Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-ltsc 2021-x64

6

Analysis

  • max time kernel
    13s
  • max time network
    17s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    02-01-2025 16:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/17-0vVHU4TN1v6AAtxIRUcMFWIlzRY9TR/view?usp=drive_link

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/17-0vVHU4TN1v6AAtxIRUcMFWIlzRY9TR/view?usp=drive_link"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5076
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/17-0vVHU4TN1v6AAtxIRUcMFWIlzRY9TR/view?usp=drive_link
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2932
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1896 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a91e6ad-147a-4c60-ad98-629b1e6220c5} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" gpu
        3⤵
          PID:660
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20240401114208 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 24759 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c0a694e-4b75-4ba2-bc4e-8185eb2cd15d} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" socket
          3⤵
            PID:1920
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3248 -childID 1 -isForBrowser -prefsHandle 2616 -prefMapHandle 2852 -prefsLen 22700 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afcddf14-006b-4cae-929c-55cf08a26390} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" tab
            3⤵
              PID:3620
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3620 -childID 2 -isForBrowser -prefsHandle 3592 -prefMapHandle 2876 -prefsLen 29249 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0982247-509a-4f3a-aef0-6c978733e971} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" tab
              3⤵
                PID:3348
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4128 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4092 -prefMapHandle 4140 -prefsLen 29249 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70c8160a-7375-476f-ad28-27574115063b} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" utility
                3⤵
                • Checks processor information in registry
                PID:5008
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -childID 3 -isForBrowser -prefsHandle 5452 -prefMapHandle 5444 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {571757af-f5ad-48c4-9363-b888a59d138a} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" tab
                3⤵
                  PID:2276
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 4 -isForBrowser -prefsHandle 5684 -prefMapHandle 5680 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9524fb1a-5d78-45c6-b942-a1980e0df945} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" tab
                  3⤵
                    PID:2104
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 5 -isForBrowser -prefsHandle 5824 -prefMapHandle 5828 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8af867d9-ca39-40b0-bbb8-a63790729829} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" tab
                    3⤵
                      PID:3384
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6248 -childID 6 -isForBrowser -prefsHandle 6240 -prefMapHandle 6236 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {173e0847-6400-4e66-92d8-443a6a99dd7d} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" tab
                      3⤵
                        PID:548

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\activity-stream.discovery_stream.json
                    Filesize

                    22KB

                    MD5

                    13095e6ad731bf4d5529b78a92901106

                    SHA1

                    2bb490d264f76a843d2f40f2c409b9fac3e23683

                    SHA256

                    35c95433d7cb8cd6c33ea7475c703c4b98f16d3a065cfae778b20ddac8c84fba

                    SHA512

                    a68e6793321fa7a90eff67e365b7d946367c89c0d6e633b0c42c8fcb756cde00d0a20ee5de43d3ce65a11235c0af2177c4717a45a1cfc413d84dcae75df9c9ed

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\AlternateServices.bin
                    Filesize

                    7KB

                    MD5

                    763846f0ce2cee6582f4d1cd98231811

                    SHA1

                    820b31ff90119ca59cfe80b507e0260a2b26276e

                    SHA256

                    9b99008c8fd3cb664aaf49ae18a6367125cc810d9030affd62d64b93d277df5c

                    SHA512

                    c6719061c046afc7204a14ea9b8c513905de102e472f23690a26335d41ff7820d5c73083b2a9dc4072d53cbb726a8c4b7e4694485dfa399b0bf741eb61dc028c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    4f51d72a1fed8d4f5ab6b196080052b7

                    SHA1

                    33d507e3e2c61a045a9d1c680cb55108ae3dc3a0

                    SHA256

                    c5674105f921b4addda6ca2d8615a5751548a4ff19f5ca9a42f3f7087760490b

                    SHA512

                    a997531e96a739183eb9807b3f1e620b494725769aafba2ce0283dba511605adbd371ad186c92bb58919b69e002a9ebc6d8c5c614bee4c5baa27106bbe20e3bc

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\pending_pings\0d653a16-8557-4606-a2da-cbfdd2cb1ce4
                    Filesize

                    671B

                    MD5

                    96c8e816211f6fad89b03b769ded630c

                    SHA1

                    a294358e2957240a53ceb9aac961b3f647c4de5b

                    SHA256

                    8e8e9b9b7d67570dd18cc799fc4fad3f55f2fe7ddd743d87b80b858d5a3bd367

                    SHA512

                    4a2938c082c334d2e90154a4c6ce8876337472a757215a51747b188d2d2066db6f13af371e2ed8aeff1979e95f2703dbf86e25ae7e5807ec62813006bd03f48d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\pending_pings\c1e01902-1fbd-4934-a5da-9ebd5fde81c5
                    Filesize

                    26KB

                    MD5

                    cb55cff741535eabd78b5bd5a1113c18

                    SHA1

                    18a72aef2bdb5f04292c2fdd805e78a200c32e30

                    SHA256

                    584e72e91ccdc36124a9e8931c3fac524b61574db2ebb2248a074aa5ab4f2ca3

                    SHA512

                    54af1947930147b800762d4ecba3c9ece2fd4e4f7ce2e2a5d5816bc6ce4b66a88d6cd8f3bac6910ece7dfb61dc54ab457a5c2d71cda572b4e229ccbfae70b38a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\pending_pings\ed19bcb4-c0da-416c-a623-2ecaade4190d
                    Filesize

                    982B

                    MD5

                    65c56f1176963eca7c9e2f875e5f0ca3

                    SHA1

                    7196bf844930650c3c1c3cff74738ba1f6086fe6

                    SHA256

                    87f0c7c8d590e710134243fca5ec1b51a8f824dec14d8073bf3c36efa98d17a4

                    SHA512

                    51a31604f05345d7f53cd95526681d1e8c1c4cd29da1ed7f7d106dc7351e2235339a1d1da279fe10d97cc582d8b75264932b78277410360d39a0ce34eb91160f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\prefs.js
                    Filesize

                    10KB

                    MD5

                    83652ecfb5cba09a1ce21ddbaace0dca

                    SHA1

                    b4750d07d83efdf244532a36c88ebddfa80484bd

                    SHA256

                    7b7137f87e2030ff50839a182856f525eb8d3c565cb17fbe5711927773385984

                    SHA512

                    88eea9b7fa8e6bdadbd726d3ff0e51d8a6fba8af66183df9331c18e3fc414fc41e483060fdb84378157d3b2c8dba76039b8fabf661d6e232572da92382be72b1

                    Download Submit