Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://t.co/tQGFqfD...

windows10-2004-x64

1

https://t.co/tQGFqfD...

windows11-21h2-x64

1

Analysis

  • max time kernel
    16s
  • max time network
    7s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-10-2024 08:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://t.co/tQGFqfDABX

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://t.co/tQGFqfDABX"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4464
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://t.co/tQGFqfDABX
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4020
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e6484d6-8912-49c4-b574-dd411d33848e} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" gpu
        3⤵
          PID:4056
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5eb76cdf-d953-4dd3-858d-2b3f17daedeb} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" socket
          3⤵
            PID:3420
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1356 -childID 1 -isForBrowser -prefsHandle 2584 -prefMapHandle 3172 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3876946-50e8-4422-b9c8-18832fae55e7} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" tab
            3⤵
              PID:1132
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=864 -childID 2 -isForBrowser -prefsHandle 2716 -prefMapHandle 3924 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d548c75e-4691-4910-8ca3-405bf35351ce} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" tab
              3⤵
                PID:1176
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4444 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4796 -prefMapHandle 4792 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b4954f8-d2b9-4f57-b296-814973c53a0f} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" utility
                3⤵
                • Checks processor information in registry
                PID:2468
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 3 -isForBrowser -prefsHandle 5320 -prefMapHandle 5316 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3883b868-85de-4bf4-86d6-c613133b75bf} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" tab
                3⤵
                  PID:2552
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2960 -childID 4 -isForBrowser -prefsHandle 3008 -prefMapHandle 5260 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e202d44-db88-4178-b303-cf75de2ea048} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" tab
                  3⤵
                    PID:1712
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3088 -childID 5 -isForBrowser -prefsHandle 5620 -prefMapHandle 5624 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36c58da1-6d4e-47de-9627-e78af98c5686} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" tab
                    3⤵
                      PID:1140
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 6 -isForBrowser -prefsHandle 5800 -prefMapHandle 5804 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4fc997d-5d47-4f57-91d7-8a2d99a373c9} 4020 "\\.\pipe\gecko-crash-server-pipe.4020" tab
                      3⤵
                        PID:812

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    22KB

                    MD5

                    99f4dc00e9b949a7a66edca9cc3d12fe

                    SHA1

                    5a3e7ec25250ecc6f9e1de0550f3aab25af8f57c

                    SHA256

                    e5ef6fdb0c6c1c3cb760b3d6c645e3b7cb6d366579732e489afff57d9f4b8764

                    SHA512

                    2da28ec37b723f4674c9a9c656a70ae4c838900c3048fdcd30216358b4535302c10f3efdd8109c613e0f791f6c1257d3634dee323894e99d3f7e97e0df7d46f2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    cfa8ecd241fcb4bac3387d0ab67c23f0

                    SHA1

                    ef2dfaa958869a500ca29557aa5a8acc6bf75736

                    SHA256

                    dc2df0f0483633de46bd29ca37429fd7167c831106561585b5bbe743b532e59f

                    SHA512

                    a90ab622d34453a11dd77af1e02e3640f7306947f19090e1f562f0ef555b6784a77c6f107be89df4af68dae04d48edc89dde936e35a48045e0bac136d6d575c8

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    6KB

                    MD5

                    367f65064dc60b088a63f002f1533b1d

                    SHA1

                    f328b07441009b033b48c91d47f0e16333e4a2b4

                    SHA256

                    bef13c367dc2b75782e7d4198eee288a8e2f272649cd3be52143267257f236a1

                    SHA512

                    f17c457391224628a2526c39c7f1c48586120c69df92c8b1c49a830d60494cbe2449c11c222a789ca0774ac24c6ffa8cc44d69f057944826ff5fb71c7e860308

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\43ee0806-ca6f-4ee3-b3ae-b07909c85bf6
                    Filesize

                    982B

                    MD5

                    a63ef671e5c55d633897162c11141157

                    SHA1

                    3fcbf49b48562c1391bca0bccf4d478f19530a25

                    SHA256

                    3f5c4473ef37bb852ba39c0de6567ee6574a3c53ce7f520dd2c99a78c925d308

                    SHA512

                    61079fa260612b132c145ce2e0f075ba660168789cffa6241e697a9bad8cc66a9e8252fe699bc375b64687f1cc6711e18d25514e966613360cf44642f3cc87d3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\8dabcf75-ef38-46f8-9dd0-d7f4c50acc18
                    Filesize

                    671B

                    MD5

                    167f0a8aabf8938cb7f81545c1d86202

                    SHA1

                    ca8f771eca031273c8ad7ec802b4f884c0b4fbd0

                    SHA256

                    bc5a14f577c97de29aace08b95b123b6c663afd959981d539b7eac83c9ff81a9

                    SHA512

                    41311a1c9cc42efe1a85bcfa695915f26f9f77ab7fd6422fb3ae961585e827578d7e34234180a2c31b8458a9947bbe6e9c7dc8ba28409da8247dd4429e67d733

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\b916b2ff-6968-4188-b855-e49cefc1b938
                    Filesize

                    27KB

                    MD5

                    9d8b3c48320d4315b2246c179e7ebd9d

                    SHA1

                    b931dc9f4388fbe3a8d079e966c5db2547c7e1c4

                    SHA256

                    754d0a76cdcacf8f4f80a74369a572b626da671928ee4c4400a08d20734f32b5

                    SHA512

                    e2c29493220b184c8086289cb3c78dd1fda3a17231e223a76dec4d2e55c26ad60df58667237b7325a7312d54c44aa669a1b569084f99087ee492105c786c9d7e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js
                    Filesize

                    11KB

                    MD5

                    31e85605fd466637e57cadfd3cb62f97

                    SHA1

                    fba51c977272e188b704cd0eb2ea14fe14fb1d4a

                    SHA256

                    086f9dfb81fd5e734a6d988cc224062de76e5f95ffd7975b337bd7e612fe3a5a

                    SHA512

                    71a0908deaf062976711d574763fe462ec7772f5212d664ee91112426f0ba75f8e9d85adaaf8ca17bf60976d84fb0cdec5979396966a25cd81b10e090048b26a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js
                    Filesize

                    10KB

                    MD5

                    7127984db466b327a8d41435e2ddd05b

                    SHA1

                    16c62b63745ce18864cc7409f35e5e538b001011

                    SHA256

                    a0fc82772dbe6c493ea0bc48522b0b6ef96de99b6ec18774039006cb309311c0

                    SHA512

                    ca2f473b44903e516ac0ef64204885b0e632742fa736320a7321c02afe52e19f628bb0b805e906e6b19f1a39daf5539ae8a9211761931d2c211932cb44199b5a

                    Download Submit