Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://aka.ms/Learn...

windows10-2004-x64

1

Resubmissions

25/03/2023, 04:31

230325-e5fg1adc8t 1

25/03/2023, 04:23

230325-ez4yeadc5x 1

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2023, 04:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://aka.ms/LearnAboutSenderIdentification

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://aka.ms/LearnAboutSenderIdentification
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5080
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://aka.ms/LearnAboutSenderIdentification
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2348
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.0.1259103411\765430565" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac243ca9-1e58-4579-a43a-13edace757f8} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 1932 1fbd4e19258 gpu
        3⤵
          PID:3792
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.1.2115998611\1065929576" -parentBuildID 20221007134813 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f5d333e-88b9-4cd4-9e38-45d3d3876531} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 2440 1fbc6e72e58 socket
          3⤵
            PID:2700
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.2.586227672\66409474" -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 3056 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a55c3acf-bd63-4c64-8d7c-06b12268bdb2} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 3248 1fbd7c37c58 tab
            3⤵
              PID:1676
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.3.1055250401\37276221" -childID 2 -isForBrowser -prefsHandle 4016 -prefMapHandle 3968 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1cc61ab-a7f8-4633-a957-c05575204e45} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 4028 1fbd671cb58 tab
              3⤵
                PID:3976
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.4.42777733\1996375628" -childID 3 -isForBrowser -prefsHandle 4776 -prefMapHandle 4772 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9260bcd6-958b-410c-a498-66eae82cf6f6} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 4784 1fbd8f23b58 tab
                3⤵
                  PID:4900
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.7.1699683693\2140294445" -childID 6 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {755aa38b-441b-486c-bdab-0099150ae691} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 5552 1fbda9ba158 tab
                  3⤵
                    PID:4080
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.6.1943995782\1703729144" -childID 5 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cdd5454-f094-45af-8f91-08f94d459758} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 5364 1fbda9b9e58 tab
                    3⤵
                      PID:3464
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.5.1510364789\1477557000" -childID 4 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e715af5a-9f59-482f-8b26-5e4f36c56971} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 3092 1fbdad07858 tab
                      3⤵
                        PID:968
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.9.1917076662\1947818253" -childID 8 -isForBrowser -prefsHandle 5984 -prefMapHandle 5988 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78dce349-0562-4daf-89ee-18de0bd5b736} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 6076 1fbd567fb58 tab
                        3⤵
                          PID:2036
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.8.689208049\1300963160" -childID 7 -isForBrowser -prefsHandle 5868 -prefMapHandle 5864 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {800ddbe6-1744-4b7a-a94a-20b037167148} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 5788 1fbd567f558 tab
                          3⤵
                            PID:3392
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.10.1460156347\2016955802" -childID 9 -isForBrowser -prefsHandle 5636 -prefMapHandle 5540 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa1f1ef8-4cda-4d43-a705-ae723abda9bf} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 5704 1fbdc6be258 tab
                            3⤵
                              PID:4808

                        Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          152KB

                          MD5

                          3b68a4ed4b36c67c0e4c8806ee65597c

                          SHA1

                          fa55a48d2b28b8a994a9d785346da14ad1dfd52d

                          SHA256

                          92e8d40774c9d4813c29763eba06cc1ab3742c452266980509baf92e4e3ed754

                          SHA512

                          c68049b31d477b8cbc43b1d0fbccadc07998f1a007c86527a7389e44740806ac43f8988a8f66a9c360d0b71e3cebf9551fa12ee50caa314c55002b2bedb3ec36

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          719d874b191fbc4ad8419af76a9358a5

                          SHA1

                          7f7ae2f5d728bc7216a2872614af83e2364c97a3

                          SHA256

                          2e487d17b6d5ffee18830fc739d902c0bf4356606ccf7216853847eeb42e9658

                          SHA512

                          0f2c3a8b03be9982661885839db660ee74e3969e3c08f8d265a818b7c36b0faaecd329876e557ad2b8917f1b9aeeec9e202c21efa5b50075650c0e3817ab5a2b

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          e7ae677409a8196289cbdc6625a2e983

                          SHA1

                          cb469b4e2fb73451aba44c2fac6190e86b9765d1

                          SHA256

                          15beb3d84d09bd45ff2ced0d8059e707fb760f559026b9d0e0cd5791f97b4afb

                          SHA512

                          caf619188ae37e7d9aff780f209cfb2f744b316fc37a24894a14ebeba38dbaaa4106921b8433e43c10cd6278e78806e96bb4576d9e200fa5e5b324ccb28552e3

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          f460011dcfab060f8defeff5be10ee6c

                          SHA1

                          38a9bac8a7c9940b06defb728bb166ebb34c6c12

                          SHA256

                          6d65456f497a17b5ce6834fced25c0ac192935f8f49d93778b9173c42f18bb83

                          SHA512

                          7283e35f938afcf2db164bb6eb42b5efa07799b4abb140a1a5a21992ac31b81fc596a1d34a8269a525c60a83a9ca8671c960ebac3dd92d4dc63b3b9da8d07d8a

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          05688cebee34e6d0e87d034acda59d6b

                          SHA1

                          8ef4886c5e9687b89509c2f9bf3c25b69e7264cb

                          SHA256

                          f05519afc6ab94c7c9bd49518fb71575b149826cd1d311f7e8e21e136e85d108

                          SHA512

                          741797dbc0879894a8e5812141973f9a4e66781ebf3679a86c4f00544508187831865f49988437758d98ec931dfd492b758cfec65d72331f099e0a155e04781c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          feb8a52858c8167a58f36caa1b37f116

                          SHA1

                          7ae7f9d2721ae3c579f9e18e4fea679e8c848158

                          SHA256

                          adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

                          SHA512

                          109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          3KB

                          MD5

                          fd1b993593dfce769e7742f92495b676

                          SHA1

                          dc66a8dec2ead72fb1aa6e7c45df53ffa0825f9e

                          SHA256

                          2e63dcfeee5cfa217ad89d97b2210322f72c5e283f0fc611e5fb434774e26935

                          SHA512

                          05411629a67f511979e26d8ea4313c350cd11f2ed3f3ddeaae24339fd1b17b04f4ca05e06f2c56fddda51a7032b0d1dd066d49bbc064ba9dc3483cdd4a9829a8

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          3KB

                          MD5

                          1f26c8182097e8d6f0e2f956626e27e2

                          SHA1

                          9c700a830fcd215938b8225ad8bf546c470479ed

                          SHA256

                          7cc6cad229e297a71941283f8fb30708e6956f7a075ff6bf74d72f87b3e349a5

                          SHA512

                          af8d67977f9c381421af4314877f2345b0ca8ac484b4c01de344bdb8b8ccfef1da622ce314303ec303519729712fea339e2f4b47a3ce3f02139e8dc1feb5d59a

                          Download Submit