Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://continuealle...

windows7-x64

1

Resubmissions

19-07-2024 16:18

240719-tr9k9azbkm 1

19-07-2024 16:18

240719-tr34gashre 4

19-07-2024 16:17

240719-trsyhashqc 1

Analysis

  • max time kernel
    1s
  • max time network
    2s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2024 16:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://continueallergic.com/m026p76u6p?key=e7a0ca9df3a110db4e6b61e27b0f45a8

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://continueallergic.com/m026p76u6p?key=e7a0ca9df3a110db4e6b61e27b0f45a8"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://continueallergic.com/m026p76u6p?key=e7a0ca9df3a110db4e6b61e27b0f45a8
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2068
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2068.0.917672890\45854910" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {960bd54a-b911-44c3-abe3-6c9b8c5b8264} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" 1300 43d9e58 gpu
        3⤵
          PID:2764
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2068.1.1202005373\1225743217" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f71917c-bb58-41d3-aa18-6a27f667534b} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" 1500 d6fe58 socket
          3⤵
            PID:2776
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2068.2.1040079397\1685165117" -childID 1 -isForBrowser -prefsHandle 1116 -prefMapHandle 1096 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62ea9aa1-3b4b-4cee-b7af-aa52632df1e4} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" 1792 1988ec58 tab
            3⤵
              PID:2852
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2068.3.565136451\2004606978" -childID 2 -isForBrowser -prefsHandle 2640 -prefMapHandle 2636 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e114245-ea44-4873-ada1-e8ed244924fb} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" 2656 d67858 tab
              3⤵
                PID:3068
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2068.4.1463808398\1109608826" -childID 3 -isForBrowser -prefsHandle 3832 -prefMapHandle 3828 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34513d02-833f-47d8-a1a9-70cf8121e186} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" 3844 1d9daa58 tab
                3⤵
                  PID:2780
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2068.5.1812197981\1036039899" -childID 4 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4aecc69-a21f-47c1-a7ec-12445d0f58fd} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" 3940 20636e58 tab
                  3⤵
                    PID:2900
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2068.6.732583580\854044966" -childID 5 -isForBrowser -prefsHandle 4120 -prefMapHandle 4124 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fd1201d-0c9b-4dbd-a491-95b09436d5cb} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" 4108 20639558 tab
                    3⤵
                      PID:2892

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  27KB

                  MD5

                  064529051be620e5f10ba7b8f6c1588b

                  SHA1

                  1058e352fd97971854768f1b5d19e881bc9ba2fc

                  SHA256

                  74ace69aa51c3a1ff49f1936cf250a0c52be69970c9da0537f66cda9a25364c4

                  SHA512

                  fe203b8a7ee19a0164bacbc6844f879f4d25cba25622cfa29a1ae4b9276b5da5f7e75f27b0dd665b29646bd42bf36bbe9d895059d03076f59133270bb3226479

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  eaff061af719f9afd1b595ed78d9938e

                  SHA1

                  70bc2255bdc0b237f13c6b488cf4f39da167fdda

                  SHA256

                  d41d7c9e69a1f48251f08786328cd45c678001232d768c94d5c62250036a59bf

                  SHA512

                  4a478c2163375e9fe6177d0663bf6882c5e177dd8fc3d385b69625331f2618630bde3fea72ae3c34307e5b95be4a4531a80b0ab59a3cd25ad493f5b9b0bd5954

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\pending_pings\29acad9d-321f-4048-a88d-ea3a29a09551
                  Filesize

                  745B

                  MD5

                  10bd9acce030c87dc43103bbd2c21b7d

                  SHA1

                  79a4449c2cd2b4218756f3376ed5beca5a960197

                  SHA256

                  4d27e4a68312c9660aede569d24b25ed3bb29e0f198f5ea58ecf334baacb6018

                  SHA512

                  6ed68548be58a61420b0c9d2c725f50be5125e3d4a2abaab9f69c95461669c26f2de69d1204acec13bd20441557de6c06bfffdbdc505a275bdea929892a100b1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\pending_pings\c1cbf2d6-023f-45b1-af59-8beb7fbeba9a
                  Filesize

                  10KB

                  MD5

                  6b71b835d64ef85d97a2985469f8cc94

                  SHA1

                  fc6b0b7f5f1811665c1ed04658d7581dd4389622

                  SHA256

                  ec3ce6e5078a82a063a98e7b891784a1e0f46941713dac381069a96b55da1201

                  SHA512

                  630cd0950fb19b3bd24986b7801a47b0f18114a825b130105ba841c66f0b930060965f0428e760ce70ab2b4e9eda26147856e62b7934b97152ddcb6eabcff930

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  6de3de5cbb6ff845bd94cac2d9efdb5a

                  SHA1

                  25ffe9568dadf70f50fd0522d811145c34029920

                  SHA256

                  d62b700f4c330270fbd71841e93b80eed9a1ce1ebe3907b6bbbb725ec5335e93

                  SHA512

                  34ff412317b39efe9ce79dfab135df518e7ac3fd8ac967e61a80c26368325351eb346aa4f6d7282baaa50faa03f7383076a3ba00d749b13d255fec8289d04ffd

                  Download Submit