Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
-
submitted
03/05/2024, 12:34
General
-
Target
https://emails.microsoft.com/dc/e_4JGRIDqcoiTU1HR-giCWWkyCmeORqUCO4pEjpDTdeEGO4EhDmd06BsGXp8NCueowgBc6wWq2tF-wFGuMnC14DS_lWTHSEMiRPWoDCLx5E=/MTU3LUdRRS0zODIAAAGS3RxbIzvXE6bvBZSTtFSrprGRKqQnciZZoBRKL_SiCZqIX0gLa7VQP56hha_Ra1TT-ZkEeFY=
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://emails.microsoft.com/dc/e_4JGRIDqcoiTU1HR-giCWWkyCmeORqUCO4pEjpDTdeEGO4EhDmd06BsGXp8NCueowgBc6wWq2tF-wFGuMnC14DS_lWTHSEMiRPWoDCLx5E=/MTU3LUdRRS0zODIAAAGS3RxbIzvXE6bvBZSTtFSrprGRKqQnciZZoBRKL_SiCZqIX0gLa7VQP56hha_Ra1TT-ZkEeFY="1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://emails.microsoft.com/dc/e_4JGRIDqcoiTU1HR-giCWWkyCmeORqUCO4pEjpDTdeEGO4EhDmd06BsGXp8NCueowgBc6wWq2tF-wFGuMnC14DS_lWTHSEMiRPWoDCLx5E=/MTU3LUdRRS0zODIAAAGS3RxbIzvXE6bvBZSTtFSrprGRKqQnciZZoBRKL_SiCZqIX0gLa7VQP56hha_Ra1TT-ZkEeFY=2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aad24734-b6c1-4880-a1de-03076f940052} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 26375 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5313265-780c-46c8-808a-312692d10ea7} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3356 -childID 1 -isForBrowser -prefsHandle 3348 -prefMapHandle 3344 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4aea5a08-9873-46ff-b46f-e17639cf1477} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3784 -childID 2 -isForBrowser -prefsHandle 3160 -prefMapHandle 3152 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23e43725-c0a1-43d0-a504-7e0bd8455dbd} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4700 -prefMapHandle 4800 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13096f8a-b5f1-4bad-be6d-4970106c9a28} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5448 -childID 3 -isForBrowser -prefsHandle 5440 -prefMapHandle 5432 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba0a4117-8af0-4ce0-b72d-be39af745e8b} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 4 -isForBrowser -prefsHandle 5588 -prefMapHandle 5592 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fb54766-699a-46ac-82f4-db2501dd9703} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5784 -childID 5 -isForBrowser -prefsHandle 5864 -prefMapHandle 5860 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3df577c9-3741-4dcc-899e-9f85222cc012} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 6 -isForBrowser -prefsHandle 5764 -prefMapHandle 5796 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cab042c-3664-4612-b1d5-89213ecb9b4b} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6064 -childID 7 -isForBrowser -prefsHandle 5448 -prefMapHandle 6100 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c88cd0b0-461c-475b-97dd-1114a1dfb420} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD5b55573feb456b48e3377c9aacf5b8f25
SHA194279072c7a88e001039eda404673119c9b6dc52
