Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://streamdj.app...

windows11-21h2-x64

1

Resubmissions

17-10-2024 14:37

241017-ry4x8svbrl 3

14-10-2024 16:38

241014-t5dezavcrb 1

Analysis

  • max time kernel
    25s
  • max time network
    25s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-10-2024 16:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://streamdj.app/c/Veter01

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://streamdj.app/c/Veter01"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3220
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://streamdj.app/c/Veter01
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:844
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2ca77a3-68d1-49df-bf57-30cf7f049d67} 844 "\\.\pipe\gecko-crash-server-pipe.844" gpu
        3⤵
          PID:3704
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {880eaacb-066d-4aa6-82e8-97d8fd41dcff} 844 "\\.\pipe\gecko-crash-server-pipe.844" socket
          3⤵
            PID:4984
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f96b8890-5827-476f-a1bb-2dc44fdf0927} 844 "\\.\pipe\gecko-crash-server-pipe.844" tab
            3⤵
              PID:448
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 2900 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b79ed5f-2c53-4683-a7d1-3ec5ea8f330f} 844 "\\.\pipe\gecko-crash-server-pipe.844" tab
              3⤵
                PID:5148
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4572 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4576 -prefMapHandle 4480 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79005707-1df5-4e10-b400-be0e57286649} 844 "\\.\pipe\gecko-crash-server-pipe.844" utility
                3⤵
                • Checks processor information in registry
                PID:1444
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 3 -isForBrowser -prefsHandle 5524 -prefMapHandle 5528 -prefsLen 27093 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dbde49a-79f1-476a-ac51-271b20054b96} 844 "\\.\pipe\gecko-crash-server-pipe.844" tab
                3⤵
                  PID:4876
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5944 -childID 4 -isForBrowser -prefsHandle 5920 -prefMapHandle 5916 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53501bde-f60e-499a-862d-783e7188b6b0} 844 "\\.\pipe\gecko-crash-server-pipe.844" tab
                  3⤵
                    PID:232
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5952 -childID 5 -isForBrowser -prefsHandle 5936 -prefMapHandle 5932 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cbc253c-a3e7-4e60-bed0-9b63b1fa4047} 844 "\\.\pipe\gecko-crash-server-pipe.844" tab
                    3⤵
                      PID:3432
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6100 -childID 6 -isForBrowser -prefsHandle 6352 -prefMapHandle 6348 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84a38c9a-9b65-4dec-a8f3-ed1b92c47313} 844 "\\.\pipe\gecko-crash-server-pipe.844" tab
                      3⤵
                        PID:3488

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\AlternateServices.bin
                    Filesize

                    10KB

                    MD5

                    f267b62c9170b6d2c25f177ce715f485

                    SHA1

                    0630f804cf86e067930f0fd4720d23075ef69b5f

                    SHA256

                    85757fe1ee9ed07adaa1a7243b785ec1cffcf03cd3516fcc334aa838c94c7834

                    SHA512

                    82cc50e56b856de6d86550efba772885f92e85e0df80aa535544c48859e120b9ee5c355fefa70a2674bd46333b87097d4f7001c5f5cf1201d280085cadb9eaeb

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    516ce8e1b8a50184473da7c88317ed89

                    SHA1

                    75687eaf2d4ac71daf0ffbff4f443ecc678f0f6d

                    SHA256

                    5820893ad3d19e7f8447c0f999355665fa2fbdcd57f75bdb7b9381d0cb3352d1

                    SHA512

                    f023ac07162abfe8c3e9190da08839dc8301b8e4bc6f530bb372e2d52748a275d09be86f1fa10d93826d600047acd839face5094d2d1a695e396b2705b73d228

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    6f22f0002b7ca21a69817afef570d669

                    SHA1

                    80f3b96f719dea208ad86a62a1ce8a584265d7b8

                    SHA256

                    1cd2ee74df4b0e53baa38cd4a4fb3bf3faa4c048efc08ac8c9655e4fb85db3ba

                    SHA512

                    a5d1e1874f5b64b7f5d751536ac7d2b01ec0942de9a7c05105b6497f62704ebca8c13edefb1fb88130c643c3dc403b4f3e115dd88b566fb3c86b465fafa1958e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    6KB

                    MD5

                    41ba81c89cc33b69b68ae65002b2af83

                    SHA1

                    8f55819f8a1372eccf890b50610a6bc745313e41

                    SHA256

                    96a1a0e3e0893312c0ebc388dec637fde7aad8b8be2db27fdd5fee79cde4989e

                    SHA512

                    915bd34b605ecbd4cc894d80e6d583efd032d476c432cd06e41fd2be0b2beb164a8abb304ec506fd2e8ca81881447ae0d47a5d2e2cdf1bd648412282c927a2f2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\41a39905-83ef-426f-8ae6-f78f4f644db6
                    Filesize

                    982B

                    MD5

                    c8d58b97ad2da117507e60a0bbc0b395

                    SHA1

                    c881f466362569a3b1f32c8a93186a8edbdf1c20

                    SHA256

                    bbb4738adadf6e37ddfa7c9de2762f03bdd700ebc6234f39abb6eb65a1b99817

                    SHA512

                    3a141b59a33d3264a7b471f0127367bfcdf95522b60fe2fbae5b616bba45e7cfcd41d9b516dd41eda0d7b8d38fdf15528148f7aeac0bae92a4d8911fa585f52d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\92debcbc-b248-46d4-864d-fc7739127fc4
                    Filesize

                    25KB

                    MD5

                    c3ada436c639a47892483e691da03c40

                    SHA1

                    ab634a20bec725639d218ec0ffdce528404653df

                    SHA256

                    ce5595440fc6a418f8f20c5c49b34d13359b92631ed71b46d0da704ceea62604

                    SHA512

                    92a8cd77dfedf77ffb179906a3ed79a57d27c0ab66acad5539464c99c9aa95b6a507c4efe4bac2d3dd97ab243fbfb6bad4526f6919e6e778d1c6b14fec7f8fbb

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\cc886420-1aa1-42d3-a1ac-22b19ec22f64
                    Filesize

                    671B

                    MD5

                    49bcd5f5287efd40d921df9b614f7f6d

                    SHA1

                    3c743f9f431077022910c8395aa437fdbc1decb8

                    SHA256

                    4bab3fcf0820ab73b39fcc49be7e1afdd6209c88606f2204e19a85658292708f

                    SHA512

                    80e8786aebe3232f768b81b8525dbc71e4ae5c291ad49c9d1019627982c76af5a14d35832a4204b84d9d6dc8700b4ef0ac3ab494a7c441f86573b37c1ddf5589

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js
                    Filesize

                    11KB

                    MD5

                    78b152d1b73901007df7cd77769853ff

                    SHA1

                    270a0d943e87f6194c74ed75ec560f2912741106

                    SHA256

                    8fb9543b3369494490516eb037f668777721ab33cbf3793a30bda6525a7a3394

                    SHA512

                    d4b67a550be7eca743dff269a0594f4627bb496dad64291bb28e4990c63ac87ffa5e57842db90e96c5f222494e4072548ba1fd8d3ce36e3876f9d7b26092cd20

                    Download Submit