Overview

overview

6

Static

static

1

URLScan

urlscan

http://AE

windows7-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 14:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://AE

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://AE"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://AE
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2852
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.0.1786562401\1039105291" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1172 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2ead4bb-57d3-47ca-895c-a04ed3fb289a} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 1336 111cae58 gpu
        3⤵
          PID:2648
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.1.1975593053\802145146" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1496 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10076f22-bb03-4caa-93e9-4fa3c5a002a7} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 1516 11103858 socket
          3⤵
            PID:2096
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.2.689528195\637109637" -childID 1 -isForBrowser -prefsHandle 2204 -prefMapHandle 2200 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c61282f9-a15e-485b-837e-12f426d635a1} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 2216 1aaf2358 tab
            3⤵
              PID:2960
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.3.634629706\498038456" -childID 2 -isForBrowser -prefsHandle 2772 -prefMapHandle 2768 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc40ea5e-af2a-4be1-aacb-e0d8318addaf} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 2784 1d8d5a58 tab
              3⤵
                PID:1648
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.4.767257281\1120681676" -childID 3 -isForBrowser -prefsHandle 3764 -prefMapHandle 3760 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {876f7305-4adb-4df9-90a4-c2b4d9be6590} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 3776 1d9ee558 tab
                3⤵
                  PID:2528
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.5.1594287831\599011842" -childID 4 -isForBrowser -prefsHandle 3884 -prefMapHandle 3888 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42507685-8229-4638-831b-be2e57995d61} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 3872 1d9f1258 tab
                  3⤵
                    PID:556
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.6.346653473\217776497" -childID 5 -isForBrowser -prefsHandle 4060 -prefMapHandle 4064 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d52002e1-370e-4b5e-ae47-24c01aae3f94} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 4048 21e7ae58 tab
                    3⤵
                      PID:1728
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.7.38025645\1427461047" -childID 6 -isForBrowser -prefsHandle 1848 -prefMapHandle 1796 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f06bced6-05e6-446d-98a5-4677827e2325} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 1900 1b82ac58 tab
                      3⤵
                        PID:1392
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.8.2070030487\828278824" -childID 7 -isForBrowser -prefsHandle 4404 -prefMapHandle 4400 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a88ce6e-4308-4aab-a2ad-f6386c04d313} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 4416 21ff4558 tab
                        3⤵
                          PID:2568
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.9.250131925\1222938924" -childID 8 -isForBrowser -prefsHandle 2288 -prefMapHandle 2292 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b1528b0-23be-4e11-a8f0-8434f1515b45} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 2284 f69f58 tab
                          3⤵
                            PID:1956
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.10.95000547\280229579" -childID 9 -isForBrowser -prefsHandle 4824 -prefMapHandle 4848 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd1420ec-b2c2-42c1-973b-6ce3af199267} 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 4856 13659e58 tab
                            3⤵
                              PID:2288

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          23KB

                          MD5

                          e565f42be99b6b19744d124a9ec947e1

                          SHA1

                          d8173ac55083ed0a4ab43fba459a130431b48b05

                          SHA256

                          68c7136e795f3a61131519ed3bcb109cbce04490890c30c631abfc04aee99545

                          SHA512

                          25df77642830faa8dc54bb740ab6ff1f13de2b0c9e4410058d03f7b5cab7f5790fdbf9a5a98ce4ccb0421396ed6c0e7a04927e5df8b801439ccf7d77c48c351a

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\doomed\25501
                          Filesize

                          15KB

                          MD5

                          a1fb2639bff218ac2bf87349967550c5

                          SHA1

                          c04ff870917a8ac385ffdfa6602c973c6887a0ad

                          SHA256

                          55b48d7984fdb058dcd4af98dd528df0d2f2857ff6dbedb02d6025d1d3a4affa

                          SHA512

                          57124794519048b50e06588df15202d984dc95aba1f43c37d8077ebdbb430d0feab25fffaa4b67639a63d93833d49d158afa8df72958a8d31d19a8d7791a283b

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\79679B23E6BBEB689E1C79E27C32C20C5EC9DF47
                          Filesize

                          22KB

                          MD5

                          681d7fb174f43c3c3c9b447d74497c3a

                          SHA1

                          fe6be54c2d411e4ab33c3f46be5def32d333213e

                          SHA256

                          16ce7efe992bd163968cac9064695ac497fcd9b7f700eb9564320add708889b6

                          SHA512

                          abf28a834537f5f78f05d1410e433e1115394ea6673c6a39ffc785a9adb8642e315ef429252401af2ea867cb23a6557eded9a64e8942683ba4e24d869b44f735