SHA256f11bf064d06d10715d9d912d3dbd414d6990a259e241a00e04726579f53f47d2
SHA51229f35522061a189be7cc0eeef6ae55a12f54b1cf66980ff5fc6cf2127e45bfd2cad31a693598049136afa1900bf9ebfedd47720d4d152a69793c3ee7017536e7
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
7KB
MD51d3a37778cc548eceb550566b9ec7f3a
SHA18941c300fac555d69faa64ce8f7ccfeaffc5de77
SHA25664f77c43817c527d20492fb6ba03ed4c0ebbb1c93e8aec5a50b1566aff67953a
SHA5126e58d124403ae9eea48ebca8a4f3f35433fa1513f4195671cffc99f74010d4b5e893bd6e176b7bd0b0d93e7d4fd6d19e1a4613f9b55a717c03df90239925744c
-
Filesize
5KB
MD519dcac74d64ea81f19e5d39e74b1b84b
SHA187e3e015292afc052b39cf77b1bfe91998eae4a7
SHA25684af8bc769e2dfde3dce0d0ce839b66878976b04f469035e1d160cfbb80c9df0
SHA51204bf281fb3789bddb5e7425eb0b49e103e1240e5a8e10c03cd8d3ddaf9ead3d40dab77660f6e8105e958d8bf06a1db2f4203a6f3d1c6595bc0ed17f86b8c4cbd
-
Filesize
5KB
MD58200a9277468a97da96adfedfedf3b9d
SHA169be0ef5ab153b41ddb5241ec5dbbae0cc6628f0
SHA256c7316bfc2b94e461f81d11bff43974c793b261fb358967da062874a9d3d719ed
SHA512732792c179a3c536433458e0a146eb846e5dc1b3d1d23ba673cc9894c6686722b901083d2217162e129ad612ee68bded2c46674b003dfa6b040678be59116a5e
-
Filesize
18KB
MD559648350a73f75efef68219a8e00406e
SHA15abee6f5c5fd8419c1c785523551e960d4c13f47
SHA2563c78c7c9b2dda5738866d58f5a741ba67329b3b060c78f1572d8025cf26006fc
SHA512e393e4108c5b7e98f9137db4a9847d63e8f8bafd78e3afc350a587ce25a7eeebb2fdf48ac42835adae37368517b27d77d8d2b440bdde45e8691dbd7204a6b3e5
-
Filesize
671B
MD5883148798979918917c4ddf8626577c7
SHA1679b16b795454b243be15e84de26dc758fc96524
SHA2569c5fcc28eefbf2380254f30da2b911648c6d5d83af6b1676382c7b7c45cfdc9e
SHA51286e748e5347c2d29896af3e2e328d846621ff27ca914f1357a623afa2161c68f6516f9368dbc7501381bc1fc3761fd8055d9d1f11ab2947319831638fedc3f8e
-
Filesize
26KB
MD50ba9229c2943ca849263180801aa72e7
SHA15f5d22ddfb008248174fa06d7f8f3add6b874312
SHA25628693b48130780d949defca76ff76d727a1c8a264d641a6399b5cd4974eaf4d3
SHA51281ffafdfdfe9a7120fed0614b61486349ff001b7496754aa7202a1dc14ee95577bb24e4b85b7943f63f9aa61e519f6d50b00574721760aae61847f56593259bb
-
Filesize
982B
MD59e1158d2d3a4c022eb9d7fd95bad5701
SHA1527a62845d6d8be8cc530e02cbf03394c717673e
SHA256423631e94466308f62ae3c589136e22391668af3935d5de652cb3c92094ecd03
SHA512d55f39d8effcb371defa58c901ba1faf774d823554ac41a1476cc3d77cc4f4445ba7a10cb9675da9073ccb7615d8169df2d796ffbecce614f31b9492e115e844
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
8KB
MD511fa38f6c4249d97a44eeb30622273cd
SHA1fd95b1cfc90dcc78ac5d9dc681574767c64e8ae3
SHA256417b19566574fcb270f8d65b505d9d26b06bce7b34dca2f7c04532b03d7a3729
SHA51252773745479dd5dfdc5b13387b0c04ab2406e34aabc2ee5c648825fc84ff52b8eb759bcd3b5051844a1becaeba59e172c431319b72551eeeae32af6e8d7f7f09
-
Filesize
13KB
MD5065ac42b6f90be707f940325b2a2ecdf
SHA12db7e5da458120aa712575ce7fb9ad5b7438e2d4
SHA256fb58564643b8be9524b51f0771d0cda076492512717e35f311c60d9580d3e954
