Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://i.wmgtr.com

windows11-21h2-x64

1

Resubmissions

09/08/2024, 17:21

240809-vw67csxbmd 1

09/08/2024, 17:17

240809-vt1lssxbld 1

Analysis

  • max time kernel
    34s
  • max time network
    35s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/08/2024, 17:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://i.wmgtr.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://i.wmgtr.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1592
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://i.wmgtr.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3712
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {376c26ad-d8c4-4c0f-af57-a0079414655f} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" gpu
        3⤵
          PID:392
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d75b23f-52eb-4328-a879-f479e52abfc0} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" socket
          3⤵
            PID:1084
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3088 -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {014ea22a-7327-47be-93b1-290d396e09fc} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" tab
            3⤵
              PID:1980
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4016 -childID 2 -isForBrowser -prefsHandle 4008 -prefMapHandle 4004 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {853f16f9-ae7f-4d1b-8eb9-5c67968863ed} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" tab
              3⤵
                PID:2868
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4860 -prefMapHandle 4856 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c55c43a6-8573-42fa-8cf4-55c154bbc8e2} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" utility
                3⤵
                • Checks processor information in registry
                PID:1716
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 3 -isForBrowser -prefsHandle 5384 -prefMapHandle 5380 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67e2c1ce-7b75-4d46-b04c-8610a30eac78} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" tab
                3⤵
                  PID:6132
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 4 -isForBrowser -prefsHandle 5540 -prefMapHandle 5544 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8e147b1-c211-4898-8619-d79234d16e74} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" tab
                  3⤵
                    PID:3556
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 5 -isForBrowser -prefsHandle 5588 -prefMapHandle 5596 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58d1aa13-368b-4219-a9c1-167b41bc664e} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" tab
                    3⤵
                      PID:4212
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2552 -childID 6 -isForBrowser -prefsHandle 4144 -prefMapHandle 4140 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3011a5f9-fc85-47ce-a8f0-463f3d9b7261} 3712 "\\.\pipe\gecko-crash-server-pipe.3712" tab
                      3⤵
                        PID:3400

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\activity-stream.discovery_stream.json
                    Filesize

                    33KB

                    MD5

                    9acd6557da35451b839840eabe128fdd

                    SHA1

                    00837b8f0da26f6ae7e1c50668aade3f6b664ec2

                    SHA256

                    2df5998dd2ffbf8043958cee51c7cce4d539a212a991105e2f3ae731c9d596c7

                    SHA512

                    ce6d9c74e6eb5b0c329cf94eab2626317aeac0ae6283b6bdb0088c8e76ce6e417d38a43ff9cd992feb2925be1b6c2f868d5db4d7fe58ba9d9673c57febe1112c

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    479KB

                    MD5

                    09372174e83dbbf696ee732fd2e875bb

                    SHA1

                    ba360186ba650a769f9303f48b7200fb5eaccee1

                    SHA256

                    c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                    SHA512

                    b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    13.8MB

                    MD5

                    0a8747a2ac9ac08ae9508f36c6d75692

                    SHA1

                    b287a96fd6cc12433adb42193dfe06111c38eaf0

                    SHA256

                    32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                    SHA512

                    59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin
                    Filesize

                    8KB

                    MD5

                    db76de46addc77b44f13f4bdaa299475

                    SHA1

                    a98cb11152604ff9abca66396f02211d97a49c22

                    SHA256

                    61ba9fe005c8b1cbe02976373fee3884a9513f7aeae5547f734301b2bd1599d3

                    SHA512

                    af445d0efbc0bbfbf219437cfcaa16d58ef18ef6650d8719600cf220e515238b8022b8bb2361b268b72f911fa8aa496a826476578f115a4634c09bd035cd6e8d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    6KB

                    MD5

                    456a16c185622db71655a9a56d116a4f

                    SHA1

                    8e5c049973c0d9d95b05a379934eac12e166ea38

                    SHA256

                    ea9592c1024a5d746622fa4b4f0ae57fbbd37e2dbb86c57d2d1e70a2ebd2749a

                    SHA512

                    e6a5073fd937a9136c6c48c6e42956964446142c1cdc2c6badb64f768e59c436ef895403ab16bc063d895cc23bd2395c919baa854dd6faf886a14f15cee2868d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    5776959635f12a47311b902bd35ed585

                    SHA1

                    7993925d960357b1f40330df64df45d16eac1d48

                    SHA256

                    034dbf5f6c3fc945fddfbf75167df819c9550e00f360f28409ffcdd1447788e6

                    SHA512

                    beeffd5fe051afb026a20cde32bc8940df3136546a507400cf2ad587c6cb51933e74dea8503d75acd2f980319ed2d97bdec84511fa42c378280cb01d8ba1eade

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    2ce3c33fd400fe6be4ea0666307dc33a