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\A275306CF9BE2E63E485B50AD964B293F184533A
                          Filesize

                          224KB

                          MD5

                          f00b211a493cf11bc284c91f9890396a

                          SHA1

                          4a15e95b83f9c0ab39879044479890b4e0bec992

                          SHA256

                          680f6320fbda1de5c321b4ac5446d8982274892097d0cf8d2e24a5c9115a20e9

                          SHA512

                          c56e673ed16a714a23bb9ebd3a70f0d121bec6f94b306505afee60daaa49a1c3dfc28d112b20283153b577baf0f7b03e790ecf9f35d6825fdfa6636ba26c0614

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\B5D48F10F1D9023D8F61F27AE2FC81B692305979
                          Filesize

                          60KB

                          MD5

                          6fc54c0e9e26f671d6b740b077879aec

                          SHA1

                          8a46fb60f52022e6bc95b31f9674b8bf3d17f6e0

                          SHA256

                          87990491e592e51912ac963b4cf050b7c964d4053f7552b6fe4b07017a948e81

                          SHA512

                          3b010ec0696a9c1d09e640678d5b669e21abebc9612cbec025714f908d5e18fca777c2b6812a5af8e32029a6614d9056181ccd3af7735598ebcafcd54d8d21e7

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\db\data.safe.bin
                          Filesize

                          2KB

                          MD5

                          b72150f963a59f950b2cafca74a525a0

                          SHA1

                          66adbd5462015af613c20f29950211d22e88f0a1

                          SHA256

                          6a162b46a4ef2971bedb498efb75bc70ab9d9887eed56cf44af6950ca88a3711

                          SHA512

                          6fd6cdbdde4f05786f476c3c709004a22615cd66cbc327b7209fa1c5831b30a2f6f11ffbe8da2486787b80f5ad84a44ae849f5526b6f89d20beb40bfe0828672

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\pending_pings\83d0ed2e-cd23-4f5d-80b2-c19e21494226
                          Filesize

                          745B

                          MD5

                          fe8732d9b634b642369fd80126ff13e8

                          SHA1

                          fe12c22b1fc19fd011324f24eae0c4f577dd98b2

                          SHA256

                          7a82cdf985a151a6766e785c005ff18b886073e4d3312f81ab6996852869ce0c

                          SHA512

                          116ebfe5cb8a21fb142a2014f33233257708b7f206545820b5c836bfcc3cfd59b9762449cb888f3c70680fe363da7943fd1493daa7be38df764f24276ae384ba

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\pending_pings\a99ff4e1-e705-43a9-9a32-5ff2cacead4c
                          Filesize

                          11KB

                          MD5

                          44a4d7daec588140b97bf3105f2021a8

                          SHA1

                          8bcdb2ff8ba62c43d4db9b1630a73d9b1ad2e3f8

                          SHA256

                          71f104d90d78c405bda653476d933ee2f0e5a866e0c57366a955a0d18c46097f

                          SHA512

                          ef03c921d9cb554f7cbfc9b15985677eec04fe3f7b427a99869a336bfc6cdd34c29588d8e04b8987815466fa49dce8caf3c686113d46144d557aa3f5836d07a0

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          ef1814007ecd5e01c3775b483a07b37e

                          SHA1

                          6b8da2d49dbd3e7e5fadd4f96d917ebc993539f5

                          SHA256

                          8ad06eec9ddaf5949858bc669502168b259951b0a591f52d9107e0fd3d4c95d1

                          SHA512

                          c41710d789247a66545631652a7f329f63566f2bb57a6ecc9b55b67a730c9faacd427d1d7d299c325822b3810f2c8f8a7e1d6e70bda1575cd6d53db95220ef31

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          8eda6d493d69678c702269be89043cdc

                          SHA1

                          3acd14a002258e9ed180772aed5a998e491c1604

                          SHA256

                          745d6beb5faf30a8b32113d9feb1cd6b1a7fab94c09e8367d560f38c1aa55903

                          SHA512

                          ff5f5549ec097af27cf095def8c92396f4b23f73a358b313307c80c35417d001052010b9ae5cad67cf4bdce665e01df74909d9128b3919382aefbea5323979f9

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          3KB

                          MD5

                          ea0191cd1f48770287102c3dfed4c230

                          SHA1

                          3706545baf8a05fb9ba9e4e44d478a11548bd684

                          SHA256

                          0294a6c94692405def89993779c3a78eb8a5f3da0298bf09f1d766230c5ed12c

                          SHA512

                          09b2f0bf7b480119312339ec44ce7b2dcd3a051e68b71e7cb06204a329f6911c86cf10969fb6ad4201c297fc4a7d8d898c2ba54d800425b5476aed08cb13c5ed

