Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
26/08/2024, 06:49
General
-
Target
https://go.microsoft.com/fwlink/?linkid=2122659
Malware Config
Signatures
-
Detected microsoft outlook phishing page
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://go.microsoft.com/fwlink/?linkid=2122659"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://go.microsoft.com/fwlink/?linkid=21226592⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f516bac-7b38-4be7-a53f-b585c0237425} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2456 -parentBuildID 20240401114208 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77e523eb-2f8f-4f44-aaf2-f18fa91e700f} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 1 -isForBrowser -prefsHandle 3220 -prefMapHandle 2944 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14a8293f-8bf3-47ea-bcf2-4a3445aa967b} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3852 -childID 2 -isForBrowser -prefsHandle 3076 -prefMapHandle 2580 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e49d5662-54ec-4c37-9e33-03c90be48492} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4316 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4172 -prefMapHandle 4176 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3293037c-b3d6-4d47-906a-9ebc7c2c0148} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5376 -prefMapHandle 5372 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aba5967e-328b-4aeb-a5a5-24ee51589ab8} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e693eb5-6d14-4459-9759-5f5bafd08cf6} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 5 -isForBrowser -prefsHandle 5784 -prefMapHandle 5780 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73db38be-21e8-4ecf-a3ad-9a3654d00a87} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5908 -childID 6 -isForBrowser -prefsHandle 5900 -prefMapHandle 5500 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80276e2f-08de-4102-b034-a1d88ea3666a} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 7 -isForBrowser -prefsHandle 6044 -prefMapHandle 5784 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86efe419-be36-443e-9e76-a43c47f6de81} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 8 -isForBrowser -prefsHandle 5656 -prefMapHandle 5664 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a913f609-de3c-4723-b90e-ba12957c93e4} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 9 -isForBrowser -prefsHandle 5672 -prefMapHandle 5624 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e77d7490-1360-44a0-b615-5382a5052b77} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD51d7e06dcc358535838a10a6105fe0388
SHA1465ae3acfa201cc6b2ce8a42bb56983d82a3f387
SHA256620164a0eb4b84a93e10c506123b6d354526cbddcdfe2e31bd5bcfa6dbe67779
SHA51213e18abd1de6bd4cc3e4b4a4a3a80100c1dda7fe07b75f74487e6fdcda607d0d2780eab337820f99366becc4057f7929a31935edadc2d2c574ba1d2a30dc27c2
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
8KB
MD599b796db1d167280a96d0b6e052aff59
SHA100c125f085121f25e77441bae9ac46db1fd3da02
SHA256a5ac9ab9fd5fe16837eb1412200b2f901c9a327eaa5a0ec5d78cfd18c96c4aef
SHA512e4a635cd61bedc5000aa5643186081efa19480c03d5619b61fc2bc207d82bc66757791a702ec81eef4e529e4ed4c5b4f4d8c698aa69e4d9db9cbdb036bd99ad5
-
Filesize
5KB
MD59c18d3f47f8b810c6177d947d0408da6
SHA1597874ce54d8a0bb92b72e67abb6dc061ea524b4
SHA256f77c84bb2a6304f7402603c2a815454cc4c26882fbb86705acb135d579bff152
SHA5121b9ac2cd013393487991530b1f0a4ee1936c30b21ac1c70416133a19992597b7c1a41a6029f7926c887db0673a5638dae25e475283e896b63b192015dec03ac4
-
Filesize
18KB
MD5346e9011533668b1c89b297d7bd5cbd9
SHA1304f38e0618ec2abe3250a96bb0db04cc844b876
SHA256cead8cbf43ba5af5ee23385c3baf48976c5bf14ce6e0fe367b7119cbcee89e2c
SHA5122ee1f61e5ff704a81b6df619539b883a65b4954fb79d002287ad62c7a04a9dcf8f271f48fb5e093f5a0fcd0cba6eb2151aeff9e26424bbef28431572441ac134
-
Filesize
28KB
MD576aab3899910f14d73e77be44d0f78a0
SHA11abb36c196650ad1d3104f22e3154501ad8f8b43
SHA256f1df0f642d8d4c31c19b6980df1cc82f68dc910f5ea89b6bb8b7957430945aa9
SHA512d290a2e5915fe0caf7aed8d6b33b84de313a366ae39ee7cec66857c125c31881f009a70fe7e3656eeccdeb5b70155e7fd7bbccb4546dfda807ccaf773ae17014
-
Filesize
671B
MD5a9322634d2522d58c2dbf87a905db8f5
SHA122348c606bc9e417ddc33ea291cf85bd654620d4
SHA256450a085ef6d0f3e3e28dfa6575c5fc54abd50417e69564e97b4c72a548d674b1
SHA512053093fbbcfd76e10b5ca978857d3d7a50d16d72159e897ebd25ad544b2be75f91f74f9e0eea5b60889ef4c1f2455f59d7fd329329742c11558595d4cc335dce
-
Filesize
982B
MD5eeb152b32686d0eee4216f2f43eb5131
SHA181e10c785cae16030752d73586ac8c3b806d07ac
SHA256aed276cc82a24f4082a64d4be34c0a05842c776370f52022e1a3950e12064471
SHA512ac7f1e38db0a1336ec95bae317b7d98297f2c4d342eece375e1cea14cceda11883b155687a4691ea6e90d3fe951572ed67173001a6f895b8e463a36ba9cbc909
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
13KB
MD575acf3edb9e73d7c61687705efb12a8a
SHA1c77a1c84e9b6793e98fbd5efe72230f3f0155def
SHA2568bdd31e2cf116ed7a3c5b56fb0c19c1e5c91b21d7d0186120bd98479001d8bbb
SHA51259f29c7a0c6ccf9a50948a8777f10581cee4d6d4f26078dd94d023a94e72ca25b2c581eb21f824d522192a6e99a69392f5daa4efaaef0a7fa7d694d26d7e925b
-
Filesize
16KB
MD5c5d75fbafca57b63bac1474c1f390c4e
SHA19ab7e7ff412cb2cc4193debb575095b5ac2d87fe
SHA256a466fe607e7c3a26c4c2c5390c23af6c00fea7a4e029aeee46fc8229bd7cdeb3
SHA5123ca182cac1b5cd0bbd43d16aa09845cd0602e00ef6e0f8e65f23c546324c79ea17a4d63c02d773e023d6ac8508fcf2f212e6aead0111016a2fbc015fcceeac89
-
Filesize
11KB
MD5fce35b98a953cd107a0534df895cf9e6
SHA1492226c97a0cb33433e498de492001ad5abfb93c
SHA256bbf6f0dd33b571f5e4dd93ba2d8b3b4354fae05107549202dce50d679db19c27
SHA512123d9fbb42d93f2b4e1f801e33730deee290d4a661638c2a65959173d80c149568549e4c2c2056b79dcfa70ec9bed83f4805af9b129c3dc79cb08f1f8f12a4ac