03acb377a48e6c642840c721898ae634260d1c7705495b008be7794f24c16d29e18366d

                  Download Submit