Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://46.246.122.115

windows10-ltsc 2021-x64

1

http://46.246.122.115

windows11-21h2-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    148s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-en
  • resource tags

    arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/11/2024, 03:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://46.246.122.115

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://46.246.122.115"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://46.246.122.115
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3172
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f01ed450-435e-4f03-9593-96a7ed7acd0b} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" gpu
        3⤵
          PID:3324
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2328 -prefMapHandle 2304 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {911e16bf-f284-4d32-9614-7fc2757e1f2a} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" socket
          3⤵
            PID:2452
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2988 -childID 1 -isForBrowser -prefsHandle 3172 -prefMapHandle 3248 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30e72f0d-adc7-4a96-835a-99fc6b2ff0b4} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" tab
            3⤵
              PID:4772
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1140 -childID 2 -isForBrowser -prefsHandle 3136 -prefMapHandle 3212 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {959ab306-9a10-4cb5-b2cb-b2d078456c49} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" tab
              3⤵
                PID:3532
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4716 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4708 -prefMapHandle 4704 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bae1cd0d-0614-4ffc-985a-f3bacf83d010} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" utility
                3⤵
                • Checks processor information in registry
                PID:1296
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 3 -isForBrowser -prefsHandle 5336 -prefMapHandle 5328 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5ca98b8-d58d-4cee-869a-9c3e4ce36a96} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" tab
                3⤵
                  PID:3040
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5500 -childID 4 -isForBrowser -prefsHandle 5380 -prefMapHandle 5340 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d3a4026-d8eb-4312-a348-2215bedbedbd} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" tab
                  3⤵
                    PID:2692
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 5 -isForBrowser -prefsHandle 5688 -prefMapHandle 5696 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 980 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a39b8ede-81ff-4444-bdd4-f8535e10a8a8} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" tab
                    3⤵
                      PID:3736

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\activity-stream.discovery_stream.json
                  Filesize

                  27KB

                  MD5

                  1e04754f8fca602ef6b0975bebd90f47

                  SHA1

                  a90c47f07391721956fea390ff2eb5d99ed852b8

                  SHA256

                  76631af0c062ad877a7d667b1d21a070ed74f1288a36c166b21263f32b6d5396

                  SHA512

                  845c67737a0af9b18cba2055614ef64227f0c1a94bc940fcc840316f2ac0afeaf5fc5fc4cf8b01da360c138e7fc84a2c1d820a459d90d4ef210da16c49dea6f9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878
                  Filesize

                  13KB

                  MD5

                  faf48ae7f24d303051cfcd9f6453ad76

                  SHA1

                  71d823c3023d4d5b62705cde10127db66d91bcbe

                  SHA256

                  0af76cb2cf3f5dc332049a1254aa1253428b94f493af357dae085cb3098062e5

                  SHA512

                  6794732c320985b0833bd6b72552cd7e5e530a2a2d15225731d956951b0266bc524ec82b4ad807392c4b85e53543558f9b8c2fff70b9c3f111a87c7d6e90c407

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
                  Filesize

                  9KB

                  MD5

                  4f60ca6e66067405376fad481bd9f498

                  SHA1

                  0c79e62ab6310af76a63399f31f2c9efd8ffa085

                  SHA256

                  d42a62078400bb9c11e122c405805b53c1d2befdb76ae3ef5827735c68035031

                  SHA512

                  183627fa6a121835afd666517ef90f0942bed1b225090a2bf561bca662e99a839aa90c6e350f81d1813591c10594444d16bfbcd84bdd882051fe12e6cbfb03bf

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  479KB

                  MD5

                  09372174e83dbbf696ee732fd2e875bb

                  SHA1

                  ba360186ba650a769f9303f48b7200fb5eaccee1

                  SHA256

                  c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                  SHA512

                  b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  13.8MB

                  MD5

                  0a8747a2ac9ac08ae9508f36c6d75692

                  SHA1

                  b287a96fd6cc12433adb42193dfe06111c38eaf0

                  SHA256

                  32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                  SHA512

                  59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\AlternateServices.bin
                  Filesize

