Overview

overview

7

Static

static

1

Status Upd...N.html

windows10-ltsc 2021-x64

7

Status Upd...N.html

windows11-21h2-x64

7

Analysis

  • max time kernel
    21s
  • max time network
    24s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    21-11-2024 01:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Status Update MVFN.html

  • Size

    3KB

  • MD5

    2de94a3e454acf31aaac06b3fd70375e

  • SHA1

    02023bbf3fd16d57c6eba971c7b9d599bcfa54b0

  • SHA256

    0181cf0dbef45211443265b7f013cdbf049b9d8500aa3f2831e5b209615a01a1

  • SHA512

    93edbb82411cd41714d5ef8d11297cca1d671f44c59e66976b4855b1e27d44ae94e0b4a6cdc64f1168cc1ecb7869daf1eff16d95d166556679922c2bd216c305

Score
7/10
microsoftdiscoveryphishing

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Detected potential entity reuse from brand MICROSOFT.
    phishingmicrosoft
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Status Update MVFN.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4720
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Status Update MVFN.html"
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4976
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee446f2d-3a2f-4372-ac68-479c57bfda7a} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" gpu
        3⤵
          PID:560
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2444 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4a8555b-7e9e-42d9-9b06-3b5b6715468f} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" socket
          3⤵
            PID:1168
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 3276 -prefMapHandle 2988 -prefsLen 24742 -prefMapSize 244658 -jsInitHandle 1072 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f1b5f53-f523-49ed-9640-1c8166b85dff} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" tab
            3⤵
              PID:2052
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3888 -childID 2 -isForBrowser -prefsHandle 3976 -prefMapHandle 3972 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1072 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f6bcc6d-ce22-4c8a-a00b-66b3075e4e80} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" tab
              3⤵
                PID:4944
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5032 -childID 3 -isForBrowser -prefsHandle 5024 -prefMapHandle 4716 -prefsLen 27040 -prefMapSize 244658 -jsInitHandle 1072 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {492968a1-0174-4698-bef4-fd3c4d2d7d85} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" tab
                3⤵
                  PID:3228
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5288 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5260 -prefMapHandle 5040 -prefsLen 29240 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {867b1a4d-407d-43f2-8619-635135117f7f} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" utility
                  3⤵
                  • Checks processor information in registry
                  PID:4312
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5064 -childID 4 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1072 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8d6181f-ba2b-4d68-876a-3a76228ebc88} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" tab
                  3⤵
                    PID:760
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5540 -childID 5 -isForBrowser -prefsHandle 5656 -prefMapHandle 5660 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1072 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e30b0779-8ded-4517-9d42-00fc901982b5} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" tab
                    3⤵
                      PID:4484
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 6 -isForBrowser -prefsHandle 5640 -prefMapHandle 5648 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1072 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3efe3ac5-deb4-4e67-8638-2f7fa6bf473a} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" tab
                      3⤵
                        PID:1484
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6196 -childID 7 -isForBrowser -prefsHandle 4692 -prefMapHandle 6192 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1072 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a750ed4-e5fe-42bb-8a77-5c1cbc337f64} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" tab
                        3⤵
                          PID:1216

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      27KB

                      MD5

                      4e6b94df11ed2159cdb14dd68ef95958

                      SHA1

                      fb7de835742796924d0fa6560aaccaa77d9d7f5e

                      SHA256

                      04b184c25fbc9c96a64b23490f4bdf260b9f0158460547f85cd4a7303e67da62

                      SHA512

                      e24ba09b30f26f40124a1c90d4eda24baa6329f40a37a1555064311c2aba84b20f0d975f4ebae37c4722d19eb73cb6765931262a3f6551a2d4c7445add7021a6

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7xr8dama.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl.tmp
                      Filesize

                      13KB

                      MD5

                      f99b4984bd93547ff4ab09d35b9ed6d5

                      SHA1

                      73bf4d313cb094bb6ead04460da9547106794007

                      SHA256

                      402571262fd1f6dca336f822ceb0ec2a368a25dfe2f4bfa13b45c983e88b6069

                      SHA512

                      cd0ed84a24d3faae94290aca1b5ef65eef4cfba8a983da9f88ee3268fc611484a72bd44ca0947c0ca8de174619debae4604e15e4b2c364e636424ba1d37e1759

