Overview

overview

1

Static

static

1

URLScan

urlscan

http://htps://s6.dos...

windows10-1703-x64

1

http://htps://s6.dos...

windows10-2004-x64

1

Analysis

  • max time kernel
    18s
  • max time network
    17s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09/09/2024, 10:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://htps://s6.dosya.tc/server17/nz7lr3/VapeV4.rar.html

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://htps://s6.dosya.tc/server17/nz7lr3/VapeV4.rar.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://htps://s6.dosya.tc/server17/nz7lr3/VapeV4.rar.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3964
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3964.0.2009106952\2126040400" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1640 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e16db1c-ce51-4757-b687-54b5b17167bb} 3964 "\\.\pipe\gecko-crash-server-pipe.3964" 1776 14540df7e58 gpu
        3⤵
          PID:3492
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3964.1.595320897\103698993" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a505b33-6898-4aa2-9069-c582f8ebd23c} 3964 "\\.\pipe\gecko-crash-server-pipe.3964" 2152 14540cee258 socket
          3⤵
            PID:660
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3964.2.1045405244\1195428695" -childID 1 -isForBrowser -prefsHandle 2672 -prefMapHandle 2736 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {771bf97f-74cd-4ba7-9b7e-efe64aa30393} 3964 "\\.\pipe\gecko-crash-server-pipe.3964" 2772 145450ec358 tab
            3⤵
              PID:748
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3964.3.168295513\1867110766" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a68b3ad4-57cf-41b2-8883-df5a12f89aa1} 3964 "\\.\pipe\gecko-crash-server-pipe.3964" 3540 1452ea62858 tab
              3⤵
                PID:4636
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3964.4.430541534\176715963" -childID 3 -isForBrowser -prefsHandle 4772 -prefMapHandle 4764 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07340104-0009-4f70-8e59-7e04ffb42a5c} 3964 "\\.\pipe\gecko-crash-server-pipe.3964" 4788 145476c4858 tab
                3⤵
                  PID:2228
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3964.5.1853585302\412668744" -childID 4 -isForBrowser -prefsHandle 4920 -prefMapHandle 4924 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f264d44-c3c6-466e-9906-1e636a06f70e} 3964 "\\.\pipe\gecko-crash-server-pipe.3964" 5004 145476c2d58 tab
                  3⤵
                    PID:1600
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3964.6.2039543302\1518523067" -childID 5 -isForBrowser -prefsHandle 4912 -prefMapHandle 5124 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3163bef8-0aae-433e-be05-973861917096} 3964 "\\.\pipe\gecko-crash-server-pipe.3964" 5024 1454819b458 tab
                    3⤵
                      PID:2240

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        2KB

                        MD5

                        8b57702a4f01c9365a1c2eb050c29158

                        SHA1

                        d3af65b1503149f6f2c6df3bf4ad6b10667dced9

                        SHA256

                        51a12037a066ccd94097ce46d2e85f0de4e3b4556ed481d82496156c8afb728c

                        SHA512

                        3ce226787d2d6bfc08527cd11ac98100b39bd377ac2dd232defd903070038dc80a592932e637388ede7a4d40bd254d841aea42c53332e105a3d1b8a34ff14640

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\ad3ac81f-08d9-4e63-86d9-8f348cdf947a
                        Filesize

                        746B

                        MD5

                        5494eeb768e242b3c22ef9e0b181311c

                        SHA1

                        77c0f5e99761c4b9a88e3504affcdfa41020d06e

                        SHA256

                        2e004fc2136064e8d9e3953c064183177d2c5e00d91fc68b872179f489658b0e

                        SHA512

                        7302feeeabbf6bec9f30595332b9974b529bcde5825a40a4aa5d1c779170aaddeb5c394b4eb13f2b9516e51b9410581552e161ee2eb2b6e97ec9e6e536353d4d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\f5c83ab8-f2ae-46fd-b91c-55f55980ebc4
                        Filesize

                        11KB

                        MD5

                        4e6fb48940a4e6f834be3f2c371e1948

                        SHA1

                        1268906993f8f53bf7338e73bf4893f8833149f5

                        SHA256

                        6ad2ed2024d8729e18ef2a102f5ce15ec4f33f30aadfb8ece80e9952109c0173

                        SHA512

                        0138744fe0a691cf6e5afb8f4965bff92201bfdb4486d76244ea4e12faecd6968a477a4cf70f7fc7abe081584a1006319e252a0d5f68c5e024a706e7ce200dd7

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        a3c5d1c5891322539479487107beea81

                        SHA1

                        2ea2b3319aa05569fe1c113cf9909dcda11585fc

                        SHA256

                        8b4e41c6f6107d3e2472bc019c8cb408e413ec36d4151c270f5d69bdc23dca63

                        SHA512

                        ffa26f7f409148b5ccedbd7da3a72aea2b18f4511319d77a4c2a97380bfb607af12eb94cce55698157115246dba96565aaec2d19545b384a60b3bf35040c1e2a

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        6f2cab17a2bd591b9805a8a53e7a0063

                        SHA1

                        d650d7f29f32d59c560509f1408b00efd76ad761

                        SHA256

                        9611a51eaecf463e5bca87a63b46314d38c7ced6b3df77376938b47b0dcc77af

                        SHA512

                        4dcd1cd354c36f4210b9c1f9291c4d9c56370dd9e58a08ae9f8191a64e9c6f58adf73d1d2d3caa3b4b60425727be45a91f6ecaf3f1ff2500bd9fdb887cb8bbc0

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        184KB

                        MD5

                        a4627d94b477e3f653435fcf27e2663d

                        SHA1

                        d5dc31c0165277e469d92453c556786995e2800d

                        SHA256

                        7c1ea6cee0386d6af3cb7523167c2b880592657ceacc4e56edbc2394575c5c69

                        SHA512

                        7619d8f8f790c6b47faa75eb3f834640fe6ab684209f2eeb6eff26017c7ebb44972018463bb15d0e7955bed5bde4ebff809754b3c2057d7749bafe82dbe48455

                        Download Submit