Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://grapejuice.x...

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 11:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://grapejuice.xyz/jonkler/

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://grapejuice.xyz/jonkler/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3152
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://grapejuice.xyz/jonkler/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2548
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3dda60c-8828-4d55-a06e-bc712149fa86} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" gpu
        3⤵
          PID:748
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6a6e0fd-1e62-4936-8c39-aa5a72f7e361} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" socket
          3⤵
            PID:3264
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3180 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67c9107b-d70a-4afd-85b7-5ecf39d7a860} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" tab
            3⤵
              PID:2384
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3676 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 2804 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71c5351b-2cc5-4006-9649-574ebdc4a23e} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" tab
              3⤵
                PID:2660
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4496 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4484 -prefMapHandle 4476 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91d7229d-e0e2-4236-904e-e7510362a2ef} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" utility
                3⤵
                • Checks processor information in registry
                PID:3828
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5636 -childID 3 -isForBrowser -prefsHandle 5628 -prefMapHandle 5624 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e8ec9ac-f148-48e1-9336-4e0c7f96dbe2} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" tab
                3⤵
                  PID:2080
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 4 -isForBrowser -prefsHandle 5760 -prefMapHandle 5764 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1751cf25-ee6b-4ec7-9d49-8265065eafcc} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" tab
                  3⤵
                    PID:4860
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6036 -childID 5 -isForBrowser -prefsHandle 5776 -prefMapHandle 5836 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65beefab-cbf8-452f-8bb2-2366b29cd47d} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" tab
                    3⤵
                      PID:4724
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6240 -childID 6 -isForBrowser -prefsHandle 6232 -prefMapHandle 6228 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9a5232f-13ba-4056-b409-12a056ded66d} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" tab
                      3⤵
                        PID:4896
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6652 -childID 7 -isForBrowser -prefsHandle 6664 -prefMapHandle 6660 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8d4103d-e9bb-4753-ac1f-0eb784b5732c} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" tab
                        3⤵
                          PID:3600

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\activity-stream.discovery_stream.json
                      Filesize

                      30KB

                      MD5

                      2406066ec75bf00c53c33817ba3ea899

                      SHA1

                      27075fdd22390edb1b7079e2e0a35d028d1602e6

                      SHA256

                      309c459adf9d2121cdcec700ce1056465e3b5c7e568343836e2defbf39490598

                      SHA512

                      ec48209d30eef2ef3dfa9d368e36e2689984bed536c40d10f41f29bf44448030e2b2169c9785af069d84bfbda83bd9067643e2b700e26b316de1e2ec41b14629

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\86F2831A4DD1C127D48D04177FEE6AFE72E072D9
                      Filesize

                      15KB

                      MD5

                      548ce203b130af1b9c6bb906eb18ea9f

                      SHA1

                      2db6ac12f34e333c86328228aa6153c4ee756d2b

                      SHA256

                      2454fcd4ef616731a7540b3510c5330b0297200997a45c975e037c9bd8d18d78

                      SHA512

                      93ca5ccab06fe7bdba00f22f901d03c1f9d35125a8169811949188f1fae45fc044fc5b677bf25dd92b011246ca47db909ac9ce03c8bf3022230da64492a88b83

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                      Filesize

                      479KB

                      MD5

                      09372174e83dbbf696ee732fd2e875bb

                      SHA1

                      ba360186ba650a769f9303f48b7200fb5eaccee1

                      SHA256

                      c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                      SHA512

                      b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                      Filesize

                      13.8MB

                      MD5

                      0a8747a2ac9ac08ae9508f36c6d75692

                      SHA1

                      b287a96fd6cc12433adb42193dfe06111c38eaf0

                      SHA256

                      32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                      SHA512

                      59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin
                      Filesize

                      6KB

                      MD5

                      68e80634170f1521b22a1cad174bef56

                      SHA1

                      d13a580439594273d0879d0a9a560ee48d6fcb8c

                      SHA256

                      1eab60b4da6cd3f147af7c38b29306388b571e4e768490b0e18e378406c0351a

                      SHA512

                      ef085ff6524fb2ef4a4eb0ff7e9a1e519e8cb6d397a9e4f93bd28da6d0903009c54ef385c689246027ec697832537fcc6bda49962bf3a54b11ab2b2bf8b02443