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          4KB

                          MD5

                          4dd0fbf8e7db0e9b7fca5267dab73798

                          SHA1

                          2ae7c4d62bb5f1822d7520e6cb08822ebcf69c7f

                          SHA256

                          4c13061de9d45fe46f5105fb8160081415499ee8c9a289a2934b4dd708501a52

                          SHA512

                          5227490a4f941ef790b71f1ae7e352900c78a8ee8311a6f74413e41497783bc4bc7f046cb7d32fe75c2bbbeb5663f6c704baf0ad8fe98a8de688ffa1234a6be2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          4KB

                          MD5

                          f2faff478337924aa7ce91a52a51f977

                          SHA1

                          33de85b248f4ba83707252c1b3f38cf29a7b3be6

                          SHA256

                          cb14fa249f11b42e098c0fea908334af03e763e5177200b82b5dbfbb6247e450

                          SHA512

                          24d2fb254a89896fbbdf8c405bd95ca35def8337e1f3975538b9957dc31a6dee72b7fa806ccdd2727c3051062aa14dd5f70e1bfbfc15c48d0b74afef2852ee18

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          14KB

                          MD5

                          c3b91219c8dcd252683286b939f6e926

                          SHA1

                          b6bdcc729a5afdef1db263a89283082ceb296ef4

                          SHA256

                          bbd4cc04f1db6054125e578bb98ed8628e08a03b35098d1f97cddb7e56a577ef

                          SHA512

                          f1ba6a4082083448105c74679d011714d9bd3a871394091623b9df1ea269d1afb4aba07bfc91bc43cc1d32c8233e22eab58150e574a6654a79dc956bb13a6eaa

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          ac16b264fe0c10c7d212b38c002e52ff

                          SHA1

                          65b560e87063285a864e77216f6224ff2b4322da

                          SHA256

                          d240a048a59352c679c98cf4da96b19fd4fdb4eb6d285b655dd4bc390000f57f

                          SHA512

                          23ae83420edda8d79da69d567430e27db304d7cde0a3842e1ae26b53dec3be2074b164b6f697546899b94ef59c9d90e67536a41a0f77d75c790bd65c5ff56e35

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          4KB

                          MD5

                          1cd9e17ae76b7cc3915c5abb5d68172b

                          SHA1

                          2048d3ee67a4076c5f5547a81db4a4771ca8d6d1

                          SHA256

                          b575b8687c11961a97532f38a796906d6cb676eccd519aa31fdef40e71cac791

                          SHA512

                          e95b7a53858d34b414aa23635e93a856fb9651fd9f4f5082bea26a0c4e6c58780aaa376432b5ecd12df9773955b19953ddb03a94dbc7e771b0de9f7ae7a79ce5

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          4KB

                          MD5

                          ef5912224a801b34829068fb239ad088

                          SHA1

                          cf69cde01b7f7433e5955caf01e6d3a00d79b7ec

                          SHA256

                          32e364b9f1f8cf2376c7ff60d69e206d0ed008fe9aa66f75a6e2759d0a7537f0

                          SHA512

                          5d2bbd33f850db1a8b6b9e167d9276267f3691e36d07d784e1ecd6a53d4ef4d4cd2dc925576323f5b9139d9bcda9071b1bd5344a15b582e060e00ca573a0da1a

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          4KB

                          MD5

                          2ac3e09e134bf27c2c1c2e803953a5bf

                          SHA1

                          8e20b4792345aa614f1bf96b31a80b3a5eb2b476

                          SHA256

                          de39180d4eec99ca3e484611a28269caacb1761f0a360ac033a70f5e1849d656

                          SHA512

                          948a8e8bdd1d2c87c37f7ea8a69cfc8ca070fdb434c3c1720590fe387a976895986ba6bd28902234a4258cdb67c2476adec9e9c8bce1f3dd9e95771ed4433d0c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                          Filesize

                          184KB

                          MD5

                          1d87633c899ebb45778026c301d420f3

                          SHA1

                          7931aa594a96450488f4bd2d2be9b60a93dce5e5

                          SHA256

                          b1f10b1b2b49f98c914ff552a5421c04140ecad4b2f14c41477b6bf060a73893

                          SHA512

                          3f33d00cd23f32a089e283adec5233d802142d256b1ba810c466c379cbdb2b6decb20068256a30bcdca66d731670d135cfc4984dc4cb6791c3653c91915438f2

                          Download Submit