Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://katfile.com/

windows10-ltsc 2021-x64

1

https://katfile.com/

windows11-21h2-x64

1

Analysis

  • max time kernel
    123s
  • max time network
    153s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    21/11/2024, 04:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://katfile.com/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://katfile.com/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:672
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://katfile.com/
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1720
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1912 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e75adba4-01bf-489b-b40d-e486621da7e0} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" gpu
        3⤵
          PID:4804
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a244448-f7e9-412d-aeb7-64c011b9c0d1} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" socket
          3⤵
            PID:2788
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2964 -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 2984 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3da8d56f-97db-41dd-a6c5-27afc354f2ef} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" tab
            3⤵
              PID:5076
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3512 -childID 2 -isForBrowser -prefsHandle 3320 -prefMapHandle 3528 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c1fa97b-1bdf-42e4-b975-7ec45d0971c0} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" tab
              3⤵
                PID:4456
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4860 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4852 -prefMapHandle 4848 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e83fbaf-a13e-4761-8b72-c557505c8086} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" utility
                3⤵
                • Checks processor information in registry
                PID:4676
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5632 -childID 3 -isForBrowser -prefsHandle 5600 -prefMapHandle 5608 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e47525b5-dfaf-4c33-a0df-0b479154e6cc} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" tab
                3⤵
                  PID:3448
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5652 -childID 4 -isForBrowser -prefsHandle 5644 -prefMapHandle 5500 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {433d7a84-3bff-4ff0-b214-5940b2f4c7de} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" tab
                  3⤵
                    PID:2296
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6032 -childID 5 -isForBrowser -prefsHandle 5860 -prefMapHandle 5772 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4951f31-c059-4b31-a39a-3719c6c3898a} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" tab
                    3⤵
                      PID:2320

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\activity-stream.discovery_stream.json
                  Filesize

                  27KB

                  MD5

                  5ba06b846be89eec439cb297f886e40a

                  SHA1

                  dab4fbdc191b5b837b0b3f6d1dc057ea50f0ba33

                  SHA256

                  e6b0b765207e85defcaf2d9f8b35330d750139e24d62c2b249b14040305b4d40

                  SHA512

                  d24970e8cc915309574aa5a8031ce7aff113c8ef117f475a2b20077b3505af6c4599d61b58163d5f9fa95e78f0eadd260f5ea7c6e49de941154413a41b400de8

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878
                  Filesize

                  13KB

                  MD5

                  7512d5fa5dac601c6b825d03193655b2

                  SHA1

                  716ee1b7932274f71b7f864076584af35e2ab308

                  SHA256

                  dbc7686949588ce91e2afaaa23f1762aecc9ee4942b330a4e392128e6943823b

                  SHA512

                  eb208f54d9ae3f40acf4151fa16c27c6cdfeef11d791ccb3ef19a719689ece8ed62e6f546b737eb05cccfc70867f072c62ce05d7debf0038607e685a870a270b

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  479KB

                  MD5

                  09372174e83dbbf696ee732fd2e875bb

                  SHA1

                  ba360186ba650a769f9303f48b7200fb5eaccee1

                  SHA256

                  c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                  SHA512

                  b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  13.8MB

                  MD5

                  0a8747a2ac9ac08ae9508f36c6d75692

                  SHA1

                  b287a96fd6cc12433adb42193dfe06111c38eaf0

                  SHA256

                  32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                  SHA512

                  59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\AlternateServices.bin
                  Filesize

                  8KB

                  MD5

                  7a9d9b6425068f6945253af6f226fd33

                  SHA1

                  07a1f58fad0ec192fce37ff3f9f623929bc47e01

                  SHA256

                  c38c165bb6a935d28044530904a288c12cde9b616f440b3949680b14c6f85601

                  SHA512

                  e117ce0a27a70d8caac6e58d7a3bf8c474ef84defbcb48b626ea05459a6c0ed930e7e234f8d5fc8555d6f303c1ca25d1106c674e817f1a4c39d5e38c0c590b7e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  2789e4eeb1e5ee934b9358fe588d9ead

                  SHA1

                  61d1be8c4421a571aa572454ec0b153deecc08c9

                  SHA256

                  8c573a3b98bfe6b9ff7aedc6f2e6d660cdf021c94772dcfe7875ed5500b6f3d1

                  SHA512

                  5664da2c98753e12e78041e5aac7c51582cf244b8cee6a11ed18546d9e048492bbd619192566cd69cda64a4358d9e1c5a8a32810f88da9b81a4117290096c164

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  16KB

                  MD5

                  4efef9cca85db53259d5794f29edcabd

                  SHA1

                  83c1ed1246c1ed31f4f38cdfb274bb2daf432279

                  SHA256

                  e2a442cd977b149dc69f73944d103f9d709007c97345f0104a112f489bdc9f28

                  SHA512

                  6461ba3cb3b3f45f68407921644e62035c15f54d6c94c11349e6538fc8b37b12a8686a47c7ca54bd7b62c6212c1ebbf7ff2114c6f445c324b3b90f00881a9e7f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\4c4b1802-d25f-4c88-9e73-8aba50da0677
                  Filesize