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin
                      Filesize

                      8KB

                      MD5

                      835f627b4d8673d20ab90b14146d9463

                      SHA1

                      c2a0de39b579b8b4cc8e6086aa2a4015f298bac8

                      SHA256

                      922f5bcdc0119e2db8dae3a588754ae06f199c6e4691a5bb90587986199fba95

                      SHA512

                      d8208001d276a00de840cea719db879d49024b8f2892d29707f3e15f6f5a1a89cd5e64a4b8b8e18a5d5e8003d035e0ae17f63ee969e2f9b41daa844999e080c0

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin
                      Filesize

                      11KB

                      MD5

                      10306fdedfdbb4ef63596948167aa0c9

                      SHA1

                      4af6dc6c54d20d06291de5885ced5d3cf49a6da6

                      SHA256

                      556ea642b61f21e72506aab1dd22380150f4f32d22891bdccbd33ef629759457

                      SHA512

                      0e075a2af5af5b7c719b94933de2f70965d22a2bbbda7153ad86fa456728a73489351b1b6acdf8ca61e15b2e0e66f63e81f65b0602374a64e4dab092dc1fcf6c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin
                      Filesize

                      33KB

                      MD5

                      75136cde2853f59bbefe2a53d5ff9897

                      SHA1

                      6e3868ea8db4c3daca63d7d4a8ac88034878db15

                      SHA256

                      4f3de601ef6fd5c8255bf47c47cfd4b7395df20f51bb3f45bec1e39d1efa7e78

                      SHA512

                      f5ebe987181b755e04db1a530d05d80785202346d91bb58b7403a4679149dac58b099ffc8e9e16cdbd77e97249165aa3731d61e93a46ae7d46275402b95c0694

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      5KB

                      MD5

                      11698a6e86f2e8df4d5a1f383a6ccf83

                      SHA1

                      96d09a596b54c0cdf5d2e4d0d1ae520a2e9dc67f

                      SHA256

                      226c945597b31deb28be6ea8f91733c431ec2eb3b2035c0b5693e77446ea735f

                      SHA512

                      8b217c82ebeeb25e832d082e90505c5ebe36d3a908f630902ed0671e55630ead9d27cdc52efa36b9c919e204d5b58192ce04dbcec4e11f768de21291dfb485c1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      30KB

                      MD5

                      1f294b676d7822957d1c0c8592e3d2d5

                      SHA1

                      ef3e58ca3e83259b4e151e2aa922815c61939277

                      SHA256

                      3633a280b1ec53079608c63d86e7c6aa9c2345812615b742b93c1ac455bdca79

                      SHA512

                      e134383b9179b832a3a9d91e5065ddb70f432ccf6703d7b17b6e0811c04c4d42d42718e77fa47c3ef2a9aec4d6f958710f4fa9af68abdf709ef254d1a223f5f5

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\99c12daa-a7cd-4d4e-9a15-7cba74efdabd
                      Filesize

                      26KB

                      MD5

                      9dde2a69867924b9abc1c3677c9b41b3

                      SHA1

                      b979f832423eb6eaac3b831f87d4e1ec4cf4192c

                      SHA256

                      00f73589c907d8ee5e343b4bbba5db79651cf82bc7a21f41f570a4f8d0e09842

                      SHA512

                      7966cbabb36b8d76db7ba78cda4803e054b6bf2b542fe762fd17e733210339370634c73ea219373f38eb7a6fd42eea776f554a08cdf3905ee60545ae308fd4c6

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\b47277ae-1587-4635-a27a-522e6ea045a3
                      Filesize

                      671B

                      MD5

                      658a5a07d70750f008a782bb20ae4468

                      SHA1

                      f14a97d3fc5c29b0f9031ba8e20ff9fe2946923e

                      SHA256

                      c7326821e2c35a4b7e48c12382daaa144cd03f8095df5cd2f1d599826c5c0702

                      SHA512

                      729442c57f3c45975f330c15bf645fdd5e071de68f4fec1d5d903be002cff2834cf597a37d87b46795212225790a82d0d6f00627af6c9e8ace8cc7d620040aa5

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\b99bd284-0819-49c0-84d6-1af69a562cf4
                      Filesize

