Overview

overview

1

Static

static

1

URLScan

urlscan

http://eu.sparkpostm...

windows10-2004-x64

1

Analysis

  • max time kernel
    123s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    01-08-2024 21:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://eu.sparkpostmail2.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://eu.sparkpostmail2.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://eu.sparkpostmail2.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4236
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b376995-4d37-47ed-a3c8-038e75394db2} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" gpu
        3⤵
          PID:2336
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b7b90b0-d9d5-4473-8812-e38245ffb3d5} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" socket
          3⤵
            PID:1488
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2840 -childID 1 -isForBrowser -prefsHandle 3012 -prefMapHandle 3044 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95e03411-a049-4252-8554-4217e49f67e4} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab
            3⤵
              PID:2404
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3700 -childID 2 -isForBrowser -prefsHandle 3692 -prefMapHandle 3152 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dc60f87-af1d-48c1-9a23-3bf0fe59083e} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab
              3⤵
                PID:4688
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4332 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4344 -prefMapHandle 4300 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a1ba2ea-cf10-4d7f-bbe9-c107a190942d} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" utility
                3⤵
                • Checks processor information in registry
                PID:2956
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 3 -isForBrowser -prefsHandle 5228 -prefMapHandle 5332 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b0314b7-3904-46d2-8fdb-699337a352ae} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab
                3⤵
                  PID:696
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5560 -childID 4 -isForBrowser -prefsHandle 5480 -prefMapHandle 5488 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {285d00c6-688b-44e0-929d-df9b811161b0} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab
                  3⤵
                    PID:4440
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 5 -isForBrowser -prefsHandle 5692 -prefMapHandle 5700 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02375fd5-3d30-4800-9fad-a1907fcfcf55} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab
                    3⤵
                      PID:3912

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  19KB

                  MD5

                  9519bf1175645513f54259203dc313e8

                  SHA1

                  4ab01e261a1f5875473c541feb0de49a66a3113d

                  SHA256

                  5fbfec88282900a6634eb258a3219305089b660eb02a3c2a480cef89618b5ca6

                  SHA512

                  3f28495e87db231d0aba579a62ffffea20cbea58ba48b19d22ed8475428dc997b859864da4955facd31f31b152a2efe72fedcc8a33bb8b8c757c86ec5f27ce70

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D
                  Filesize

                  13KB

                  MD5

                  7aedcd1ca761b175c810f3f7f6c5a273

                  SHA1

                  2afe236c045263a0fcc4e022b9ed8ab6c1c891a8

                  SHA256

                  049cb9ca6c3f933e3cc36639f0ce5274d695e8c577766dda2a9e0a64b7782af1

                  SHA512

                  c54735ec78afbf04b0b9987828419ab3a903c459dd23c0a5f589afad1e45fb77a2c9940cd448ec623281359a598407f6874b88ef9bb1cee59fe091272668e73d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  479KB

                  MD5

                  09372174e83dbbf696ee732fd2e875bb

                  SHA1

                  ba360186ba650a769f9303f48b7200fb5eaccee1

                  SHA256

                  c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                  SHA512

                  b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  13.8MB

                  MD5

                  0a8747a2ac9ac08ae9508f36c6d75692

                  SHA1

                  b287a96fd6cc12433adb42193dfe06111c38eaf0

                  SHA256

                  32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                  SHA512

                  59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\AlternateServices.bin
                  Filesize

                  7KB

                  MD5

                  a2c5121030463443c3b921a957e6fae8

                  SHA1

                  cb758ba744a7f9d358a07fbaa48e2157a2d7582a

                  SHA256

                  c110f09eaba81606519c1610287fa16e7c3a7a466c16f675111035b0b5fd8bfc

                  SHA512

                  ec0e32ca34f499429e28ca02b13202f637b44a865449fdecdf6bf00a763b73c1e31ed98ae7c00f67b317616765595d4115eca54f6ee757697b04a067f069e4df

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  14KB

                  MD5

                  9bead13322218a16cd3d040c8b03e45c

                  SHA1

                  81d5e7bac9182c4fdce5d625a55bdabf34842f06

                  SHA256

                  a714791a59d4391f85dba61e0a51e4d1a2a643dbba12f3e7340a05b49aa10fe9

                  SHA512

                  72b2060bff2a0813f4d5dccb30909c96d956451974ff0d9cfe10b5898bd32d7eb94ed855d25888b32c34e447546578ecdab86f2ea2ccdeac0445cca768032243

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  6KB

                  MD5

                  62a65f7b9dcdec1bb4445287770ad2b3

                  SHA1

                  1c0c397e031f38190ac926a3926e467d95ab0b77

                  SHA256

                  67f9fd1c6b08c5bd1a842efbea2d2e81ab376d85705023fabe2a294543baf7d8

                  SHA512

                  3ce0da50600888748948cdbb3f43fd117bc61569a0de6881649892e22abc57e04be5070f4f3c8869519757fd186deda83ed9bba025276af431cd0ca95ad5be74

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  e9f3423fac1044bb3dad7e353493454d

                  SHA1

                  3d8e69df628290c9e4d34e4da8b280aa54c66b47

                  SHA256

                  4bfbfd9e145c9b08ee4e5c3f35bd33071ae325dba022b1d4d510979ac7c663b4

                  SHA512

                  24f0d919e8b8a2e8fb9322857d2be809b5ffc3287931190e08c34e171cd8fc3c4c0628264c23b481d1f187c2a180dce04acf08206a2aae0b10934066c10c1de2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  6KB

