Overview

overview

6

Static

static

1

sample.html

windows7-x64

6

sample.html

windows10-2004-x64

6

Resubmissions

10-10-2024 19:45

241010-ygqgvatbmg 10

10-10-2024 19:41

241010-yeebsstake 6

10-10-2024 19:38

241010-ycmkdsshkf 6

Analysis

  • max time kernel
    12s
  • max time network
    10s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-10-2024 19:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.html

  • Size

    21KB

  • MD5

    a1d5921a1d53a08d66a22e2eefdfe1f2

  • SHA1

    e840a6ff5e9f439334aa9e0858afec7abbe78d5c

  • SHA256

    3e3a0c2cbb2fe6b325f14d2c0a353647dcda20c3bc46d0e8da959ed47b702261

  • SHA512

    e95fad32e169a2aca7841eaf3adea6f30d187149dc2e15f0f8ebcbd50cc6cf86d8f49788651ffea8b35e844e28762ec64e573a369c805fe32530df6970aa2083

  • SSDEEP

    384:MPU1spa1ocy444lbGaYMvhpNMi98sHtjFro2REu4Y0wM1Ozf51xCejiw:MPUv1ocy43EajJpNn9V9FrEu4Y0wM14n

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\sample.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\sample.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2356
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2edb0920-5a1a-4c44-b256-ce016238079a} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" gpu
        3⤵
          PID:4520
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9064a3b-152f-46e0-8c06-f9910fc9f884} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" socket
          3⤵
            PID:3548
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 3280 -prefMapHandle 3068 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcde7bc6-0200-4914-897d-4c03149ac808} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
            3⤵
              PID:1588
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3972 -childID 2 -isForBrowser -prefsHandle 3964 -prefMapHandle 3960 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e7730d9-150b-4f93-ac02-dd91dfdd7990} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
              3⤵
                PID:4676
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4668 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2c19cca-b297-45e8-bf73-aeb3e219e9e4} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" utility
                3⤵
                • Checks processor information in registry
                PID:2744
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 3 -isForBrowser -prefsHandle 5276 -prefMapHandle 5032 -prefsLen 27093 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bfa4b69-9d58-4376-be3c-d9af76335e4a} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
                3⤵
                  PID:3436
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -childID 4 -isForBrowser -prefsHandle 5772 -prefMapHandle 5744 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13c0ddde-d97f-4cb3-b5b1-7389e07a9f79} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
                  3⤵
                    PID:4648
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5892 -childID 5 -isForBrowser -prefsHandle 5972 -prefMapHandle 5968 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68f85973-1a71-42fb-bbb8-a15b74a87fbc} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
                    3⤵
                      PID:2712
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6100 -childID 6 -isForBrowser -prefsHandle 6108 -prefMapHandle 6112 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adc78030-d3c4-42be-b3c6-a6b0336a3f95} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
                      3⤵
                        PID:1968

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    19KB

                    MD5

                    a33d2de0f4978eb4d4f9e30fc067ae41

                    SHA1

                    f76eb9bd2a88bb34097f66e0357f49b924d5d894

                    SHA256

                    7cbd31b9bb6cb57cc31566ec8115d8b433212da82161e24039cb4a238b054502

                    SHA512

                    9b80806153160e99184715f60718c3135c39f6819b481520a6d1d52431c7d784365efd9d830f2029e405a0996659adf15e19a09e02719dc81eafdf06b52bf437

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
                    Filesize

                    7KB

                    MD5

                    6c629b9f1c9c6236b709ebb18dcb2019

                    SHA1

                    bbea2a4daa4761e460202d696e0df70c3101ff72

                    SHA256

                    35e932cfd47f2ea7da2389dc824c634056c88454f23e9c2d6744fc506577c057

                    SHA512

                    381f8c84f91525b4a2cbfbf673aa706e81d40fdf6c57fbe61d3cc338b081eb0659caf84feb8e30bcfb913570f12e843d4b39334e53bbb85d4ce0c6d8206c4b30

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    9972e44edb70decbfcb738f8f1937543

                    SHA1

                    9776ae076aea9136a648ccf86dc1116477f5fdfa

                    SHA256

                    c6c4468d0d572d2c8d86726ca8dac45e8b0c76947c19dc2c74a3bd85f5dc3ca8

                    SHA512

                    6f124955b17057aa50dfb0a1d161f9d165ba87b3b7a916738e303ed63af70209451eb1233e99c1114741df305dd605ccbb9630448f04794f935855aac3851719

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    6KB

                    MD5

                    c7d21499c8bf595a2184ea3a8f92b87d

                    SHA1

                    2af0c793c598c3f6bde7216babfb468bcb7ee21a

                    SHA256

                    60e3d680da87c828f7b02ec7f1ea3665d03346aa2c147c547a4626eee1b3776c

                    SHA512

                    58e312333040d303a498393f485fa535c00894a07bb25280f8a7f264504847db28619d7ce55e81d914cce818ce981097d37d1ddf390379384df3f2ad7cfd55e8

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\4f297481-d90e-49bb-9c10-cf190db4a9ba
                    Filesize

                    671B

                    MD5

                    e804a17216a926e9eca02c9b2edbbb0f

                    SHA1

                    64ad1696e87b5d09bb679e51cd1494b7fa981ef2

                    SHA256

                    d83e6a50e783a72539d2cc92c6257e47dec2a91c64a26bf4f6a8fa7b71273a8d

                    SHA512

                    46bb35d5f5c3966c3f6eb253530e649e3359152d39b4561e6854f2d3d8551c51b2a728319d22a9cff6adbfd602bea17c0acfd27754856b6ea693a9808f13354e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\afeee2eb-48ec-4a57-a36e-b367793f09c9
                    Filesize

                    982B

                    MD5

                    baeb008372db4f4fb7e70b7a0c1c2658

                    SHA1

                    ce5636f9916448a4f769046ae5c30d7ffb9a68dc

                    SHA256

                    10c3e2a5d293d8558aa7bcb3454078bdb4dc8574f9c5663e06df5fa3494cb290

                    SHA512

                    850b75682c81c456bf0310a3234d54fecb7f278febaf76aaa8df4f356394a6e4f7df3f09cda88dcc952943ee709af0f41dddf2e470a429a0a764393683e3b12f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\c667271e-bcc8-4371-b741-79eff7e26345
                    Filesize

                    27KB

                    MD5

                    114c0b0424cc8b6f0b719cfdc9888d1b

                    SHA1

                    afb3f94e653422cdafb67f4ed37914c724e87484

                    SHA256

                    f47fd2c07d1b75fc1e7b308a210aee12e2b6a065a991cbcf423e90da94f1b3af

                    SHA512

                    0197605dcf5c689be6ad29af0a0ed1bfe83e5d897937abbcd3e0d129665d77a5369bf20651394763943ba46ab9ab39343ef3688b4789c78086911a0c8871189e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs.js
                    Filesize

                    10KB

                    MD5

                    24217d6cf2c9a98118138bebaa44a8f6

                    SHA1

                    69be412a8926cdaa9bb481357299b91eca3cf2f2

                    SHA256

                    074f9a16a34ffdb8a1c8bd38fad94f0f283c8dcca4287f17d8a6c7c89513539c

                    SHA512

                    bca8bb9b1097adc21c95b7c8a91fd6b8459deff5857f475f7c726d0168d2ce6a30cf3b7aa8a736a870adffa2a9dfe4ab665cdad4d16b399e66c17bd241152f93

                    Download Submit