Overview

overview

1

Static

static

1

URLScan

urlscan

http://htps://s6.dos...

windows10-1703-x64

1

http://htps://s6.dos...

windows10-2004-x64

1

Analysis

  • max time kernel
    18s
  • max time network
    20s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/09/2024, 10:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://htps://s6.dosya.tc/server17/nz7lr3/VapeV4.rar.html

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://htps://s6.dosya.tc/server17/nz7lr3/VapeV4.rar.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://htps://s6.dosya.tc/server17/nz7lr3/VapeV4.rar.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2572
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e938b241-f327-4c79-954e-f99d951e9066} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" gpu
        3⤵
          PID:4740
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62188554-dd39-4058-980d-a10b0f614893} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" socket
          3⤵
            PID:3980
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2936 -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 2948 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c35699e2-f8c3-4e63-9ed9-1e38f846fb20} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
            3⤵
              PID:1692
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 2996 -prefMapHandle 3580 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9936548-54c7-4962-8341-d0f37a5ab614} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
              3⤵
                PID:2616
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4600 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4592 -prefMapHandle 4588 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec68352c-aede-4cf1-951c-5ecc89cd512d} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" utility
                3⤵
                • Checks processor information in registry
                PID:856
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 3 -isForBrowser -prefsHandle 5408 -prefMapHandle 5400 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c82a52c-dd4b-4b8b-a2c1-9be31cf91153} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
                3⤵
                  PID:3140
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 4 -isForBrowser -prefsHandle 5432 -prefMapHandle 5564 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {142b953c-12a6-4a3c-b23e-82fbfae0561d} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
                  3⤵
                    PID:4148
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5836 -childID 5 -isForBrowser -prefsHandle 5756 -prefMapHandle 5764 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdb1ef3e-0f9c-4a0b-bf17-311eaa083b9f} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" tab
                    3⤵
                      PID:1668

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\activity-stream.discovery_stream.json
                        Filesize

                        29KB

                        MD5

                        44a783c3b5832d03194b6c74d1fe5b99

                        SHA1

                        77d92d0a80410cbfccafcc4fa2ecedf3735970a7

                        SHA256

                        1d7d616daec0d31c37d3c03a6f185558491a4634ceaefb00f4ff36b777ebf406

                        SHA512

                        2364851bb80e52d3447c699d2e8fbc1a795ef1f7c95599bf5a650316101b3d33bf12d541571396516b37016a174b599688684f689b9cb0197ba0bfd7412f5cfb

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        5KB

                        MD5

                        faaeff5d37f00e1af7b1a8362c79f09c

                        SHA1

                        5bbeb9ec59ffaa1fecb30e24ef99d1b4ead15c6b

                        SHA256

                        da4611da01c346a2a58444f02b81468699a4893129c1d3689a1747051502351f

                        SHA512

                        bd183194e9421875af6d77eda3ad6cb74ac9d6e7243a762bb683f307012f1c44aaf4d78a0a5c7baa59ba23b0003ade4624cf32e0a07703f17c60b8df0abd93fc

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        6KB

                        MD5

                        aba4d7617d47b1cd6b6f102308a95933

                        SHA1

                        a35fbe4783e69b8dc4ddc6d82fe460c804401b57

                        SHA256

                        cf8b99ef1d8c7a6a75fe4c88475b5a8f9f4e04415932004f3aea0cfbb474fc62

                        SHA512

                        3bdaa6b31ac6456421174654fc511dc83c25df41df9d50057dd645a26449625d3d5da6a0033d1b132d491522d10d01c1b268e680f27fca928450912fe922755a

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        5KB

                        MD5

                        77ea271c8944d46e6a7b32e86316a705

                        SHA1

                        ad994c67f11b8f9fdf0e0a7edfb197fcb91076ce

                        SHA256

                        1ab63019326f37e91938c4984fb2ce827c9624f36e15264efee63d51e706066d

                        SHA512

                        7efaa8f2f9a490694e1d9b263cb6ab29bef26ec7d406a2455ef74da14bf71617e04f23331ce3273dd477b563a9e406743cc80d119ffe853dc459ece4f562d759

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\59244b9e-c568-4ae6-911a-a36004d8ac92
                        Filesize

                        671B

                        MD5

                        1f2984138c610df61c75aee4df011ab8

                        SHA1

                        e3a087147cee0f5aa69e58fb04494654d0c4e8c1

                        SHA256

                        db2186312a88dad48ecdd972eb6370f1088c00398e68bf08eb2ddf53f9c4b98b

                        SHA512

                        abf1d84d053c163587f3ec10862d4566ba849890ccf134d5f101be0c5df6d59b7f612fa76b9688aa4c6cc93ff2dd041679e6297d89af76b058f4120265290ae1

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\7e6cc8ec-7172-4265-a85d-229a8ef73a07
                        Filesize

                        982B

                        MD5

                        45772e124c3e0f2593dc0e542295821a

                        SHA1

                        a77ade124cd216ed9581a5350b444eb2311b336e

                        SHA256

                        5cd83099f217872f6aec515d292e2090a404d3d0b7272dd31a7e3318b60466e9

                        SHA512

                        ed60489d5dbdb2b1eb2a673edda36b395a99ccd273dd0c4c3c7b1af4d469a4da57425edeaa06bca81bb427b4110f08b5686492480142bd0ab982323fe391dfe7

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\e12db849-c7d0-48b8-9abd-a2ca74a8bd78
                        Filesize

                        26KB

                        MD5

                        94695788ff8f0e423c649cad189f7717

                        SHA1

                        204c6d7c23a5320e9ff14d15f6e4fdb2122bfc3b

                        SHA256

                        1003a6d75aeddb71ef9050d513b47bff590e425ec9f779a48b6c201b7008dd2c

                        SHA512

                        f5d019917b5d7421ef1eae8c8ceb9f6e80113c278914a705d6df7ec249a48d3f03672ed123f235b301e1eaa8b25c3cd792d5ef99bbf8502f08a6d0e24be1cc60

                        Download Submit