Overview

overview

1

Static

static

1

app.html

windows7-x64

1

app.html

windows10-2004-x64

1

Analysis

  • max time kernel
    36s
  • max time network
    36s
  • platform
    windows7_x64
  • resource
    win7-20240708-de
  • resource tags

    arch:x64arch:x86image:win7-20240708-delocale:de-deos:windows7-x64systemwindows
  • submitted
    27/09/2024, 08:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    app.html

  • Size

    4KB

  • MD5

    fa78d05f1a6f82d574da12ffdbf2d60b

  • SHA1

    fe2a8b9f24eead0dbba2ca6637b5864f21a97977

  • SHA256

    4ba97d1b95b94d8f98aeac464612c37b9125dc780a40485c1ca4e4a129f5d063

  • SHA512

    6be985789efc9dcb8c138b00f14da5fe6fd42c50b521774087f5be97a87e15ab9cde8ba31420887010d4d8afb5575dbb92675ea3652a5bb4444326c098592774

  • SSDEEP

    96:yUpHMOfRr8LrRe5mvtgCsXe5oEctgYnx/IJ:ycHhRr8EoVNknx/0

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\app.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\app.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.0.2040620008\412929382" -parentBuildID 20221007134813 -prefsHandle 1248 -prefMapHandle 1228 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7180471-097d-4b21-98a8-f2dee3da9996} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 1360 46d6e58 gpu
        3⤵
          PID:2864
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.1.549499162\130125531" -parentBuildID 20221007134813 -prefsHandle 1508 -prefMapHandle 1488 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f3c2623-6098-40e4-9d4b-a774b4d34cfa} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 1532 43eb258 socket
          3⤵
            PID:2204
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.2.630177052\2000218195" -childID 1 -isForBrowser -prefsHandle 2100 -prefMapHandle 2096 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a01f29be-c56c-480d-8015-0253ea926cdb} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 2112 1b1deb58 tab
            3⤵
              PID:2288
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.3.1556311058\1911496431" -childID 2 -isForBrowser -prefsHandle 2488 -prefMapHandle 2496 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f4a0fd6-4c69-4bb7-8d50-d18a3311ce91} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 2480 d6c458 tab
              3⤵
                PID:2676
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.4.1991174497\194087410" -childID 3 -isForBrowser -prefsHandle 3772 -prefMapHandle 3764 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44acdc4e-8f91-439d-946e-a95631833ae1} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 3784 1e80cb58 tab
                3⤵
                  PID:2096
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.5.1674639989\1386462196" -childID 4 -isForBrowser -prefsHandle 3892 -prefMapHandle 3896 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29ad23ee-3ebf-4b24-be96-53e95a43b7f7} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 3880 1e8bbc58 tab
                  3⤵
                    PID:420
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.6.9765034\1925604926" -childID 5 -isForBrowser -prefsHandle 4100 -prefMapHandle 4104 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d507cf0-ba1c-4945-b3ce-7e3eba0f7672} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 4084 20b6e858 tab
                    3⤵
                      PID:1904
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.7.423696001\1338850886" -childID 6 -isForBrowser -prefsHandle 4140 -prefMapHandle 4144 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99d170a3-bda2-4384-adb6-4fb7b665a662} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 4236 2199ef58 tab
                      3⤵
                        PID:1616

                  Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          34KB

                          MD5

                          abb809acf3c218633061eee191ef6877

                          SHA1

                          be4c13a3602569ffa1045863aa38d07bb37a753d

                          SHA256

                          bbb591686d8c7ea672c67b8ee9c991d60844c32bdefbeafee27924f7470695da

                          SHA512

                          c293ffcc9bf40ebf514788dfdf7462d05c30780dac39b303eff01c96994528c8c68b595d818e4ce8e1bedb8fd81313663a64d8f040e28a3873156640d5f8614d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin
                          Filesize

                          2KB

                          MD5

                          c46c6933a5d9ac49b080780f418a5483

                          SHA1

                          6056bb47667ef1eb11eb73388f7599e714be54fb

                          SHA256

                          3d07be1e0d64fbddbe435c2d7bbb9b21e6597779b040728ab1e32f2e55f83153

                          SHA512

                          77596b9d86f201222467f1c287d39ac7e0619d5d8651ff43a71e71d532708cfef013b043dc9c3b7638bf02b131294a259f4e0cc2cdd616f8fe84b64acae53d80