                  8KB

                  MD5

                  4c26c8e04a23efb15c112e7ba1d35b2b

                  SHA1

                  115bd322a5ef9ba145862a89203c73337619e6b3

                  SHA256

                  b66f9d6c76e99fc6958bc280f7e7a84263fc3313510b0f44d0c1dce9617794f2

                  SHA512

                  5ee2365bfba18776a3461df7e3d71e0da889d64aa5d26aa7fd1c9e047d623da3f9404b625c613869f3379afb55511ec4e91c74ef017ae2cc5f35fcad14fab551

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  22KB

                  MD5

                  8551bd7162c6a747109aecbcc641672c

                  SHA1

                  60f4b38146146464a749a964a6f68244abdf596f

                  SHA256

                  86612fd035dd50f26743376d6e8e6607748737939e9b462035549d34f990b787

                  SHA512

                  7a79f0076915ce314d96659f236360cf8f5647a45be0ad20b10bb7a05967accbda90daae97a20325b8a056104d71a0e3e2395db3d6054144bb6ed2418888f333

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  24KB

                  MD5

                  069656abe0ac49642d84bb4a9b426d7b

                  SHA1

                  fb6b915877c353923fb6eae79a3f32202672b1de

                  SHA256

                  c8b6a72c58d914890e904ed379d368a0c9b5e147b9735f9267fc0c9df717f85c

                  SHA512

                  4ad04ca4cc41111acdaa18b87e51e8bf1816018a7bba30c3504788530f9293f5cd861b814b65eba1fe3887ac6383ed67d3421d510e1911e80581378edc91cde5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  22KB

                  MD5

                  7f359cb10b949bffa0a4f58414348675

                  SHA1

                  e0a3c94619c27d6670712650882e25a8ee97b70a

                  SHA256

                  8fd9db6e8fe3f449b949782bc63a4d889ed0c1de92d039075a399d6b47384fb1

                  SHA512

                  510e8451d49a10b5256c5f38a2dae46e6fdf115fd131a8b1c0b10f5bfad337669c6a962dc027bb68f230ebbd9165eae2745c3d0d3eeed841f18279daba055bbb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  23KB

                  MD5

                  d89bb37bd5196b857b672da3da64e85f

                  SHA1

                  306e8a603be40b61aaa09cfac6a9bec455fbdb74

                  SHA256

                  332317ed977542ab36fccbd5430914af56308b3df7c3aa8f4a0d8e73d18b40ce

                  SHA512

                  f49a553ae25e5c15a4d6f7a33e41d82c67d42002bc3d53730f88f1b28665e2ed705ca4f0b96fd08b8d49c7aba03fd65ea0a5c55819a5778d667cebe198a77f15

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\2b1d744c-05e1-43d4-b0ee-664b2ce822fe
                  Filesize

                  659B

                  MD5

                  7b0b5871baf39d98831fab329a659fc3

                  SHA1

                  07ea67d292290909f0a8d8c399be39e3f3c32075

                  SHA256

                  e7934042e005fe56ee2c66c37209e35356d0801d812805c8b038eb80824d2276

                  SHA512

                  4b319fa489cba19d2ecf0275a45ec058390d1486b0c3a1bb541b8dbdd8832198b4ae0fa1b9871eaaea348e56aa98828ef00bced2fda4cedf446d402fa5a00b99

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\7b0b2cd9-f6e6-47a2-b998-5dc2fa36f144
                  Filesize

                  982B

                  MD5

                  0476c80da09160482d75544c353fac8d

                  SHA1

                  b6eea28f8f9e9895d3a7213fe0fd5efd1e6a9bae

                  SHA256

                  d1880ed66a81005b83c6ea2028d428d3bd7371244083e6ead3e9398cae1f4c31

                  SHA512

                  e68c266221f2416d561472c53f55369f14682067ede25e0a843d2ac05bcf8c0ea5688257efc54ace70cf3036c323edeae331a9bd8f85bc1c1bd39843152b6a1e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                  Filesize