                      982B

                      MD5

                      13c3c40698a23719d6bdce4d4048ea99

                      SHA1

                      070a1e4abedd2f40ba1ec100bde010419ca9fbfc

                      SHA256

                      8b19c0670af68108273a3911e3669a2a6a766458ac7d69ddb2043b5b30286a1b

                      SHA512

                      0f5602548ca5370fa15a2426661884fbf1e3ab86d01d3870a18eaa3980292111bc077be821a310f958a56c8de54746fea623f2a7dd6a75d04eb6df90d5ba3cb6

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                      Filesize

                      1.1MB

                      MD5

                      842039753bf41fa5e11b3a1383061a87

                      SHA1

                      3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                      SHA256

                      d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                      SHA512

                      d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                      Filesize

                      116B

                      MD5

                      2a461e9eb87fd1955cea740a3444ee7a

                      SHA1

                      b10755914c713f5a4677494dbe8a686ed458c3c5

                      SHA256

                      4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                      SHA512

                      34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                      Filesize

                      372B

                      MD5

                      bf957ad58b55f64219ab3f793e374316

                      SHA1

                      a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                      SHA256

                      bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                      SHA512

                      79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                      Filesize

                      17.8MB

                      MD5

                      daf7ef3acccab478aaa7d6dc1c60f865

                      SHA1

                      f8246162b97ce4a945feced27b6ea114366ff2ad

                      SHA256

                      bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                      SHA512

                      5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js
                      Filesize

                      11KB

                      MD5

                      15cea3e73670e3984296d2494f55bc38

                      SHA1

                      a7fb18d6a2fa7f332c2718113258c1860598a555

                      SHA256

                      777ee1d3bff9185037e525ff9c5f61e6c52be0c09928c4b27973c790a6a53b16

                      SHA512

                      7b69f3e360551b101438434647a6b8a0336fbac26bf1f20943f7d42c70899dc7c142f5f567a9fdac4a3ef09e2d38c0cdc5dddab52d7239fe630a6f7ae6187282

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
                      Filesize

                      1KB

                      MD5

                      97ba1580be50731d0cd05d9b20413d4c

                      SHA1

                      f5e3b4929155dab4b4540dec1b205175076a19cd

                      SHA256

                      08a97f097b4fbe4b2db5e459970c97fd38f708f71dc6c829692e4c06538f6575

                      SHA512

                      ee4739d45b434b5d400cced7caa31c2dc6ee6a63a6b83c096b99881d08e36ad215e8fe8a1dc317e9345f9ea7094447453596c60ac2b3db8472a0a133198bf20d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
                      Filesize

                      22KB

                      MD5

                      f2a118e97ef32ddf782b5ecb2375db70

                      SHA1

                      51082f93f506b4dbeb26d81d85d01040d4e4ca00

                      SHA256

                      2af1567a57eb92bffefdbb11221fb3473d32e3628d4d09850725bbd8c6509dc3

                      SHA512

                      e1a6dbaa60de529cfcdb82e38a550cbe4e34a5381b12dabce55f18d6f7008802b892e137266b12a123199b8235f6ec5d0a90a85462a0125bd42edf2343623ace

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
                      Filesize

                      21KB

                      MD5

                      ca0073e1eb2efda3ebcc364d2cc9b71e

                      SHA1

                      fd93eabb41e1c14c1f07ed6457d6c6eebd0a5fb5

                      SHA256

                      0968a155912f8021baf8da27943f6dff71e9e35053234e815375c3134457a334

                      SHA512

                      1f901560cd3598057148c2089ca4a0f97a72c21a97b156acccb0ae5475cf7710e70ae3e9918f470ba8a57079d7fb2e8bdbb3e3aef59248f2bd218290cf677dda

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4
                      Filesize

                      22KB

                      MD5

                      d3eabf03d9a4432e118e9998c82c72ee

                      SHA1

                      79b4f28fb5f4b5e59fb0fff85e965cfa36e724d3

                      SHA256

                      d7dba0bbd47a519bcc795074f31415532505e072d7b6a1dde7e32d2fe50e6a48

                      SHA512

                      33814434b5d33c3a95e4233cf6476335910594ecdfb19e1b4c9fb8334c37cb35545d15a58af2b39374eb44ac146e209bcec79ef0b80f75d43305aab53e6c9b28

                      Download Submit