                  27KB

                  MD5

                  426e5f81ecb49c432e1f071b687f42ba

                  SHA1

                  90642a8b2cdc879a66eb0a42c50a79a3304db4d2

                  SHA256

                  9b2d58f42d82d8d62fe5f18f82da5ba294092f2746768bdfe1ae3513cfefe7d5

                  SHA512

                  20bdd5552a9438fd075f2099a42ebfcb381a0294385361c8e4ae5ebc85bb35450ba2d363cdf7d420fc2a91279f8809fcfe92157559bb9a0516d38fe58e297764

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\908c5849-8e57-4fd3-ac31-ae3b8a553fd3
                  Filesize

                  982B

                  MD5

                  60e3dcac5e7a0b9da308e5b80ece7543

                  SHA1

                  d57b72a4906de3d1fdf0686523249f8bfae694c4

                  SHA256

                  d50f189c2add928049e3f18a2dea7b86236d7edad77144312b57e142d8cdd8dd

                  SHA512

                  3080808baf61a34cc50b548b614d162ba22d787bdd7a9bc96909be2d09e24a8ad3f5c36defd0b069f125243daacbb473efe974e54bdef12d781618a03bac0a83

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\ef1d9a17-c043-42dc-b515-c5edbcdc0df2
                  Filesize

                  671B

                  MD5

                  bad0783f6329c53d45613d448d67ef1d

                  SHA1

                  84294ee7a84aa19ad9413b70a64768be4c420ce5

                  SHA256

                  ead6c3a13b28af07fb905b4d5bba793e1dd40753d6ffa3969a40f031ed93608e

                  SHA512

                  24d3c8d7d4b8435ae46594beeada36af755705126efabc3d2d79d2a61f68efe416e5cb8ae3012e579634f6876e543d666800c4439e279d205767f0fa6831a151

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                  Filesize

                  1.1MB

                  MD5

                  842039753bf41fa5e11b3a1383061a87

                  SHA1

                  3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                  SHA256

                  d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                  SHA512

                  d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  2a461e9eb87fd1955cea740a3444ee7a

                  SHA1

                  b10755914c713f5a4677494dbe8a686ed458c3c5

                  SHA256

                  4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                  SHA512

                  34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                  Filesize

                  372B

                  MD5

                  bf957ad58b55f64219ab3f793e374316

                  SHA1

                  a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                  SHA256

                  bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                  SHA512

                  79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                  Filesize

                  17.8MB

                  MD5

                  daf7ef3acccab478aaa7d6dc1c60f865

                  SHA1

                  f8246162b97ce4a945feced27b6ea114366ff2ad

                  SHA256

                  bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                  SHA512

                  5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs.js
                  Filesize

                  10KB

                  MD5

                  b4ce21111a6fa74f383ec0f3c504a6b1

                  SHA1

                  31df96382475c22e86b48e152beb0cd5ab400b9b

                  SHA256

                  2e51e4a00b565e6fabd9288429677ea5debdeabf6079fd203a6b6879ca6e4ad2

                  SHA512

                  7090d946275b4185d0e8237869353b8a5642fbe909400d4ff8aca4d5c3c99558e280633ca559bb799bcd12c017a9f9e9f60d5e1e327d194ff7195b3dc46911c3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs.js
                  Filesize

                  10KB

                  MD5

                  3d0cc38b7666c5563874f686c204fa5a

                  SHA1

                  93847c73aba5073ccd0e36c34076c1cf9ffec0c1

                  SHA256

                  2511bd57167868a8be3eedc37ad03942c50f11bab69b1a589293c6500d59774a

                  SHA512

                  4abba4c3910bfd5b6f829ff84c810c1bfed56b54279ec626d6059cb2ef02aee29a97683772e4e4ce86f87e921cb15f362989d5484f3a8d70b4d5185847f87196

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs.js
                  Filesize

                  12KB

                  MD5

                  e7eea92492eccc192abdf058dfa72824

                  SHA1

                  d9950bee5b9ce5d7c2686622ec70b2cb757340b8

                  SHA256

                  2867a7574dd075362671f2c223cab41ec59a7a131785888a4e8b8e94fe6ec324

                  SHA512

                  15dbf1afe999fb20a905bf656f95b4931489c39ddb89bffe1b368082e1b42110d45513fb3b47b497de4daa419a762fba5d57fbe76d91fe55a84427600a64b89e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs.js
                  Filesize

                  15KB

                  MD5

                  546b8e315b9b0d10ff1c7b86f155f239

                  SHA1

                  b7acbc411a48feaf9a0c31347f23629e5b7479f4

                  SHA256

                  573415dcdae0417387c9a525647eadae4c27054460bf9967ebd8b520c5f68444

                  SHA512

                  86f258ff2c3476855e7dce6710d19af2b34b484662e77bd70285f30343b41f419b31eedeeab31b93ebf8fc44c2a0fb7611a59e683de0f77a3797a6b28e50f591

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4
                  Filesize

                  2KB

                  MD5

                  808ed66f93bdf2eeebef8720d4b11881

                  SHA1

                  704dd62d97031d4fd2e54367cd17f18600a48ed1

                  SHA256

                  c13f535801adbc370bc148c02932b6405df7e9c59fdfac868d1c2337d16883d7

                  SHA512

                  3334909dc95a7c2ed5ac274fc106b4b796b134961ab92d04ee08aff66891a45f3b134f66648816acb08f3fd2f4b52fb2f3b0c0fa2878e1866bf2216c0597c844

                  Download Submit