Analysis
-
max time kernel
5s -
max time network
6s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
06/08/2024, 17:24
General
-
Target
https://click.mail.umr.com/open.aspx?ffcb10-fed0167371650579-fe2615717c62047d7c1279-fe3e15707564067e731772-ff61137775-fe2315727d6102747c1070-ff3111757560&bmt=0
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://click.mail.umr.com/open.aspx?ffcb10-fed0167371650579-fe2615717c62047d7c1279-fe3e15707564067e731772-ff61137775-fe2315727d6102747c1070-ff3111757560&bmt=0"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://click.mail.umr.com/open.aspx?ffcb10-fed0167371650579-fe2615717c62047d7c1279-fe3e15707564067e731772-ff61137775-fe2315727d6102747c1070-ff3111757560&bmt=02⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1928 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cb7132b-dac3-4e63-b3c7-36a473081519} 116 "\\.\pipe\gecko-crash-server-pipe.116" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2420 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a063fe5-c272-493f-be8b-879b4421530f} 116 "\\.\pipe\gecko-crash-server-pipe.116" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2892 -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 2896 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ef772a8-cf0d-4c17-88f1-11232693ffba} 116 "\\.\pipe\gecko-crash-server-pipe.116" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3580 -childID 2 -isForBrowser -prefsHandle 3524 -prefMapHandle 1412 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dc37ab3-33df-4a5c-a6c5-dc79b74e194d} 116 "\\.\pipe\gecko-crash-server-pipe.116" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4216 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4164 -prefMapHandle 4160 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cbc2fca-d221-4e3e-baca-9cd0a2f81b94} 116 "\\.\pipe\gecko-crash-server-pipe.116" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5356 -childID 3 -isForBrowser -prefsHandle 5376 -prefMapHandle 5372 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea1a10d9-3cc9-4f42-bea6-d808b04ba75a} 116 "\\.\pipe\gecko-crash-server-pipe.116" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 4 -isForBrowser -prefsHandle 5500 -prefMapHandle 5504 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17688b6c-eae9-4937-b633-1588bdcccc2f} 116 "\\.\pipe\gecko-crash-server-pipe.116" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 5 -isForBrowser -prefsHandle 5692 -prefMapHandle 5696 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1236 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4775c28f-979b-4a0c-ab76-3afcd8c2bc9e} 116 "\\.\pipe\gecko-crash-server-pipe.116" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD5fd4c04e11d0e7a581763a76bf587f7e1
SHA13ff2c32a07cd1b3521702135361102439a0e879b
SHA256c92e4b05bdeb6c9005453abc50b4a0781a07177a6209543a22ae12783d723945
SHA5128511ad375d4e09fb9264833cca36810d4eb9001815dada6468f962a1ba016cd0d675680639b3543867026f7ee2c50676c85d57ad942ded7c878e44056ee77b6b
-
Filesize
21KB
MD5ae5bf48fb9bee8396b5c39c72f7b328b
SHA1dff124c77ccd3dad5ee9ecbd90e37c2c7de312e9
SHA25649622e53781d3d0bd79e842e3ae2ad0e730045346c7f12cab4e0f6ff592c61b9
SHA5124020f85df7f0a12fdc2900b4adfdcbecd623c90394e7df4d4fbf4ace3a118e72b52db944f44e110ab5eb52f40e771c07da5c19b601bb6686bac56662f0d7b892
-
Filesize
5KB
MD576abfdabc28542863b171de74b79936f
SHA134011679520f406591d5c0857db9517e61a03f5b
SHA2568fbff6298f0b818206e220098c8e4d70fec72eb34ca62ea9c17b998de7a64371
SHA512e57b0d40ab8183d1a83c45fd4d9a6389e41ed7a6de3e41c07de1a221bda8ce7e6b383d3fc4d7403edc6e130b13f9e89382a0a53e0b6c9362ff1c1edd11c2bf47
-
Filesize
5KB
MD544124beff6871949ccc0d667bd84cc2c
SHA11275fa1c85427272a0753608ca57b6a7e052c602
SHA256cfafb365b51de5e7b9d4d65c7810e4a67344a7760eb8f9a0b607b7f7f4bc5d83
SHA512b8292aaf2a747c938aef3fb13b4eba056aec12e12c063b7cc7f7577b3171812befd5167666f9b56832e020ff6a8c95b24ee2866700ab7b417fa61eede5b9d366
-
Filesize
27KB
MD5095527c80b152e37c837fef886c34df7
SHA12546201a6ec9445c44c5a7ace12a4ea630f0a318
SHA256b3a6314b30fcef0bf6928118a95757fb3468f7f3949a9a243d3300f376e24b31
SHA512de5c70e1ad46f74ebb8fe7008ab5ca39bde82842e0c31b84a97731297f7ae6596a54ad96b1ce8aeb09ec13d037dca6f0484700b44344f9eacad0e68d3341225d
-
Filesize
982B
MD51e7a35f068ae553cf4b8146aaf99234a
SHA14d7caca6bd0afedde5e34f49a696ab78dea7b4c3
SHA256f4555f248a43d85d6b9fceccc06c4a81c011aabd9e195b3b13e19993eb296f6f
SHA512d276f0b103c2211194368b6361d66005ed12d45cce88f89d3fbe1b0d47913fc3f318fb0f89ce3002e52c65c9125c6ad902cf01cce5cd1b9ea17d1747642eaa7a
-
Filesize
671B
MD5344feae7e75a2eaa1a216337682c2f74
SHA1052c16611ec68dfc2ab487c6c52ca4de2435f0cf
SHA25691640ab195189f5ec3f7177de80509f6da9d2001f8848b695f1f82e73b223c82
SHA512bc6c0da0071618b1ce52f95ed76a8172103535cfb61336a6d5c8beb6cb3e89ed31f875b20b35ef6f44614223aad490558ffd8783fbdf3dab28576d3a61501807
-
Filesize
11KB
MD59a7782fb9bc7ec27c728004339af35ab
SHA1e2588ecc2a36160c14099a07d02c7d162cb6d564
SHA2568e34e0b3614d223d0bd94dc88cbf9dcc81492efaa7a6f93bb9b62489bc9fe136
SHA51263be4d8a60e5cdfdae63e9b18a5f302aa2981004fd1de24aa904ea944043990fd6d31fafa122f5e8a7edddb5f7c5a7c74e993f27e0337ff0aa4cf9ad3875620d