Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-1703-x64

6

Resubmissions

23-08-2024 21:35

240823-1fjn1sxhrf 7

23-08-2024 21:34

240823-1ewxyszfmp 6

Analysis

  • max time kernel
    47s
  • max time network
    53s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23-08-2024 21:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/drive/folders/1xSV04WtBMJWphJosdg6Cip2wcwcP9WSq

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/drive/folders/1xSV04WtBMJWphJosdg6Cip2wcwcP9WSq"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/drive/folders/1xSV04WtBMJWphJosdg6Cip2wcwcP9WSq
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2092
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.0.410197203\745632278" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ac53cf4-d10f-4804-b495-8b6c371fd601} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 1780 22922cf5b58 gpu
        3⤵
          PID:784
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.1.2063727302\1876392733" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26ec33b1-e6e6-47c3-b04d-25410adbfe0c} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 2156 22922c0c358 socket
          3⤵
            PID:3548
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.2.466814601\806694919" -childID 1 -isForBrowser -prefsHandle 2912 -prefMapHandle 2908 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5a5885c-7911-46bc-babe-62bfc01e573a} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 2916 22926bcff58 tab
            3⤵
              PID:4148
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.3.333746801\1526505010" -childID 2 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e03c3255-e8e7-4143-8489-2d32bf9e0653} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 3504 229280ea758 tab
              3⤵
                PID:4964
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.4.1552274310\1387671857" -childID 3 -isForBrowser -prefsHandle 4632 -prefMapHandle 4672 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {053812c2-3d3c-44e0-be6d-303213c36cb1} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 4668 2292928ad58 tab
                3⤵
                  PID:2612
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.5.1729235365\1776239242" -childID 4 -isForBrowser -prefsHandle 4896 -prefMapHandle 4684 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb30c88a-7047-4ee3-9de5-ec7fa0a76f30} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 4904 229292a3558 tab
                  3⤵
                    PID:644
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2092.6.300862840\1753583536" -childID 5 -isForBrowser -prefsHandle 4996 -prefMapHandle 5000 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {337ec64c-b71d-4f93-80da-b26254ba1fca} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" 4988 229292a6258 tab
                    3⤵
                      PID:4600

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  52cc12ffd5e0bcf37a20f76c6055bcce

                  SHA1

                  0eeade2b3d30a5a2feded147348f6a88a5651cfc

                  SHA256

                  073c2e3bb65963f67a5c15f565a64f414479d5d904192e0d284d27b86b93448f

                  SHA512

                  01a0b149c7eafd106b1e695d2fead8fadfd7e00de9f29b57edfe33153bfbf690aec0f6d434fa2cc0970efb7a5f0faaf9139dc8d4958564d0bf64632df72f193d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\6be1787b-8ccf-4638-93b2-5164f36a4c82
                  Filesize

                  746B

                  MD5

                  d480cad684e2f377daa9a9f7d71c166a

                  SHA1

                  8097c9f63e698fd6178e169250ae4f5d8d6b9354

                  SHA256

                  71c55d2ed4290f006ff1d6c6a1cdcb0ed90b7cfbd291fa2f4399aa8543aa366c

                  SHA512

                  390314a09ef9a1e0e1348812ea593f9871e7f69731f0b79f70b35427d901cb93ca56c65eaec2ea1496a1429489dddcdd9fad688d69093c6b08b9f7034976b639

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\ebb7cc27-a02d-4f6c-b84b-72767405b9cd
                  Filesize

                  10KB

                  MD5

                  e111d6dee1f01f19c39993cedc9773e9

                  SHA1

                  e561752c68d263983a450824d3e2115e720e8625

                  SHA256

                  0a75ee589e997a2658fcb12742e51f007c816669abec995c3d7dda6a57a40a92

                  SHA512

                  13705eb586a4ca76da100b7ffc079f7727f4136da46b45299ad63292c498c2150811e4c1b085754b33da03b99966abdad90dad6600c13f0899f2a6a033417df2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  d1479764d3c959a612b399fe08c49bc7

                  SHA1

                  1a8c75eba247b7fd7fa77850e3e33f5e9d21d607

                  SHA256

                  3e29e8f17dedba129709aaaecfdf82f4cf12d276ae8166d384867035b55b16bd

                  SHA512

                  2726992b77bd4773d219d382b11f853f3a69dad5d42705516a7dcc56ca1c359abb4747f28072dc283ce6ea8d9c315eb2eacfd73296ddaea11384456b5a3a2bf6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  616278c42e3d13444a3579d3c907b130

                  SHA1

                  f0b088a69b8d21ca2240b7a4ce57c1e8521c584b

                  SHA256

                  0a92d33804398de4084aab27ee73e8b1f717d9321ea5171714088aa723588d97

                  SHA512

                  1bf4534c0e00c54248eb5455259ea92f50c67f0d3f5cf71fb36f5337adc51b3549e64613f8924f219601ac5497ecdb4af82fedd334a2dda542bbc91e517daee8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  3KB

                  MD5

                  1d92d59f4852dfc8c61145047ba8c872

                  SHA1

                  67fcdcec28392aeb0d7db69669a2b6261c28c86c

                  SHA256

                  38b6508b44001397db0942a77d0c93b315f6bf8a9a012e77b121ae30dbb414bd

                  SHA512

                  3d9db06ac947f871fac0905a28b72f1d3ab67c39fd1cfd338473b01ea59a5e14bf92b91cb78ea120c1ae37f94095dd6a49def7239fdb0c15a587c854b4472f6f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  3KB

                  MD5

                  2277d561b32aaa83f27291a132058f31

                  SHA1

                  963db29369e1e5515bce1341b8f45b97850a3614

                  SHA256

                  1c73ef2f8409cdd635e0204c2aed00940ebbe86fb18148ca52e3a3e17e614d50

                  SHA512

                  1be6b67d22e431460add0a63ce9984ea7e5b81a413b8043e49fda473fde2b989d350a756a9ae12e715c4c1661713d3f538f59e8e8aceaa586eeea6cd3831c642

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  1fdc13de64cfdb8ba3fcd71aad9d33d3

                  SHA1

                  b7649cfd66d751435fa56a4b4b20daace452c692

                  SHA256

                  fa890605b23aecfebe4300d159f10096cfaba982a942c8ce829617b3de36a783

                  SHA512

                  3c9dc261a1f0a96d4433d60de03423d58f0bd63dbf5db48962372658103f16991f6da06c1670deea1e51efd2a15aae699d1d287ee377e0a457299a7dd9f691a7

                  Download Submit