                  1.1MB

                  MD5

                  842039753bf41fa5e11b3a1383061a87

                  SHA1

                  3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                  SHA256

                  d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                  SHA512

                  d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  2a461e9eb87fd1955cea740a3444ee7a

                  SHA1

                  b10755914c713f5a4677494dbe8a686ed458c3c5

                  SHA256

                  4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                  SHA512

                  34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                  Filesize

                  372B

                  MD5

                  bf957ad58b55f64219ab3f793e374316

                  SHA1

                  a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                  SHA256

                  bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                  SHA512

                  79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                  Filesize

                  17.8MB

                  MD5

                  daf7ef3acccab478aaa7d6dc1c60f865

                  SHA1

                  f8246162b97ce4a945feced27b6ea114366ff2ad

                  SHA256

                  bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                  SHA512

                  5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs-1.js
                  Filesize

                  15KB

                  MD5

                  98f268aef9606a8dcac3dd3c1b3a4f10

                  SHA1

                  e2fbaa4512f1df0c61cfdf5e268def369b6ad5b5

                  SHA256

                  14fabe786c4238f5b397bcc3ac8a7ca7bb699a2274090b02c708059d919d4eb5

                  SHA512

                  de0129957a46ff8aa6958f3984a94acceb1fbf945d8b79d51b20434faf2ad0a77c9c15fea63b104b9072bc19630a0449beacafe86a5dceb3ac6467e407d1787b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs-1.js
                  Filesize

                  12KB

                  MD5

                  d839c505bc55a08ba3e84cb3745166b2

                  SHA1

                  77ef2da14d1295907fce3eb3683b28ebd3f99ff8

                  SHA256

                  53e5cb41cdcfd35ee60eb7dc7495324231c7dc8bfe4211cd1e0919fdd7a05dbc

                  SHA512

                  01c24b69371de84c5ae161fc2cea7eb39a92d1e02f8528baeda89e0a757fe52feeaca2548254cc7793c1a5e4e9a8798c64da92b028d1b3cbc17fa31511eb9692

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs.js
                  Filesize

                  10KB

                  MD5

                  2bc449be6658091db1347a9f777493da

                  SHA1

                  7cda54bb0cb87a7f4cc533616bf3d134eca0fc22

                  SHA256

                  4b5f8fd89cb73031e09d34c49efe3e9e129d19e61c6fc7332b38b443ea7fff90

                  SHA512

                  2f139a5a86908ae55b4053fe14beba56488811d6833579fa9ecab63e1234a8d60b197e258654f89367ee6423d2d8493ad9a922070cc8cb68d060191f89e24d68

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs.js
                  Filesize

                  10KB

                  MD5

                  da750afedd63e8e4308bdd1774d8a919

                  SHA1

                  6deb3763a3b9210b008914b77b1676d29686ef16

                  SHA256

                  f6028f7c7e92bda0afc6a0e5dcb2e012ab905d332f1a3705f07c75a39bb7612e

                  SHA512

                  2d0ab0326b972e7545595e5a34f18f440f37bbb8d891f871c1f7106467acdb4279c6e7664c23b68fa46603a6bd856c7729af518c0b5c2425a2ae739e22543c9e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  544KB

                  MD5

                  626e73ccef01e9346b765bce117a30cd

                  SHA1

                  02338172afbf96c1c987d0042c75f830f35a14ea

                  SHA256

                  458f377dd2eaf7c8e624cc5ef7d988db33cc6dc2ce47604da494340d5e42dc4d

                  SHA512

                  725226a6ef50fff2e81c835808137fb4d341b55d9cd92e48bb2e6c835751532a9638ae06f7df04103f49b27046fd416c4d2e6c87079664c6bd2f9fba5d0cad25

                  Download Submit