Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://search.huism...

windows10-2004-x64

1

Analysis

  • max time kernel
    18s
  • max time network
    19s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-08-2024 21:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://search.huismetbenen.nl/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://search.huismetbenen.nl/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:8
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://search.huismetbenen.nl/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4232
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1352 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf90c8c0-02f7-4299-b7de-472418978cab} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" gpu
        3⤵
          PID:5064
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24d5cb51-d672-49b8-be41-843ad8d3cdf0} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" socket
          3⤵
            PID:4108
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3080 -childID 1 -isForBrowser -prefsHandle 2656 -prefMapHandle 2572 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63684653-067f-4f4c-8921-ae88f4bfd411} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
            3⤵
              PID:1388
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3872 -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 2712 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d89b7e0-3085-4949-90ca-700da75f7449} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
              3⤵
                PID:3092
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4600 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4596 -prefMapHandle 2712 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d976db8d-e151-4903-9d84-feccc494b4c0} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" utility
                3⤵
                • Checks processor information in registry
                PID:2872
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5288 -childID 3 -isForBrowser -prefsHandle 5300 -prefMapHandle 5296 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {287c5209-81a2-4adf-a697-05a4ffa17fe8} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
                3⤵
                  PID:1076
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5440 -childID 4 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4f47a3a-c824-4685-bdc5-8dd27c93ba5f} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
                  3⤵
                    PID:3852
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5724 -childID 5 -isForBrowser -prefsHandle 5716 -prefMapHandle 5712 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57e8267a-5d70-437a-8bbf-306cb4ef5820} 4232 "\\.\pipe\gecko-crash-server-pipe.4232" tab
                    3⤵
                      PID:3812

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  18KB

                  MD5

                  0d910cf8ce742c3c6b68dae169c4e345

                  SHA1

                  50c6f64b24825dc2a33c65a2a192fb289541c1bd

                  SHA256

                  a88c929d3883fb74d9a739d202e3feb414baedd522140ef89c59fb5131618863

                  SHA512

                  1ae507d267338633e98ea9a895fb539df8505f4c194df2db16d1c615fd219cc993342d81347352290bac115f57bb7d9f2c5865d8fb370b0f743649081c5a5d25

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  911b627eaa1fe9f7e0a3190404b54d0a

                  SHA1

                  7e6b2fff5e6763035dff05f81d60dcf3f74e4445

                  SHA256

                  f13afc1a1ae754e2ae55069746675a55b7ba79f08fbacd5fed02b5c2be5348ad

                  SHA512

                  6ba9e1d5718e20c023b5910a7cfb29c96ad5a5329941d87f122a47f65aed76747c69c6b0dc371eb597086847ff46c0551bb366608de608840982a57d8a50f575

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\060d95b2-abba-4ce7-be60-dee19402b53c
                  Filesize

                  671B

                  MD5

                  9b3bff9133788c7e5e50ffae5275373c

                  SHA1

                  b74b1246517142ca0bc827c9aa3e4c8fb2392857

                  SHA256

                  e0fe79966b2fc277431010755cd3f7f9560bc809999bcd85b29349abdb6d161a

                  SHA512

                  9ade8a29cc893f6609da196ef12c6ac8bd984304101f0eb0f0f7d69485a9ab366fba9fa77a4ee33fd533c9cda495dc53dccb7f64cba3c153d13a54b7966b3626

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\57b4a341-3428-40f3-9051-bfbc844f9b74
                  Filesize

                  27KB

                  MD5

                  eb317e36b1164de22c3755ccccbbc3a6

                  SHA1

                  210544a04fe38bcd57298abf046b356cd52c8663

                  SHA256

                  d3349eba06ae7ca506167006a8d460cc05592fe7149f32c7e8f1cb5d6bd1fff8

                  SHA512

                  0c29376c59d8dffbece2b2cd212eda2ef7a9c5550c408cb28486962838102ba85352069fe1898b9fca8f4a013608bf84693f9385c1b010bbe29fe92cadfa338d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\9755a9f6-fa92-4b0e-8465-7df33e4a337d
                  Filesize

                  982B

                  MD5

                  0e88e5c044fcbeec9771f32654aa9f4c

                  SHA1

                  ec5a44339b3a12f5150de533fba626f99a6d8e66

                  SHA256

                  29da46c13e3352f221fc0b5d6b88799c3c638889a1c053ed7a1b70cb6600283d

                  SHA512

                  9c3075f76e28b144f1491784cdfa95fb7cf45a588d8647376c5e261eaf7b889017c1ce416bc973a4fa40a9d69efdbba8c5a7e4c77a8001b98f779b4363d010bd

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js
                  Filesize

                  11KB

                  MD5

                  c66f8d1a8b91e6064c4da0bc08e21781

                  SHA1

                  a085319363f76bf81100590bd2edce95c1fe213a

                  SHA256

                  366834372f631667a267edc624aa81b786b13e13135e2cd1a740568fc3db3a1c

                  SHA512

                  09086fd8e4270660a5c700549e5cdf3f0d1c4a525cc84d4662a9eebe97a22b6b6977f7edc6169b65c98b36b0b03ec61fc23ac735d6a86aaefd973dae107c5292

                  Download Submit