Overview

overview

1

Static

static

1

URLScan

urlscan

https://security.mic...

windows11-21h2-x64

1

Analysis

  • max time kernel
    6s
  • max time network
    15s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-01-2024 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://security.microsoft.com/urls/https://r20.rs6.net/on.jsp?ca=cc5356ea-985e-4f4c-88fc-5969bb84eca7&a=1132336668922&c=ac32eed6-323e-11ee-a251-fa163e5fbd10&ch=ac409108-323e-11ee-a251-fa163e5fbd10

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://security.microsoft.com/urls/https://r20.rs6.net/on.jsp?ca=cc5356ea-985e-4f4c-88fc-5969bb84eca7&a=1132336668922&c=ac32eed6-323e-11ee-a251-fa163e5fbd10&ch=ac409108-323e-11ee-a251-fa163e5fbd10"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4204
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://security.microsoft.com/urls/https://r20.rs6.net/on.jsp?ca=cc5356ea-985e-4f4c-88fc-5969bb84eca7&a=1132336668922&c=ac32eed6-323e-11ee-a251-fa163e5fbd10&ch=ac409108-323e-11ee-a251-fa163e5fbd10
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:896
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.0.1769763503\1254894135" -parentBuildID 20221007134813 -prefsHandle 1824 -prefMapHandle 1816 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10555bc4-62c1-40df-a22c-348afbc45ad1} 896 "\\.\pipe\gecko-crash-server-pipe.896" 1904 1bf8b504d58 gpu
        3⤵
          PID:4052
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.1.1202515953\727512145" -parentBuildID 20221007134813 -prefsHandle 2264 -prefMapHandle 2260 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a539b6a-222c-4b5e-b730-68bde44ee7a1} 896 "\\.\pipe\gecko-crash-server-pipe.896" 2300 1bf89f3b658 socket
          3⤵
            PID:4004
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.2.1430564739\903733289" -childID 1 -isForBrowser -prefsHandle 1708 -prefMapHandle 1624 -prefsLen 21601 -prefMapSize 233444 -jsInitHandle 1032 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d4a00a2-772e-41fa-9844-9af0af5b3181} 896 "\\.\pipe\gecko-crash-server-pipe.896" 2828 1bf8f80bb58 tab
            3⤵
              PID:2916
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.3.1224742367\377369458" -childID 2 -isForBrowser -prefsHandle 3768 -prefMapHandle 3764 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1032 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31d69de9-7c3c-4440-8e3a-efc226759259} 896 "\\.\pipe\gecko-crash-server-pipe.896" 3776 1bf907b3758 tab
              3⤵
                PID:1516
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.5.1610536\201579110" -childID 4 -isForBrowser -prefsHandle 4980 -prefMapHandle 4984 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1032 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {387e73a5-9ae6-4324-8aff-e47ca5d3599a} 896 "\\.\pipe\gecko-crash-server-pipe.896" 5056 1bf92471658 tab
                3⤵
                  PID:1260
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.4.936379640\1429884902" -childID 3 -isForBrowser -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1032 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4de0240-3477-4423-a3ee-535b4807ca5e} 896 "\\.\pipe\gecko-crash-server-pipe.896" 4856 1bf919b2858 tab
                  3⤵
                    PID:2796
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.6.1428184396\1496521477" -childID 5 -isForBrowser -prefsHandle 5260 -prefMapHandle 5256 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1032 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4498d0b-c9af-4843-8f65-715b8781f106} 896 "\\.\pipe\gecko-crash-server-pipe.896" 5272 1bf9246f258 tab
                    3⤵
                      PID:5092
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="896.7.296421287\714132704" -childID 6 -isForBrowser -prefsHandle 5588 -prefMapHandle 5556 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1032 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87d69e2c-91ac-45d9-b01c-efd6c2e31323} 896 "\\.\pipe\gecko-crash-server-pipe.896" 5600 1bf8f366a58 tab
                      3⤵
                        PID:1608

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    3KB

                    MD5

                    0b046ceae3c13d68ef5fadce541b1580

                    SHA1

                    3082bc28e5673e8e6ec0b7538793fc2483bcea85

                    SHA256

                    9ee6b9fd2e63f5ecdf9b6d5e922b2fa7a736c3f8eee10f9cadd2e2c2b5a82ff0

                    SHA512

                    5607d93f25350c2a8313a6c24e8dc16754f0c2ec1a199d846d8756c76f6d238fe6fa004fa0d161c6615b74d129b9c900d39b5447858f965fb9bc2f4d2ccd1f2d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    cd4b70ca7e6dcb41f5dabf1572d25e20

                    SHA1

                    cad4c2397d2cf1892db8aed576fe6b058ea47353

                    SHA256

                    a9ca1c010ea0f4f1c62992fc9978b5170fa08fe8d8c422e8a0dc56d8d5587000

                    SHA512

                    21db1a8f7752603dc8247c1cedad1c790e1e9d76716a97ad14e1cabff022db8f621a9ffaf79eee6f3e0267cfe0380ab18d82d34496c3686305de3700c0463b1a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\datareporting\glean\pending_pings\4dbcb8bc-ff9d-401b-ad57-d8fadd20c123
                    Filesize

                    12KB

                    MD5

                    707c09ca6636db4887ea9f9f6b152ca4

                    SHA1

                    e3d5c486f876af6fd335150c9ee11c47c238e4fa

                    SHA256

                    ca17a00a01289ac208b82e514fc1a805f4761b4fdfa41a4faeebca221717778a

                    SHA512

                    84da3aeaf374b087fedaf8b9700aaf7ed0ba3bc76e4a6bf578ca31a57746cba8c6a8e5f41761dce6868be3eab492451c6064696aa7e59e73e5ce9dd5d3259af4

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\datareporting\glean\pending_pings\cd1acd2d-8339-4432-b3d7-39844c9f22e1
                    Filesize

                    746B

                    MD5

                    5e6a9acfd29a2d04c23e3037198ccd5c

                    SHA1

                    c101f9b23aad1070b9379727ef97889689c75395

                    SHA256

                    5f85ffa169d9ede8bb73d56f373a14255b6b5be7244e1ba634afc1d87262766c

                    SHA512

                    57b95bafa578a1f75bb9ec4172f3975ab2eeaf94ad0644caef8713f3f65b4fd1f0066ea1ef0b25c881fbe299f28fb824321b10d993823c8a9d9da4cee7459f14

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    1f1b8bd7da2bbf7192617885e842d69b

                    SHA1

                    5316d57304ee4ea415f80962aca6432cdb038b30

                    SHA256

                    3d0eb9d352ed8de2ecae1245fb07513816a77ddded98918290417df9b1216929

                    SHA512

                    7b6337b6cd1be3d7034ad3120d5994078fee455effa59da03b8337f07136ad6763603c96b5dc5b842fdb809ec17f17d0f77e1677d7366b8670c1220812206321

                    Download Submit