b6a7287171d698c09db00de551ea67399fcc247fffd6b419eb02017ea4eefa67

General

Target

PROFORMA.html
Size

466B
MD5

f1d49f790ef673d213b94f1c133a354c
SHA1

2fd7ca16c16816dc25d15bba51a7c93ca8bf3be0
SHA256

b6a7287171d698c09db00de551ea67399fcc247fffd6b419eb02017ea4eefa67
SHA512

1bfd5a7667c26f56c48ccd5bf5ee053ad8aca60e4ab4421d708fa1b94d42eae766ad34e56780e65db6f3ea3a06e4fc6d3e26d9b9573c0f15ffa8ebb62605f4ea

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	4904	firefox.exe
Token: SeDebugPrivilege	4904	firefox.exe
Token: SeDebugPrivilege	4904	firefox.exe
Token: SeDebugPrivilege	4904	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

4904 firefox.exe
4904 firefox.exe
4904 firefox.exe
4904 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4904 firefox.exe
4904 firefox.exe
4904 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4904 firefox.exe

pid	process
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe

pid	process
4904	firefox.exe
4904	firefox.exe
4904	firefox.exe

pid	process
4904	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 1608 wrote to memory of 4904	1608	firefox.exe	firefox.exe
PID 1608 wrote to memory of 4904	1608	firefox.exe	firefox.exe
PID 1608 wrote to memory of 4904	1608	firefox.exe	firefox.exe
PID 1608 wrote to memory of 4904	1608	firefox.exe	firefox.exe
PID 1608 wrote to memory of 4904	1608	firefox.exe	firefox.exe
PID 1608 wrote to memory of 4904	1608	firefox.exe	firefox.exe
PID 1608 wrote to memory of 4904	1608	firefox.exe	firefox.exe
PID 1608 wrote to memory of 4904	1608	firefox.exe	firefox.exe
PID 1608 wrote to memory of 4904	1608	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1476	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1476	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 1012	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 344	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 344	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 344	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 344	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 344	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 344	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 344	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 344	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 344	4904	firefox.exe	firefox.exe
PID 4904 wrote to memory of 344	4904	firefox.exe	firefox.exe

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\PROFORMA.html
1⤵
- Suspicious use of WriteProcessMemory
PID:1608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\PROFORMA.html
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.0.1155981678\1343396534" -parentBuildID 20200403170909 -prefsHandle 1700 -prefMapHandle 1664 -prefsLen 1 -prefMapSize 219940 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 1800 gpu
3⤵
PID:1476

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.3.1760147941\791234979" -childID 1 -isForBrowser -prefsHandle 1932 -prefMapHandle 2440 -prefsLen 112 -prefMapSize 219940 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 2416 tab
3⤵
PID:1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.13.300144171\700726933" -childID 2 -isForBrowser -prefsHandle 3784 -prefMapHandle 3780 -prefsLen 6894 -prefMapSize 219940 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 3704 tab
3⤵
PID:344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.20.403371665\113391407" -childID 3 -isForBrowser -prefsHandle 4584 -prefMapHandle 4588 -prefsLen 7599 -prefMapSize 219940 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 4600 tab
3⤵
PID:2852

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads