Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://digagolf.com

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2024, 05:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://digagolf.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://digagolf.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5096
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://digagolf.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1488
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1936 -parentBuildID 20240401114208 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56361ed4-816c-493b-8c86-c269d4124987} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" gpu
        3⤵
          PID:3804
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f8d0d25-d96b-4529-a122-0e44904a91f1} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" socket
          3⤵
            PID:2812
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3080 -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 2952 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20480234-847c-4f3e-b723-807c25be38bb} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" tab
            3⤵
              PID:3840
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2704 -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3548 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc3fecfa-e069-4846-aa95-e36a8126fea1} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" tab
              3⤵
                PID:1476
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4624 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4436 -prefMapHandle 4460 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {923751cc-9018-4ee5-b09f-d33bcde8f585} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" utility
                3⤵
                • Checks processor information in registry
                PID:4368
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5252 -childID 3 -isForBrowser -prefsHandle 5168 -prefMapHandle 5180 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16fbd13a-2b43-416a-b9e4-b0d0ef080e22} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" tab
                3⤵
                  PID:1664
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3212 -childID 4 -isForBrowser -prefsHandle 5640 -prefMapHandle 3216 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aff70f0d-14f3-4fed-aca3-ee91325f96fa} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" tab
                  3⤵
                    PID:2916
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5776 -childID 5 -isForBrowser -prefsHandle 5780 -prefMapHandle 5752 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a023c77-7fe4-47f7-842f-2bfc89d70c1b} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" tab
                    3⤵
                      PID:2080
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5960 -childID 6 -isForBrowser -prefsHandle 5968 -prefMapHandle 5980 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {208a600d-5edb-487e-aabc-149771b22e3c} 1488 "\\.\pipe\gecko-crash-server-pipe.1488" tab
                      3⤵
                        PID:4552

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\activity-stream.discovery_stream.json
                    Filesize

                    39KB

                    MD5

                    3632a1de83941bd46d83282eb30c6132

                    SHA1

                    3c5f986ccb8025cf51260ae00d9ff9e8869a4298

                    SHA256

                    93f0e0e2629426e276fb41f6a4238aebe031a531746c9bb98bcb949beba8d71f

                    SHA512

                    a4ddedc4fdeb1ac3e27c8d6f130100d0a62e12064fab07c17f7197d8488bd4bad10aae2f23d3c47112c4e843e6af41ce272f892b4749b2eb52a5065c1a601f53

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
                    Filesize

                    13KB

                    MD5

                    c32e6249f05acb395882ddda47102471

                    SHA1

                    04f8607511a29d12b119f790abc6a3ead2abdcf4

                    SHA256

                    4bb12a027ace4c57a27e6a2a32fce2e305f065ab6fe6e132fb5655c928e782db

                    SHA512

                    88eb0b6733331d37039947073650c62d2196f0ef069b6cb0a8ef709532095aa97c3793b4e45900d7154d6671b6d1956c22a9fb731caef512118e63463a41480b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    479KB

                    MD5

                    09372174e83dbbf696ee732fd2e875bb

                    SHA1

                    ba360186ba650a769f9303f48b7200fb5eaccee1

                    SHA256

                    c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                    SHA512

                    b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    13.8MB

                    MD5

                    0a8747a2ac9ac08ae9508f36c6d75692

                    SHA1

                    b287a96fd6cc12433adb42193dfe06111c38eaf0

                    SHA256

                    32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                    SHA512

                    59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin
                    Filesize

                    7KB

                    MD5

                    a12022d1243225c39313bdadd5c2bea5

                    SHA1

                    6aab2e723f6d1e0c9d9b0aaba4807ff2322f7612

                    SHA256

                    e1648f4d0bde9a10c72e79ab09b742e68bbbfee2dab797f04ebd933ddb7eac46

                    SHA512

                    a362c441c8273a4272d7d326071760315ad72a81cb056ed178b0fd50350b7a66ad46272263748eb9f801249536448388d41d1b3ee87694c42aa2a565c2d96093

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    ef90a271a50561457a3dfb01d8d1d2d9

                    SHA1

                    14cd7f2dce73d6f5be581c530f6dc47b7a5150d8

                    SHA256

                    90dc45bb74f80e3d0329e640ac98b5832beccb763557df4f0341786565c50e08

                    SHA512

                    ab4aefab176a3c6eb9b612cd0c6f36ec1056fc3fdcbe697ace1938c4dabad89831468132ecac246009108b977f186905a5cb6a484b0503613d132c3dc9e94731

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    15KB

                    MD5

                    6378b2b248c3fb87a06d5dfbc792e401

                    SHA1

                    e68a7b3f4363d26debb4861060b94f3e7e0addb1

                    SHA256

                    307d3fc680d4632d0db7190af0bab20e8a3a5281207ce8d93c5f8daeb1a05804

                    SHA512

                    1b3282e8e4ee0cf74779eca56f81036732aa69092478cc00bb3de3d8c3c4f429462f2944418698a560d403c9d200db11b53ddebd494323cfe8d02be9fa2dbae2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    32KB

                    MD5

                    eb983150002d10a99fb518150b0c73b3

                    SHA1

                    54ce074a2aa0dff4538917825d97f1cb20cf0bbe

                    SHA256

                    f6a2cb7a55c2bf27ab1278cc9bfd0033b1d7df9650a8693487df8fea55aae6d8

                    SHA512

                    9c27294194d752854851f0d9aab30341f6b0d88d969985db59661b78722edcb77eb150ecd56c930e7178ead80dcc3551958b57a3ca23638c824efc4aeb5ba755

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    6KB

                    MD5

                    bebe4b0b8c429536a4318a157ea84a56

                    SHA1

                    4e8a447c85593d896e85ba84abfcf0c5860f8704

                    SHA256

                    e1f17cdb6ff8df22a16f5bdffc2125a5eba127ee045260c3c5e21ba844ce0e47

                    SHA512

                    01ee333d74265cf30eb07b3918117ec98c1b360188ca2e07ff3d6e13f7c95db40e079e12edc81942ffe897c649d8142df4537d8ef01dc053a4678da1995d8568

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\626d6a5e-626b-4ee0-9c4b-30d1840e2850
                    Filesize

                    982B

                    MD5

                    9dc298205dab01a7714bd24733a1d077

                    SHA1

                    f09f9ce6f1c61bcc55ba7fc543d3cdb0fd573c52

                    SHA256

                    438d60255438023ac0a34dd66fdd41e825db5cabd11299692b582887560b29fa

                    SHA512

                    3333f45130738b7b2e1266876f7aeb6d434eec1d1e12d8fd165bec551c59a41a7a16a91c1275fea57aace65cdb04dee74f9ece64483ea17a1c6c2eb3afb0f255

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\82e4a06f-3e23-494c-a182-6cbcd8d654d6
                    Filesize

                    27KB

                    MD5

                    9ff5445ac77fccae2323cdaa514af1b8

                    SHA1

                    dc906c4a65226b649b9a07a968c28bd7f1b7ddd5

                    SHA256

                    db3aced01c652d066be665957707c92218808188790f38b296582df2b8ac54e0

                    SHA512

                    3fbb01fd2a9b7f976a629602c083dfccc0a77241763b7d8835a592b8309d6c271fa000fc8c0d60d467bca7a08918440eb128bbcdeaef83a37fe4e3a05d3ee038

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\bd2c392f-a80b-4381-97f5-00d276510900
                    Filesize

                    671B

                    MD5

                    eb966ebda74e5ff042ea3afbe3458217

                    SHA1

                    a0caf0643e1d087b784b782e2eecab77a8373b76

                    SHA256

                    1bf9de4bd2313448ce10c54ce7409fd413b6c5c6739c73fdd7f7250fdf7f1bdb

                    SHA512

                    2072481c46376080933839e37777083847334a997d03aed73996c6f5425db3da52e663e908deb3f7529afe75cb6b914e6d2008142fb13237c2fc0b18723a2509

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                    Filesize

                    1.1MB

                    MD5

                    842039753bf41fa5e11b3a1383061a87

                    SHA1

                    3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                    SHA256

                    d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                    SHA512

                    d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    2a461e9eb87fd1955cea740a3444ee7a

                    SHA1

                    b10755914c713f5a4677494dbe8a686ed458c3c5

                    SHA256

                    4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                    SHA512

                    34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                    Filesize

                    372B

                    MD5

                    bf957ad58b55f64219ab3f793e374316

                    SHA1

                    a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                    SHA256

                    bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                    SHA512

                    79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                    Filesize

                    17.8MB

                    MD5

                    daf7ef3acccab478aaa7d6dc1c60f865

                    SHA1

                    f8246162b97ce4a945feced27b6ea114366ff2ad

                    SHA256

                    bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                    SHA512

                    5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js
                    Filesize

                    11KB

                    MD5

                    8ead7f52ccb5d9d3f9e5e000bd8e089b

                    SHA1

                    850a3d0aa90f3b43eed2aed2d2990c04a6c76f0f

                    SHA256

                    98bd5051b7506d35083b61ac28a9d58c4e8588879d12f502103fec1707de6f3c

                    SHA512

                    748b2bf3c771e958d8afbe4f146db7df90ea33f1b5a01049f95956259e9ba8c8efea2de24e301b38ff3c739f055d2438b99e06621b14aa313b809621df66bef5

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js
                    Filesize

                    12KB

                    MD5

                    1e394ef9ca4c3cbde499a715acf8c8f8

                    SHA1

                    68caf66caf1998101f067daf96a2baa699df25c9

                    SHA256

                    ed2c3fffbbaedc73d390a1f680e4195ab5a26b5ead555188468fe885b396eabb

                    SHA512

                    108cfc2172c07c2e2bce03c57c8709f1920d73a0915fc6c349c622009626f2ead29eb1530d86ccace70e1299b8d1e14afac04d5e8ac4cdf7490567a24c9261d3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js
                    Filesize

                    11KB

                    MD5

                    8c8c0ae2efc68c9af6f4b3b3cfedc0eb

                    SHA1

                    a3a071381a3eec9ace92db5c5e3adf6967c33dd3

                    SHA256

                    90b456ab9c8503c108aa5f1f951aa3d183f8806a5253c40646ce8335c5e9c6cf

                    SHA512

                    e953c3ce3ab8da04e2952e79acc71255c7edb06f716ea4a122d751fe9cff90353ca1834419c5d09cec6107b73f5bf1b73a7943664908778cad8ca4e998e3d890

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                    Filesize

                    1KB

                    MD5

                    ff4776d850af09922d50c59330f6b0da

                    SHA1

                    e9cf4f5b50ee4ac6a26017c0fa14eff8a8ad1a27

                    SHA256

                    4d2e217c9b30fce6a31a23cb95c1327bb26aa983796cb2ce286a128d4de639e9

                    SHA512

                    640e9e863055a9bb4716cf53090588dca8b917ee726b2ac95574723d031eb0ce168cc40748f671b3849a8b1b74f90b3c02b207b17d56553297248572cf06dadf

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
                    Filesize

                    1KB

                    MD5

                    ecee64f43a7c7581fe516791e416a880

                    SHA1

                    58e5f4f4f73654969d39c79ea0fec7bd95c4248e

                    SHA256

                    cb93a402494015e2a4e933013abee40339e36de249880c256ca624b61a27e97a

                    SHA512

                    7abb4f2a49c45cb58c1f9b97eb2e0d3ca545b402c9543cea00a003ae048bceb9eeafc693ca881ecaa6b3821ed080871adc97a2c4cf12ba821c381dc5c3ed0165

                    Download Submit