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\701c4af9-0e2e-4f73-a843-555a325b6e8c
                          Filesize

                          745B

                          MD5

                          2d24b560274ee40d22cf9cd507e9dc2e

                          SHA1

                          b9055ac821bc556b510774825feb97876a379256

                          SHA256

                          9c705ec1095e2427f9dbd32eb672744c1cf9b020d881a350e2165ab7f4aba7aa

                          SHA512

                          b6bf4c939c91bc44079eeb0b1fb94e7ef7c8e5ef1b3c289c3f15a816c35ce92947d7dc9ff3ea9a0e09244cf8c1ccab55a755381cc42a779ac42bfa1b6fd8a64f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\a6c95634-0efc-4a31-95a0-6a4fb1be4dbb
                          Filesize

                          9KB

                          MD5

                          0694be6bf23ccfa841217820037f8301

                          SHA1

                          c734c6179d990b79257b6c475a6f7dc06dc5991f

                          SHA256

                          bc14a5cfbf529701ea0b6ff55057b0aae8afae7dcba5768e87586b4325aa255e

                          SHA512

                          222bc9d7476ed5b430e0d2e8c39ee76a4fd4058f8bb29ba52f48657eaca610b5b03ce807cbc4cedabef8eb439b240e9b557c777188ed4d9d5d3e23f8ea547d87

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          5a026a7a884ceb950fbc3fdbafcadc42

                          SHA1

                          23a0ca925e0e77a6f17848779e8b2c51952c34ea

                          SHA256

                          5098e49955d47914e0399bc756de31a957ea27cff053df0855d8df6e194529c4

                          SHA512

                          faf4ee162b2ccf306df2623ebf43aff8425889a150abb78d9d5831a2982dfad32b3cb4d3715cb00bfa44f65fd4df0601af3669a53b4b1e39ea4e287cc1ff7a9a

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          2b11eeac88edceb6ac71157f7ece4fae

                          SHA1

                          6978eeb2e6f9e96d9a9106cd4f7c6327670e7620

                          SHA256

                          40a8e407001f1a2700cfd0d809115c384b7e066599f73d74e61d7d6d0db286c5

                          SHA512

                          6b09123017e98e80ccbb5b796ef8a6d513961819b8f2aabac8b17cf1d0ef0b0fad7fe6cfb519de19767a96ad145e812b23298ab159239f29c637b37c177a0a8b

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          4KB

                          MD5

                          da18fb0805f927ca7af3de6e5bd160ff

                          SHA1

                          c066976399e9c2f5ba3599770952bba33165fa2f

                          SHA256

                          0e733b2f753e3baad24ddeb358df1f06e804364a70922078c9341e0b083bcee7

                          SHA512

                          8b15d0647fd0cc55d927540fd49fa35e2ce6283a0cd7f6c7bbc596ae0b28f08be08ea778ed3e338e9f4453851a29befad0016b6758c55549ae983aa6f299fb6c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          3462ec2aeb97e0d3906cef1552531026

                          SHA1

                          6271a19b3b479bae5a6fe0942efb14385d601c1e

                          SHA256

                          08fdeef139c48a97d352e1a6e51ac5bd76db27c4073c5d8d4e4456f73ea9a5c1

                          SHA512

                          7fd4050c5d59285495ad944732767f02a0f87a3c60c680bc986af3c73975d7ca86141a599f286c14479ca653af0099ef03e8095185d7d038b9fddbf4bb506f94

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                          Filesize

                          184KB

                          MD5

                          20fe9d4c55a73defa2f0b0cc2a018732

                          SHA1

                          741d448638617a9736b250b47944f55ba73cb0bc

                          SHA256

                          05ffa2aed87b452aced7ad992219d57e987c95574c0579cc63aece73951b829a

                          SHA512

                          b1bf1e8553f7ddb0d0fa8f1cf6a2a343bb8d9885306c5dcdb2e4ee3247bfb63b971054568654f211b337ac796dfc4514db5e0d54dd7d4b97a7f9c5a6f6bd802f

                          Download Submit