Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://172.104.100.2...

windows10-2004-x64

1

Analysis

  • max time kernel
    18s
  • max time network
    9s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    01-08-2024 20:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://172.104.100.207/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://172.104.100.207/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5084
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://172.104.100.207/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:788
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c85043b1-34d0-4ac0-8686-8a367bc9f14d} 788 "\\.\pipe\gecko-crash-server-pipe.788" gpu
        3⤵
          PID:2936
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00aa4e94-7cef-4589-b03a-7af7045dc8b7} 788 "\\.\pipe\gecko-crash-server-pipe.788" socket
          3⤵
            PID:4740
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3180 -childID 1 -isForBrowser -prefsHandle 3408 -prefMapHandle 3416 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07d65dd5-d007-426d-80e1-32e82aeef583} 788 "\\.\pipe\gecko-crash-server-pipe.788" tab
            3⤵
              PID:312
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3800 -childID 2 -isForBrowser -prefsHandle 3364 -prefMapHandle 2784 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d58a371e-557d-4d2d-b77f-426d33d5f72d} 788 "\\.\pipe\gecko-crash-server-pipe.788" tab
              3⤵
                PID:4308
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4596 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4576 -prefMapHandle 4560 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5090d67-9432-4c16-9d2a-519585cbce09} 788 "\\.\pipe\gecko-crash-server-pipe.788" utility
                3⤵
                • Checks processor information in registry
                PID:2076
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 3 -isForBrowser -prefsHandle 5308 -prefMapHandle 5316 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6186dcb5-7c3c-4e22-b8fd-43bc9c228dfc} 788 "\\.\pipe\gecko-crash-server-pipe.788" tab
                3⤵
                  PID:5008
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5272 -childID 4 -isForBrowser -prefsHandle 5460 -prefMapHandle 5464 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5dbee50-4e77-4ae3-b0bb-4da7b5f1bce1} 788 "\\.\pipe\gecko-crash-server-pipe.788" tab
                  3⤵
                    PID:4244
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5652 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5724 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7413cdd4-f9b8-4c0e-a3ba-27c27cd0ff05} 788 "\\.\pipe\gecko-crash-server-pipe.788" tab
                    3⤵
                      PID:4876

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  19KB

                  MD5

                  8958250c02a2387a238149748cb27969

                  SHA1

                  19849d24657543a23089acf9b561ed9cb13c139b

                  SHA256

                  72bb07ceb058a35d691019c658fdd0780348210da735a1a2060366f6a8dca1ef

                  SHA512

                  f0b6c9c55aeb5a67abca4f3ba109df84913de377b3c37f8c78489200b857489910416f416b47f12d21205e53c97c4687a999dfb21397f2cd9567cc7dfbeb71da

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  6KB

                  MD5

                  82b7e574783cd344bf6983b80cc81f7f

                  SHA1

                  4eb70d99bdffac9084f808d6ec5dab69548fb0a4

                  SHA256

                  fd0759ea29fb1523dac664cde4edfc4a977c4830b8e0f09b09f39d6f58f6df68

                  SHA512

                  271abf476600e755898e4e5a76c30920ebb2cc00a54de8b30e2e2e08fad6514bb405238fd7b807c2acdfdd9b955348581383401f5e74451e292222ac8578a636

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  5167c4e16c2d384dae78112b6e574375

                  SHA1

                  09a0ceeb76c8cb4eade3abfe20f35dce99f43d82

                  SHA256

                  876175357c830d9839cd686000bce07dc29627fed439f229ad6a69f94c2dee63

                  SHA512

                  fada32c9235162fe1fd48dd58fdf3f2102973dc62d00d5cb939e87067fa85fca6f197c13c02e6e176b74fed42212afcada1bb13d2e885a79a6ad51718310f455

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\415f8052-646e-4549-9c27-274abb01bcff
                  Filesize

                  982B

                  MD5

                  0f360ee78f6c5514500b61228241ae2a

                  SHA1

                  d5da5ca9d80d53020b175ea0b662fafceb55f481

                  SHA256

                  4a493686929e5593d550ce993956c6e0dbd60cc56fd2e6871f507e42191fd1e5

                  SHA512

                  d31bf2188713fca631569f8e29b367c2d9db55d3d910bab91c070ae713487010c078f321c3b7cfda6013b83b40e6089d412b34c90e2291e91e5ec9c95c101d01

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\5674c845-b86c-41e6-946e-3c16e9692044
                  Filesize

                  671B

                  MD5

                  227598e525f0bb91641cafee1fd7f50c

                  SHA1

                  4a81d4986439f963e1f6a6f03f5e47d2f361318a

                  SHA256

                  ce90b38fd3891a11a992e362bd5f67b3733ffe77cda737effde63c0867074352

                  SHA512

                  5542a49c1d72f09ec9a9090fb4b75556d370f935bb5ea598f5ee95f7ab0884d7d3395643e5cfc2d5da3562dc775564d25376fe56096146be52e568f3665c225b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\95569cd0-cfa2-420c-b524-81b8f7158546
                  Filesize

                  26KB

                  MD5

                  8d048a17d3842c6da70bad15d024a412

                  SHA1

                  163bced7600b6063817660123f8caf725eef05c7

                  SHA256

                  65bf3423980ef8cdb3fad5e9e01bec473e0e0ccc7940ee79d570cf59c778e76b

                  SHA512

                  db004ea83721b416bb63165bf10cf1f9321f44f94509132273c9da48c5961026551c313a21d0f0e358f58f25ce72f4c05afc67b30f758d25f27d4bbf1163ea9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\prefs.js
                  Filesize

                  10KB

                  MD5

                  b6a03b0b12a325df55fc77c7276cf55f

                  SHA1

                  98cfce22bf2ff32e54043253ccb7b0457c3e7aee

                  SHA256

                  1a02670595e8434968c4901753a4252b71a3f58dacd73affc9d6e5e30a266227

                  SHA512

                  245f37a10c3ed13dc31316d3af984a4868ee17ca985d5d4a58e74dcad63156c4733c06f9510abef7bbdf72655c27204a149779906e8cc777b22ba0bd8034fdf8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\prefs.js
                  Filesize

                  11KB

                  MD5

                  16f57ed4f561f3ea2bae92850cf79ac4

                  SHA1

                  7bb5c813998f0dc7d0ddb056c70d73a678453e70

                  SHA256

                  ff4a92ae4050f63fcce15d5debd9db357eee1ca361a4c481cbd2a2ae5d8b8e1c

                  SHA512

                  a8ffa1cdfbcfd8936c540b7bb7032ac3ffc338289897c08925bb2c87c67c4bd052663c8f2ca7e6e73026967c89c3daede2367c04899827554caa5cb051e1ab76

                  Download Submit