Overview

overview

1

Static

static

1

URLScan

urlscan

https://visitor.cons...

windows10-2004-x64

1

Analysis

  • max time kernel
    47s
  • max time network
    48s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-08-2024 12:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://visitor.constantcontact.com/do?p=un&m=001iw0lbbaZ-EIHNb9Q8fEIAQ%3D&ch=ca7fab50-500f-11ef-8d3d-fa163edce0e0&ca=59c557bd-6ad0-4b32-a7fd-485ec1dae367

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://visitor.constantcontact.com/do?p=un&m=001iw0lbbaZ-EIHNb9Q8fEIAQ%3D&ch=ca7fab50-500f-11ef-8d3d-fa163edce0e0&ca=59c557bd-6ad0-4b32-a7fd-485ec1dae367"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://visitor.constantcontact.com/do?p=un&m=001iw0lbbaZ-EIHNb9Q8fEIAQ%3D&ch=ca7fab50-500f-11ef-8d3d-fa163edce0e0&ca=59c557bd-6ad0-4b32-a7fd-485ec1dae367
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3612
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60c55b90-a4ed-42ce-bfb2-b5b17c98c99e} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" gpu
        3⤵
          PID:3204
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2472 -parentBuildID 20240401114208 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5a3ccac-09e6-4bbb-8621-d1cc561970a5} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" socket
          3⤵
            PID:3808
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2816 -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 3196 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {792c4b13-b8cf-493d-a807-ddeb798a5fa4} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
            3⤵
              PID:2136
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3432 -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1374f63-4da6-45b4-b9e7-3e497e9986b0} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
              3⤵
                PID:4168
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4820 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4812 -prefMapHandle 4808 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6d263b5-e5cc-47bc-91b3-543ed7a6824b} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" utility
                3⤵
                • Checks processor information in registry
                PID:3476
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 3 -isForBrowser -prefsHandle 5408 -prefMapHandle 5432 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2102e666-1d5b-44a6-9cbc-34696024dff8} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
                3⤵
                  PID:1160
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 4 -isForBrowser -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bcb6be6-1804-4804-be24-e5e1415fbb8f} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
                  3⤵
                    PID:1256
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5756 -childID 5 -isForBrowser -prefsHandle 5764 -prefMapHandle 5768 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7497dac7-bdb2-40da-bb8e-644d535d3c1f} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
                    3⤵
                      PID:2364

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  18KB

                  MD5

                  5d9b15f71d24e243653e39053f3ce119

                  SHA1

                  6b149c1ddc893562a144076d6c98cee16ac82205

                  SHA256

                  72a4f797471bbc9c08b95ff2d7dfd0193c7aae8be40acbf9c54222e851521585

                  SHA512

                  8c1c369b862555d7fed1c5add8c90b272e6e3aadf240e49d6cf3d972323050b275a7f8593c82554988b0bb385ae47abb5e9e5152c6c4c5bdccb99ca7ffc7611e

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  479KB

                  MD5

                  09372174e83dbbf696ee732fd2e875bb

                  SHA1

                  ba360186ba650a769f9303f48b7200fb5eaccee1

                  SHA256

                  c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                  SHA512

                  b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  13.8MB

                  MD5

                  0a8747a2ac9ac08ae9508f36c6d75692

                  SHA1

                  b287a96fd6cc12433adb42193dfe06111c38eaf0

                  SHA256

                  32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                  SHA512

                  59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin
                  Filesize

                  8KB

                  MD5

                  4832b46ee5290e60f237a4d698243dd5

                  SHA1

                  ab27281e907a2037d569844f9793ecefafc963c5

                  SHA256

                  0ccb498f59c5498ff552764bf162ffbe803bd548967ea64837ff27fa010daaa2

                  SHA512

                  08dc7a0e301a2e60230bb8c1f49f7755fe3a4dd3baf5d91bbae4da6166b808d8ef182a0be6a7edd7425c8548595a159cd6a2073dbaf863a11964ee244ebb25eb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin
                  Filesize

                  13KB

                  MD5

                  2da622ed8bb7a78ab85636e367399c2a

                  SHA1

                  7a0f041d20b9642c8ec4fa524b1dea2babdad6e2

                  SHA256

                  a5dea1715b6b0b7b7e40590ecc6b6574a3bc27b734502859786a86d689b8a963

                  SHA512

                  94cea682c5efeff6d3ab748f40200920e194ba55e3b674cacee265cdfa719f6d9c00d73ca9a5a81b1ecc3d6d52fd947a77808c3f68967219a123fe38b7836047

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  0546f874a1e2986fa528ec5a52999f4e

                  SHA1

                  45352bfd275ec76b376a599be4ddaa07b4cd1b8b

                  SHA256

                  844632d20b66c0c8ca4cdbbb7c89197c5d96adf32f000be146ce9c5499a799bc

                  SHA512

                  d4bfb2f97cb46c2ee201e167dd274572bc7125f1a57336d5530f57fae004a60ceb0edbe90011db69dd4cb876f30e7d2a79db913330ad4aeec3052ddcd9fb49f1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  27KB