SHA512dee0f53e3008771cbf5c4469527f7ab117224f9d58d37a772615c029769f6af9b4a12c6668ee604b3b39c05275ba9425103431d965e65d43f3f73b9a9292adf7
-
Filesize
10KB
MD546e7c3c2c67a96bf11327b4b1e2fe96b
SHA1230d91ecedfa75f54c2d5e6f5ea11a5fc6464c3b
SHA256bc569e60a26c21c8406451d72232c4106f6990b9ffbb7ce3e17be34e5ffe12ae
SHA512f7f3dbb54316b17e852afd87b95e3d5c1fd2d2711d07268fbf0cb67546efc0307111602fe3d76d5826f1885900c959684dc456842e0f86509fa3644bc922de03
-
Filesize
8KB
MD5541ba6430584967aa8cdb89e12f8dc24
SHA1e13060b906e85842c6700e5f16178ff93823d789
SHA256ba8200efec6250826804bbf50251f061c0e5e35701a8c4c44252f3c13382768a
SHA512f630f4ab51a30ea0ebd16aa09f40e338bffaced810f19b8d6c2d5e845beaa3c77cb44b78679c22a814d3d75eb19b7efb48080781d96494f5993c8d7d39cdb98b
-
Filesize
4KB
MD5c71aa50b6e292974051575e6215eceec
SHA1e51aa866f266aa8901219b804f7f16fe7ee5d84b
SHA256dd96b92482ca1456f76f81875fab6fa5d627dd74e635bfbaf3a712017bec5a2c
SHA512d546550e15ee596e212216f77f4805e7eec5310b5fde57388ecea9931cc8ec97bffda40476001306287bd792fd2cb8e332069220fbfc69d22dfdf7d9cead0cb7
-
Filesize
4KB
MD57162b0724729cdaf06d302f2a20ee066
SHA1619dac2a73f94c48b507f09eb744355512048306
SHA256d7d0dd67ece7e3446ed44a7ccb4f5626d7e669989af4998a7877ee6e75bc5521
SHA512392563310be2a202545d3cc58e2257faefb3febae6fa4742a2f6cd5e45c3b3fbe4fa29ca55229cf48660a814c9fe8a6b3d4b0178b4697837602f36a319c53bcb
-
Filesize
4KB
MD5884f175c48dc678ef0beb166af7ec517
SHA15ed97dc1403809bca466877dfa354181aa53826b
SHA256b74f3110120c5b0ab0f4dafee75464f1f635fb486c2a7c1c3b133e8975e727ad
SHA5129a44bf663153b5566ae9ef065bbf5e7d95553811cf44421dd7efee87788cdc18d10968c6625b3f168ec6f00b3b987484c50b79350465d742b2492fc4b256f391
-
Filesize
4KB
MD520072ffd7081441b740846659d8b79c3
SHA1b90374c890ebc9dfb8335a4e7d260a0d4ee39f7d
SHA256e2a1428a24c97f0741a7f637c60423c3a2546efd21544d6789b9bf486c3428df
SHA5127bb7ed9ee25b7c2a520c7ec4427d090cf7691a03ea84923852fcb6fda449194e97bb060f260b28ea88d713405b1513544b5f42cc43b03640911fb25b53a2141d
-
Filesize
4KB
MD5d9d6cf0b0e1295bb6909754d66724964
SHA1d8a95aa43ba85f932e0ac572e2d4556634356825
SHA2560069ae818e5aa2ca41e9fca94e53cecabe3f4a4c27e850faca3f75f020d489a1
SHA5122ae94ee8324eed4ba71d3cef6f406f4a351f2d8f53a112f627d9ae9b67ed8892d2fc0412c4bfc1948e22bdfec098cf1c838b5d8c422185a34d7ca3435cb4848d
-
Filesize
4KB
MD57ceb5937052912873e22dedd2bd02187
SHA199236b274d2047d3f4ba404b209a890c9c03d2b1
SHA25600cee9a8e857dcc6119040158c37812f7cc7e0c8e2adcdaf5eee63def53beeb9
SHA51289d029eca83f5ee9cd182183b49665a3986ce7c29dc326c73a613ecf6d9742f093127d644ce2a5622b31078c46dc8066235431a3be2b6082d98b455a30723e49
-
Filesize
984KB
MD56c2a5a57615aa56a8ca85861d6eefae8
SHA15c33340f6fb126f67b5db0deaec4127f9b14f162
SHA256b998d0e744b5b216caa10dab7273b3ef302af89d5f67339bf146f2331d955eb2
SHA5121547cd06e5c7ea29b8ac89fb71e575b0ad16dd02b2dba342e24ade1b4ccea48e2270c4a4dab726c16dce0d854c9db298ab6bb85ae2126cb05c9f097638a5165a