Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.bing.com...

windows7-x64

1

Resubmissions

19-07-2024 22:48

240719-2q6rzatglp 1

19-07-2024 22:46

240719-2qf7batgjj 1

Analysis

  • max time kernel
    22s
  • max time network
    24s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2024 22:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.bing.com/ck/a?!&&p=cf8e9d07b389250dJmltdHM9MTcyMTM0NzIwMCZpZ3VpZD0wNGQ4MjlhZi03NjQ5LTY3NjItMTcyMC0zZDMzNzc0OTY2OWImaW5zaWQ9NTI2NA&ptn=3&ver=2&hsh=3&fclid=04d829af-7649-6762-1720-3d337749669b&psq=the+gumball+club&u=a1aHR0cHM6Ly93d3cud2Nvc3RyZWFtLnR2L3RoZS1hbWF6aW5nLXdvcmxkLW9mLWd1bWJhbGwtZXBpc29kZS0xNGItdGhlLWNsdWI&ntb=1

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.bing.com/ck/a?!&&p=cf8e9d07b389250dJmltdHM9MTcyMTM0NzIwMCZpZ3VpZD0wNGQ4MjlhZi03NjQ5LTY3NjItMTcyMC0zZDMzNzc0OTY2OWImaW5zaWQ9NTI2NA&ptn=3&ver=2&hsh=3&fclid=04d829af-7649-6762-1720-3d337749669b&psq=the+gumball+club&u=a1aHR0cHM6Ly93d3cud2Nvc3RyZWFtLnR2L3RoZS1hbWF6aW5nLXdvcmxkLW9mLWd1bWJhbGwtZXBpc29kZS0xNGItdGhlLWNsdWI&ntb=1"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.bing.com/ck/a?!&&p=cf8e9d07b389250dJmltdHM9MTcyMTM0NzIwMCZpZ3VpZD0wNGQ4MjlhZi03NjQ5LTY3NjItMTcyMC0zZDMzNzc0OTY2OWImaW5zaWQ9NTI2NA&ptn=3&ver=2&hsh=3&fclid=04d829af-7649-6762-1720-3d337749669b&psq=the+gumball+club&u=a1aHR0cHM6Ly93d3cud2Nvc3RyZWFtLnR2L3RoZS1hbWF6aW5nLXdvcmxkLW9mLWd1bWJhbGwtZXBpc29kZS0xNGItdGhlLWNsdWI&ntb=1
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1696
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.0.1234175696\493875158" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbc2b9c3-31c2-47b0-a125-ceeabb0f1e93} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 1288 47be558 gpu
        3⤵
          PID:2864
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.1.547852565\1742129517" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb0c0521-5fb2-4bf0-906f-f14d5af6b3ae} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 1508 e72558 socket
          3⤵
            PID:2836
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.2.1952776036\700542204" -childID 1 -isForBrowser -prefsHandle 2072 -prefMapHandle 2068 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5d2e417-9ab8-4323-aa9d-57f6c8dae904} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 2084 19dc5458 tab
            3⤵
              PID:1928
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.3.1266422739\1713262723" -childID 2 -isForBrowser -prefsHandle 2832 -prefMapHandle 2828 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37ad9c9d-eb71-4fa0-9be8-4a6bbff4d51c} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 2844 e2ea58 tab
              3⤵
                PID:476
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.4.773833668\2000109623" -childID 3 -isForBrowser -prefsHandle 3776 -prefMapHandle 3772 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {862a0678-5ec3-4b59-9983-728b81af1224} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 3788 1e6d4558 tab
                3⤵
                  PID:1552
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.5.49735440\2077541270" -childID 4 -isForBrowser -prefsHandle 3896 -prefMapHandle 3900 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d989f06-dd80-44eb-9737-bd828513ebc4} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 3884 2022f858 tab
                  3⤵
                    PID:980
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.6.430589209\2034476368" -childID 5 -isForBrowser -prefsHandle 4072 -prefMapHandle 4076 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95886522-9c65-4065-a5eb-641d183bf3ba} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 4060 20232558 tab
                    3⤵
                      PID:1976
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.7.1066864920\1998784916" -childID 6 -isForBrowser -prefsHandle 4260 -prefMapHandle 4264 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb63c3e9-cf11-43f9-a914-4912648639c4} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 4284 21de6258 tab
                      3⤵
                        PID:2132
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.8.395258063\1371161436" -childID 7 -isForBrowser -prefsHandle 4536 -prefMapHandle 4532 -prefsLen 26607 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3592188-08aa-4d2f-93b7-18646674f04c} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 4548 21f62358 tab
                        3⤵
                          PID:1520
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.9.1356166153\1749060383" -parentBuildID 20221007134813 -prefsHandle 4696 -prefMapHandle 4692 -prefsLen 26607 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb373778-9a0a-4e4e-8b93-4fa5b01d182d} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 4708 1ff79a58 rdd
                          3⤵
                            PID:1148
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.10.1715971623\1781000119" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3052 -prefMapHandle 3988 -prefsLen 26607 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e77c658-7bd6-4465-867c-d06566d7cd0c} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 4048 216fa158 utility
                            3⤵
                              PID:3384
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1696.11.201351045\485607902" -childID 8 -isForBrowser -prefsHandle 4220 -prefMapHandle 4784 -prefsLen 26607 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a953b969-010e-4ea2-a354-bbb3b87ce5db} 1696 "\\.\pipe\gecko-crash-server-pipe.1696" 2092 1b11a058 tab
                              3⤵
                                PID:3452