                  MD5

                  67bcf400639464e5e9e17ea31aa58ba1

                  SHA1

                  7c5e983be75444f6ecb4ad81931abae0ceb36806

                  SHA256

                  ab58d54d4a9fd2786ec15b54e233ccd6f4d77c2bf700d1f62a103b4c3b45b2bc

                  SHA512

                  eebf7e8e5d1d8887179f371e37fce88aa40cc48c026d7b5133fbb18ebcc22a85c07b14611a21367372d99796fbbe07844eba53a7c750491cbd91f8ecea880c3e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  6KB

                  MD5

                  4e3ff35e6ce530faff852c1d0a90d48c

                  SHA1

                  2ef8b99268096ec51588eab3d3e42235c5c6e098

                  SHA256

                  f27da7aba0f9ff650c30592933ee8eb00e2ca6cb43e59956fabfca29ffc8636b

                  SHA512

                  bd3f4d465b527b0b96181d67f78d9ce44c29986a1d95f41a4daa479bcae99ac8260f5c22502da65b4a382458d3e87e6f23c8166fa6b568d557db214c651322d4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  4KB

                  MD5

                  f25440ce9204df9fd73070c929e74623

                  SHA1

                  9661c3314cca6be5b134893de50dcc82b160600e

                  SHA256

                  c6714575acc26b320b4ad580d8fc873bc75b17f64e3c8609f1315588cf21b7dd

                  SHA512

                  555eafa3e51ce7dd9029b6a34846cd86dc09c8940a6ed8217f18a4449deef9ace59ef818da9b180f1c7a7b881dac4daa0cecb0f0eb659fd4a7b895c9a1f50b65

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\255cd397-5d94-47ce-924c-64b14838151b
                  Filesize

                  671B

                  MD5

                  8be7a8a28b250bb9663fcd9ec3c99322

                  SHA1

                  47929747caf234e98a5dbebb269602dabdb310af

                  SHA256

                  a7d7370bc46a1a49d206c02658bcdac76172e2982d68474e60b72aeb489ec078

                  SHA512

                  b306083f3de08bf511e21d7b4505eb21b1dc1c484290516a147230edb57376a6d9c6a1a03f067e13cdffe3149143585786437d7d38f94a52e7970048b0d88261

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\ee772d63-acf9-48fe-8c26-beab99a4a008
                  Filesize

                  26KB

                  MD5

                  819411b3d0b9a8393983ef11978bc849

                  SHA1

                  52d5f386fb36d6368238e42d5f600537f17f6519

                  SHA256

                  2ff849ed3652cd925b070394cb87fe466fe24b9dfc12b91493134b870e8db396

                  SHA512

                  50c105cdcb05c29c7fa93151c0f26c255784cb2c842ee25b7bdf22e682b0c7f22b9bc2d29644f4b542345072b13bfcaad8c130c3596395156ec0b341a2bcc169

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\fab25dd5-f43a-4636-b55e-a938a07a520b
                  Filesize

                  982B

                  MD5

                  e81b8b21388bcf4731abcff231688593

                  SHA1

                  3a575f1cb8971be279ca0fc796e2e962d2d88958

                  SHA256

                  aadf6fceaa2f06fe29ea44c1f33fb92f5d3516fff12b37d77d6d12d6afb2ad5d

                  SHA512

                  887aa94b2fb1f54b1be6f4bb7a942d3047adeca327c9d597aea2f405319ac99b28925ff9daeb2dd1e56d94dcb64c30e8a82d950a6fa341731a6cf1b0e6efff6b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                  Filesize

                  1.1MB

                  MD5

                  842039753bf41fa5e11b3a1383061a87

                  SHA1

                  3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                  SHA256

                  d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                  SHA512

                  d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  2a461e9eb87fd1955cea740a3444ee7a

                  SHA1

                  b10755914c713f5a4677494dbe8a686ed458c3c5

                  SHA256

                  4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                  SHA512

                  34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                  Filesize

                  372B

                  MD5

                  bf957ad58b55f64219ab3f793e374316

                  SHA1

                  a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                  SHA256

                  bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                  SHA512

                  79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                  Filesize

                  17.8MB

                  MD5

                  daf7ef3acccab478aaa7d6dc1c60f865

                  SHA1

                  f8246162b97ce4a945feced27b6ea114366ff2ad

                  SHA256

                  bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                  SHA512

                  5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js
                  Filesize

                  11KB

                  MD5

                  9036ffe26fed3ef1e66615bb06a5cb45

                  SHA1

                  b2aa058c39f15d83e653054e0c1591b33a4129da

                  SHA256

                  74f66ce186d0a3dbc3ec85596fedf9dd8ecdc70dd1ce931a5d857648f86006b1

                  SHA512

                  91f4b3b9c26ca30b8d9db550403cdeda5bc85d950f95a1199b5c76f7170e33c0cd9e887f26de97b7c04af415168389d27fc29451530c884f0ea99660d103a31c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs.js
                  Filesize

                  11KB

                  MD5

                  455d3566affa8d1544cdc5ee30d40e19

                  SHA1

                  7fd4b8f58e6a289a8974622f3039e07c9f6c773c

                  SHA256

                  abaa4d21db2c12f58b2c8be8c36e470ce877072bb7331dd4aae23deb17d8ef95

                  SHA512

                  2cad6eb9ac575400658a42d83b4985f9e0bb0787beb6ba575e8a0dcd645d6e6070c573ccc41993157dd0deb5aa331bc7a336059c92c8df3ccf2c0421910d3974

                  Download Submit