                  MD5

                  ae57e58330bd88e52ed9565c192f7dd0

                  SHA1

                  f5754e657d32af13e9e2a6ea2e5f6333d9d193fb

                  SHA256

                  530cd7256edd89023fe10a91513995e3f8f7db67f93e3d09e7e89811fae83a6d

                  SHA512

                  15af51d23d12d3c0499f8f1cd687fd8a291a44cfc2250683d598a07a16ca3c01b38562f7b8529dd2da315e5d8ba3ac724cf4b6ab5d13703320e3b4b3bc9785b4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\datareporting\glean\pending_pings\0843e5a5-4a6d-4e12-9eb3-dad7442aa106
                  Filesize

                  982B

                  MD5

                  9bd1475812d3f7f471a4ed8d89f30d0b

                  SHA1

                  0737a0631ef9b6dba3d1268465604a35bbf39641

                  SHA256

                  68b8779604c356cb90b6f3217fadef397c0941fc9770193b9bf48d9e53908559

                  SHA512

                  afc35f4b6b5c09320f193c16e32444ade62b4ca39b28a31c98fcb487d2f89182436d07f9fd04f1db585ec21480ac3d0ed9366ac61c7054730ef0741366338175

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\datareporting\glean\pending_pings\86814f6b-65f7-4c02-b8ec-ab6e37ba846c
                  Filesize

                  671B

                  MD5

                  6f66727010a1a90e6a2b0fa7e6d7c808

                  SHA1

                  8fd489f234140fb67a095227239c6671f436c0c3

                  SHA256

                  9dd26e696e8f1ffbf9ad54d60e58f8ec6c4fa708f8643022e2aca88612168087

                  SHA512

                  c48d75c163e096088efc50aa6a63f68edab18716bbef180799e69f9d179662660f907cad80cb9eb47956859c157a2216506f4dbff4cf614aa3703cf28cbc1798

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\datareporting\glean\pending_pings\8ded8976-12e7-4f52-8578-97a74dda5fea
                  Filesize

                  27KB

                  MD5

                  e495e5ae40e0e35b3e9f6127880c2f0c

                  SHA1

                  6bccc3ab86b3838cb54d8550882b52ec25f0bbda

                  SHA256

                  31e94eae28a02ca1b51675a9dca943a1a7e02b6556b4922575f6c19eaa663748

                  SHA512

                  72ed849715d78dccd8e0037e9b14a1fcf58a7faeaf60f2bfcfa09182e00871a6102992d11c68777472ae20f425ed45c4901b87c95cf78c96312014604636277f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                  Filesize

                  1.1MB

                  MD5

                  842039753bf41fa5e11b3a1383061a87

                  SHA1

                  3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                  SHA256

                  d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                  SHA512

                  d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  2a461e9eb87fd1955cea740a3444ee7a

                  SHA1

                  b10755914c713f5a4677494dbe8a686ed458c3c5

                  SHA256

                  4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                  SHA512

                  34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                  Filesize

                  372B

                  MD5

                  bf957ad58b55f64219ab3f793e374316

                  SHA1

                  a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                  SHA256

                  bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                  SHA512

                  79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                  Filesize

                  17.8MB

                  MD5

                  daf7ef3acccab478aaa7d6dc1c60f865

                  SHA1

                  f8246162b97ce4a945feced27b6ea114366ff2ad

                  SHA256

                  bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                  SHA512

                  5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\prefs-1.js
                  Filesize

                  12KB

                  MD5

                  54cf7cc339d8674c2dd99c0dd484e633

                  SHA1

                  67797bad4351ee8ada0928e878bc9f876fe21da9

                  SHA256

                  b413ade5b6907f800167b6d35758e5ae126a38748e123626f1f792d625d4c069

                  SHA512

                  4116baa952a15b82b6295a16cffab5498e43873b885692014dd69fbba74f49e56335513746fa52737dc7d16056b343098f653761324250b696ba62f638d62e52

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\prefs-1.js
                  Filesize

                  16KB

                  MD5

                  c947c92c265c060c28896838c2a9dfc1

                  SHA1

                  fa7817e22dbd68bd22a7c4a2531f6d5bf7a1d68e

                  SHA256

                  742d343966c2624cc017f35c97c22159ab7116ea8c23f260bba935913fa54a49

                  SHA512

                  654a604b3ec5dfc444b33a2f9d559eac08cd4c98a618091e5ce9265b05dc0cb8635123c82eac817570fef4170e2cd3e8f37088042b1c84ebd76f4a445ddd93da

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1hjdrzy1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  1.2MB

                  MD5

                  1a870eea6ec625e9e2729b8bca557dd2

                  SHA1

                  20356e9c3674a67209ab67efab1cac27919cf1a6

                  SHA256

                  b3457d01cba27d961e23935a9ff20f6222128f5a84d79a3a1bdb6f1348ee082f

                  SHA512

                  6fc64542561587eddcca58addad1f7013ed0a1b905ba24e9abec85df6e63db9d9d9492954eaa95c08e7fb7b20f761cd9df5316c1269aa464cbbcbb891e46df22

                  Download Submit