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\AlternateServices.bin
                      Filesize

                      10KB

                      MD5

                      f0484a4a0c1f4e62e70a80e9e68e3f29

                      SHA1

                      e857c942d77ed083a2658ce5ebc13eb2cc7818a6

                      SHA256

                      536ff962e06ff72a2e9279b6b03c37f5f940c76bc97c0339ace058450c385966

                      SHA512

                      a29a25b8a7f91c4e13ce38ff9c3fab92489f57551fafea546adafc6ed05fde385d19b9dc38201ef2c8dc62b04f3a4ab8ad6fdcc9538eacd2a948711174191f22

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      23KB

                      MD5

                      f166cbaa4945d2ca7f4af9b39dcad43c

                      SHA1

                      f46de2a51cb7354fee0d52a53bb1dea310c4e7be

                      SHA256

                      1df7821df83df0bf05395abc3c41ebf91eb87e6406264d851a8169034562c46d

                      SHA512

                      6f1bdf06fa06ed0c707fd745a56367e93fb85641939e3230c26d48377f33a585493d7b052ea9d2be66554a055d6a86758d0325a67fb1064bb8604d529d66c20d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      22KB

                      MD5

                      6a3bc9fb1b7bf36b19069ae97197dfdc

                      SHA1

                      d458d84b0d7551d31812aa75a9c1679eac7520e8

                      SHA256

                      b1accd504194b00e3417b624af29201b48882a9d2cd48ff21b4ab08c1cefeff2

                      SHA512

                      c212cb9fa6dca2495f0d961cfa0afac47b18cb3eddcb90432df529843c634ac58216c99b4d57ec8ac87c25d83632d35bd67e5185d3a8d8da32b8624de822e62c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\pending_pings\d9cbfeab-fc3c-41ef-aca1-1627a39fcddc
                      Filesize

                      659B

                      MD5

                      804c35cb3f2ae40ee692646f3d2efc01

                      SHA1

                      ac41ae6f4f4bdda9ed3b0fcb0f518001be81ce96

                      SHA256

                      6f2727f8c9bcc383d637491f95c154bd9ab24605a87b852ef7dd2e6a52a83a14

                      SHA512

                      41f15ec3820334fe6ff83ff03e17b97fc5faf0b955854345c15c1d7e98daa03c3f3016f70c7d99707d3e3cd0debfb8cc58986300d266604ef584525151f84b0b

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\datareporting\glean\pending_pings\f09f1dbc-f94f-46ea-8614-f37e26287da6
                      Filesize

                      982B

                      MD5

                      e80b71f14188b92806104269666eac7b

                      SHA1

                      2a8cb6a0505e0a8826ac97d73624abbd32dbbeb3

                      SHA256

                      b532c77e64a28bf95b1e8242d3beff6defdf67fcf2940235498d7f00fca76f0f

                      SHA512

                      f895f0fe197b1f5c06465ad0063d94147c8a417e24dfd1defa812a3450ae1b0fab3d734e741c9367544441970cf415212bedf643218d8241976381856e87fe6b

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\prefs.js
                      Filesize

                      10KB

                      MD5

                      007b2ebb5d487e0245cc843717fd13c7

                      SHA1

                      6b7cb84f93cf1d51d675b7c86f87c0cbfe5617c4

                      SHA256

                      5457c821351edf4f92074270f21cdef274721ea83e3f4a533b0ffd96650b7700

                      SHA512

                      81028b1d271bd309ef5f2095d0a5a52f57f8abb44fc2106f4088db0a02dce4a9a3b8d4c2f20bf85e0ae6ac13a81f5d6412e98402ae30bed0a7ea751b6a2eabbc

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7xr8dama.default-release\prefs.js
                      Filesize

                      10KB

                      MD5

                      ad6dd0659b997540b3dbac09e3c0c873

                      SHA1

                      d09ed68555ca8f629ce87f30186d0c09c6fce1b9

                      SHA256

                      ef38dff53b7937cf223e22edd29405ad6b36fc8dd3fc627b817cc2722f162d4a

                      SHA512

                      250e74a4ea245d2af6618fb713299e2e56eefa2604fdb831788aab117c5c68a564efbc3046c6957aca15aa8b4c8c9d51c021c87d7e775f73900d1ae7c4777692

                      Download Submit