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\activity-stream.discovery_stream.json.tmp
                            Filesize

                            23KB

                            MD5

                            31ac343410abad4642796a8537f61f74

                            SHA1

                            a639c3375af880d1be72878aa4c570942993ed14

                            SHA256

                            c1bdad7916a610f6b9cb731c67bcabaad15b84c1c81b6778f8e9610932e0e575

                            SHA512

                            3ecc9c1f8d0984235a5542aabc45c36435c1a4e4398d83d7f42f5f7a2275c2668ad97f33b7e2e93f9b2814981474ffc9a7062a5fe73f7ab225cfb2819a891736

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\cache2\doomed\10903
                            Filesize

                            25KB

                            MD5

                            bcad599e694c6fefcd8a353144a35d64

                            SHA1

                            832298c30d539df15f98d0c925e082e19cd873b6

                            SHA256

                            5ddda02071c5724eca68b32fd529ef1b7a6ad1c4ce14746c9e42599b4205d58c

                            SHA512

                            15a486eb17bc26c92df9fe66d4353a9a12cddd2ed14f686edbb8bddfc60515cfa3dfa8752c5cda72eeaf52f8e028b0f4302c97a69a2268498d8a75ee7baff28d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\cache2\doomed\21048
                            Filesize

                            11KB

                            MD5

                            ae4a16ea171560bc4ded235f5d9d4c54

                            SHA1

                            e20e050c29bad6c02a0722a8a1f4cb661c978b7a

                            SHA256

                            59495e9807cf50a8ab1de01cbbeba2947e7300fb1d8ed47aab5625043444efd0

                            SHA512

                            4b73c6f551a01c61e154ad8ab786b42f5a2cf7db58edf5e2e926c8055f71a7408a8f643c8108238d9343629886c12474256c67a5684b52663b0b4699bc25eaa5

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\cache2\doomed\9019
                            Filesize

                            6KB

                            MD5

                            192784803ee3445c117645db36b77997

                            SHA1

                            c5a463907cc83089538fbca681da0f38c3c99bf0

                            SHA256

                            9c1a3799cbdf7745015bfc745d8e3f8eac7779631d896a586f8cf0844bfe0733

                            SHA512

                            1ffc0d0b795994c49e57def84d11ca5d3f369eca18b2dbd9167e303f6d75bef22d0a08f49c8872e2a55e9d31f0f1b7f26b1b004dc4850b21592dbcb0cf3f5583

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\datareporting\glean\db\data.safe.bin
                            Filesize

                            2KB

                            MD5

                            8a217b6684efb65ec0f660f3ab9bb531

                            SHA1

                            35b658aaf4d421743ec408a4a3cca31f0193f1d2

                            SHA256

                            0e9d08a8783ced46312edb1689cc0752b878c1bb59fa08825112533df5a2d851

                            SHA512

                            60216dcfadd2a0e5d293c64b735aab7f592a068470af479bc749e7fcc0e0c9f85142649262d9e9ebd843ae11f057ee3cee582a3d3ba0fdfa27ab3a19b3d26e25

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\datareporting\glean\pending_pings\89bbb192-ee1f-40f0-8acc-817932f6a89b
                            Filesize

                            745B

                            MD5

                            4f40be1ff8e0e5bf9e710abadbdbf561

                            SHA1

                            1bdfd072ba86b99fa5f7e15ba394b1e95ae99e86

                            SHA256

                            e66bfbf21dace4fef97ca3fa28c5efc1e2db27bbfabc7b78a5eba2147fe910ce

                            SHA512

                            34b2fb4c109d1dbe71903db65f1881ae3254118dfe08f07dd8db8f9999bdfaae197970bb756fc9f5cc07fb9e7e14d2a219eda788dd466d3ba7b67c4591d48d5f

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\datareporting\glean\pending_pings\edc1bbb9-1a4d-422a-bab5-5fb945369695
                            Filesize

                            11KB

                            MD5

                            573be73ef1b5bf81952746b0dcae1bbd

                            SHA1

                            2b96085ed2e983d46c82c56995ffc0377c8dd7cc

                            SHA256

                            a9a33bb11dd33f1fd4ebd2d17162a668414595d0da8c0b36e743703fb59233ec

                            SHA512

                            a2b2b0c617a8c4ec980daec8c5f444dc8b1151ae495ab08de79d44f5e9000f3ebd31b912a82569bcaacc8c4c84581c05161bc1a552358d1b2c5de3bbc1da67d5

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            8KB

                            MD5

                            034a9fedabd0690a8921fc97b834f8d3

                            SHA1

                            bffc68b9b92c7dadd5064ad8d367cb8143d7963c

                            SHA256

                            d8e3aef6c1ac987b247a158a8ab39531e553b20465c6a620c09c82723f0f5d1f

                            SHA512

                            d16cc395da1b2ac95cf008ec6ed0a4c9c5a21c6d168fffd43fc0838afc2c57fde7f0a183dbd57f15f0ca244e1324327d82e7d814b5e5afaa9561188c9770d536

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            7KB

                            MD5

                            d203ef55d5755ee95f84e33cc837f8e4

                            SHA1

                            37fd2e330254affaf7b5b35572f3074db2342931

                            SHA256

                            12918d96ba7b933af962db4ee22dfb83e99ee0fbf81db2fb89baec959fdfe41d

                            SHA512

                            f35100495e6895db3602081eaafd5053a6c2019f6438aebbc3e4e1486aaaa8a679b47e5809d8dc40d3ccba5aa08be47f186446faabe4922c92fd3e7484ff7e4b

                            Download Submit