Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://hookupphotos....

windows7-x64

1

Analysis

  • max time kernel
    21s
  • max time network
    27s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2024 13:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://hookupphotos.online/?gallery\=jennifer1995

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://hookupphotos.online/?gallery\=jennifer1995"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:400
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://hookupphotos.online/?gallery\=jennifer1995
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2044
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.0.1029065109\1366871900" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4e65221-441e-4b86-93af-1284f0def8b4} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 1280 120d5d58 gpu
        3⤵
          PID:2804
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.1.1092679656\1817867235" -parentBuildID 20221007134813 -prefsHandle 1480 -prefMapHandle 1476 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0550c814-c8c9-41b7-988d-1334bdee9f5f} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 1492 e70558 socket
          3⤵
            PID:2816
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.2.1441396361\439377577" -childID 1 -isForBrowser -prefsHandle 2116 -prefMapHandle 2132 -prefsLen 21811 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c372366-f34c-461c-b8cc-78157c7edd8a} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 2108 1a893258 tab
            3⤵
              PID:2652
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.3.830418398\761458855" -childID 2 -isForBrowser -prefsHandle 2788 -prefMapHandle 2784 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0137e4a3-fd19-4434-a1b4-7e19356ee1f2} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 2800 e63b58 tab
              3⤵
                PID:2692
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.4.2061722225\795545719" -childID 3 -isForBrowser -prefsHandle 3720 -prefMapHandle 3716 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1f68300-3eef-41d6-b29a-3864846ba91e} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 3732 1f596858 tab
                3⤵
                  PID:1756
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.5.1209799738\1201712549" -childID 4 -isForBrowser -prefsHandle 3832 -prefMapHandle 3836 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec958018-5255-4678-b110-cbe75a7465e3} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 3820 21329358 tab
                  3⤵
                    PID:2052
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.6.1174137608\101688782" -childID 5 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9dc8ddf-a82a-42d0-b220-f09de6d84bcf} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 3996 21327858 tab
                    3⤵
                      PID:928
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.7.1592449075\1133333031" -childID 6 -isForBrowser -prefsHandle 4084 -prefMapHandle 4212 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62621ba9-b282-4c20-b212-11c8ad99d9d8} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 4020 1b7bab58 tab
                      3⤵
                        PID:400

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uj06vnfd.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    47KB

                    MD5

                    26698573d85b1ed214e95f3f220006de

                    SHA1

                    8bda6791419fae15a2e2efdb0d98c9f351c8f076

                    SHA256

                    676275bebb42b38a5413fda6131ff88bde12a2d147be5f334a91dc6aeeb24d73

                    SHA512

                    6842c8a51f32d0abcedf01489bdb97cbf319bb1bcd8eefa0f4d3e0a4d220b66eaa88f663dd74518b4d2d5cfe7542c4a9efd8c0e36ab9eba93fb8004294061ce7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    7388188acea64734b2c0540e53bcc019

                    SHA1

                    ba73656a6202c18701b39b8583cfc7e812eef528

                    SHA256

                    676d7a639364421ad146e8cd89b32572ae410db355ddb9a0e0dbd291962aecd2

                    SHA512

                    2f5b18881e93d61bbfc3d81990cd7b9d83dbae7dff46af7cdf6b6f12be31294b1441cc01e9815850da044ca3f48ab6ddbfd9438268573fb8e917b35dff7d855a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\datareporting\glean\pending_pings\3a6e1797-a183-4422-b7d4-fdc8415730ce
                    Filesize

                    745B

                    MD5

                    ac909f17f0a24cd7d881dd345367fc32

                    SHA1

                    b4d0e1cb696f246335dfb33a74dc95c10e600428

                    SHA256

                    652f42dee6731ee0d353ba342e46dda83f21186fda2ef626bbf23df92146e725

                    SHA512

                    bb40b76a77b3e20756f81f069ba46a22b09133c84785c9078d14b4970e93b441e39a1cfde4d3441a2291ae9fd20247a8c93e2ba8365be591883377b9615175b5

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\datareporting\glean\pending_pings\5709fee5-f024-4310-8d5c-1a9a52681367
                    Filesize

                    11KB

                    MD5

                    a7ec987f9f907c540cf4dfdb5a3bb328

                    SHA1

                    91bef50f7273193f0059ed4d73cb7a6ea588838c

                    SHA256

                    ca136d0a26eb39fcd2704fc5c9be224210fab368b52e465cdeaf3b2069f16d6d

                    SHA512

                    8860d13e8d8dd41b5a5d11ca2965c2ac8caedf9c0ed000683fa6ee1a3c0452c0eddc641ab2def5a797cc3eb843c59d9da0b279f90f9eea26c9433bfbdc957975

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    cb6930c3c6243d9073caf6c532ca6f85

                    SHA1

                    48d42691b37654d5060b1c100d2c782f425068b0

                    SHA256

                    926d96ec70104f22c72d460c2e5f9685427810f7c1d7c56f59b6559331fa61c9

                    SHA512

                    d2d29ead5d4251cbdb2a0009c31f3e0cf138a743e9ed51e812bced7ca6337abfa8ac8834a2ac0e30a49c56817d0c4fe17bd36cf04034560b975e9581e00758bc

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    52deb848efae849f9b96c7b3332580d1

                    SHA1

                    05795fe8b85dc5084f021157561ae597673364b8

                    SHA256

                    13431b5ffa8f089c7db213bd0b4825cca834c425a9a28c18001d8793eae2dfa1

                    SHA512

                    5fffaff78f612cc8f3f287b37645a4789288e5f7f47c2578d6e231491a50ff51df96278e39a6ed4577f07a54c6e64b8d53d0acc7bdda584ecf5a625fdf2fdb70

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uj06vnfd.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    452f3b8bdf9f46674322b6da8a8145e8

                    SHA1

                    61028ea26b5414c372b90ebf2eff3b3582dec95a

                    SHA256

                    e33c7ff7ca6eb2be876bd26e9fabbadf4cc3e4374d60b15d523b6787876d56c2

                    SHA512

                    66d0aae070e6b62e35d6d5d7ff2155affd241205eeed4bfc97194a41f579ba6360730307181e5519dac1f3067d1ea54624381fd8b3cae796fa22cc97468c52c5

                    Download Submit