                    SHA1

                    07cfb4c34376d4174db6139581e69f6f2674737b

                    SHA256

                    26728cc1283e009656419b799815a57296fbb2d6353f51cf1b840077e97200e9

                    SHA512

                    fd9aa0b3edebbed02599c8ee004aecae8158720e9a9be9d31766f985b63e1d30abddde4ab1360451c37a35ef4c7d006af509d9b4bf392fc850c82205405a1659

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\4f20efa4-0807-4229-9876-50aa9b83a2bf
                    Filesize

                    982B

                    MD5

                    9a47677ef9efc40c46d4436e71476bcc

                    SHA1

                    d011f286b37f38b9bd3d247bb8ac6ea84b19088c

                    SHA256

                    310498f6cc121d1df71c7bc6e06f07e3febae3418301f7eddc6e84406fe79c52

                    SHA512

                    e13546f9ea339ace4988c1820ec5c160d4625e8d227731255ef0c7a9db2fe2c86f988557e4926fd02e737a22cbcd580e324ceb3b2c4ffd81230dd7a5ae25cffa

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\92e30f37-6e0a-4d7a-913f-71f570f7a4d4
                    Filesize

                    27KB

                    MD5

                    d2f4ab17a74775b82429c61bac919201

                    SHA1

                    07d0655226e32e13b893d9b35665e3c30228fe9d

                    SHA256

                    89b7d272ffe2eace5d0702990686df400723c2a356aa8b6f18af03ac8768fb97

                    SHA512

                    a2d1ece0f9ff67b098a0db957e7781a4da8986a180e9c01754efff115a830db8ca95b8ffbc8f0943922b66ebad2cd5363548f5bd01c0abcd686f358236b311a8

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\e658efbd-082d-4939-953f-0fdc613837bb
                    Filesize

                    671B

                    MD5

                    3c6dccde95478059596b4e6c376d3e76

                    SHA1

                    eb8868803d7facf155190812ce90a2ffe7565da0

                    SHA256

                    9dcacedcdf1d3b42bea686aee06357d84a551e33f41d1966317994a9acea8a24

                    SHA512

                    166a869d5eea84844f3aa27dda311d4023551921d90a7d89f6d8dc92415a73207c0b7d951c2e6f1a17326b6e4635fe33fb421bc761f2e5bc0c51152f56a1ce90

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                    Filesize

                    1.1MB

                    MD5

                    842039753bf41fa5e11b3a1383061a87

                    SHA1

                    3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                    SHA256

                    d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                    SHA512

                    d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    2a461e9eb87fd1955cea740a3444ee7a

                    SHA1

                    b10755914c713f5a4677494dbe8a686ed458c3c5

                    SHA256

                    4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                    SHA512

                    34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                    Filesize

                    372B

                    MD5

                    bf957ad58b55f64219ab3f793e374316

                    SHA1

                    a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                    SHA256

                    bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                    SHA512

                    79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                    Filesize

                    17.8MB

                    MD5

                    daf7ef3acccab478aaa7d6dc1c60f865

                    SHA1

                    f8246162b97ce4a945feced27b6ea114366ff2ad

                    SHA256

                    bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                    SHA512

                    5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js
                    Filesize

                    11KB

                    MD5

                    0f3906bd32eccdc7546086917c2ba76d

                    SHA1

                    d1c3b835f99d08c6ec03c3fdebb593ba32adc73e

                    SHA256

                    ea32df3e91344f83dfd77c407dd240413e467109e356c6cbcbbac95c380dc6a7

                    SHA512

                    bd3d3bcc34db5848c90f3426aabf9cd707e55b1a1421e34b80aa4fcc91af68d6a29f26a9f104354a33ebe8988af378d66f0f63fa64849f48bef62cb2b4d7e0a7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js
                    Filesize

                    11KB

                    MD5

                    739df9bde5d7ebeabd84c4c5700a36f4

                    SHA1

                    ee8d3d63ad6d946b8655d6d8e8586543fc3e5148

                    SHA256

                    d75aeda1d8f7954aa18bcbc9164abad115b4b2fe1933f82873e1746b31fe568b

                    SHA512

                    9bcadf1e07fcac76b9525024d6e0b372694cbc31aeec25dfdc97af509de3151a819f7ffde8d8377d8b3876e0c2ff7c39d98215aa613fc7099e3a20c44c38f910

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4
                    Filesize

                    1KB

                    MD5

                    028bae5ffd456387710a2c3433bbf17a

                    SHA1

                    1d3d40c04750aee7f261176f32c0e2b17c6984fb

                    SHA256

                    5d89bc98f0679089f65b3e5e3ab6e665c11dac65c9b32667ca191054555bcc85

                    SHA512

                    d3ee7cef8129b320ad2c5c94caaef9606a2ae6174388ded6a693c1d642f7e5ca5bcb3618a490b2ae84da13f9dc4222c3ccd312153f3b1be863068d63a720d221

                    Download Submit