Overview

overview

7

Static

static

1

Renewal_Ve...].html

windows10-ltsc 2021-x64

7

Renewal_Ve...].html

windows11-21h2-x64

7

Analysis

  • max time kernel
    20s
  • max time network
    21s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    28-11-2024 05:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Renewal_Verify_INV-[Y6V5T4VC]_[O4PTT].html

  • Size

    3KB

  • MD5

    6e10ed6874d3896f34158b88eb1553b7

  • SHA1

    96c013be017f8451b65ad66e3d72e28d7bf157ec

  • SHA256

    a327836c69ae4b830c8abb8169b700d4f830707f8cf756f0a366513bdcb977e7

  • SHA512

    88471b112c76397691a5c8a680f8c2058b24f1f5288b49ae02f59176e8fb3b8c204d97de7fffca66ef4962cc81396985cbc27821c599bf7361219ed26880f095

Score
7/10
microsoftdiscoveryphishing

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Detected potential entity reuse from brand MICROSOFT.
    phishingmicrosoft
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Renewal_Verify_INV-[Y6V5T4VC]_[O4PTT].html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5000
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Renewal_Verify_INV-[Y6V5T4VC]_[O4PTT].html
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d8e3d50-b539-4006-b33f-42282cb7b524} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" gpu
        3⤵
          PID:4988
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc510db5-3a8f-44e6-a49b-53a4ea4311e4} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" socket
          3⤵
            PID:4608
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3376 -childID 1 -isForBrowser -prefsHandle 1332 -prefMapHandle 3372 -prefsLen 24742 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22d559f3-760a-406d-b78a-2828d7ec4f79} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
            3⤵
              PID:4824
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2784 -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72a95b4f-aeb2-40bf-b807-256958f98644} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
              3⤵
                PID:2236
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4524 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4516 -prefMapHandle 4484 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {797352e9-e588-44f3-ab96-57df3cb12b44} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" utility
                3⤵
                • Checks processor information in registry
                PID:4148
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 3 -isForBrowser -prefsHandle 5452 -prefMapHandle 5448 -prefsLen 27139 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cb457de-8eef-4d9c-86b3-5058eb883bdb} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
                3⤵
                  PID:4684
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 4 -isForBrowser -prefsHandle 5728 -prefMapHandle 5360 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7621d2a-35a4-447e-8d1f-54c12de119ff} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
                  3⤵
                    PID:3900
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5888 -childID 5 -isForBrowser -prefsHandle 5972 -prefMapHandle 5968 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40c66b8a-2cf1-4f9d-9306-124662bb34e2} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
                    3⤵
                      PID:4756
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6092 -childID 6 -isForBrowser -prefsHandle 6100 -prefMapHandle 6104 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c08f6e1-020d-4806-9195-09cac9e60878} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
                      3⤵
                        PID:1824
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6464 -childID 7 -isForBrowser -prefsHandle 6448 -prefMapHandle 6440 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4b6397a-e659-4ccd-8c1f-9417c87f22bf} 2992 "\\.\pipe\gecko-crash-server-pipe.2992" tab
                        3⤵
                          PID:1564

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl.tmp
                      Filesize

                      13KB

                      MD5

                      f99b4984bd93547ff4ab09d35b9ed6d5

                      SHA1

                      73bf4d313cb094bb6ead04460da9547106794007

                      SHA256

                      402571262fd1f6dca336f822ceb0ec2a368a25dfe2f4bfa13b45c983e88b6069

                      SHA512

                      cd0ed84a24d3faae94290aca1b5ef65eef4cfba8a983da9f88ee3268fc611484a72bd44ca0947c0ca8de174619debae4604e15e4b2c364e636424ba1d37e1759

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin
                      Filesize

                      6KB

                      MD5

                      ec9d32ec748faf37a61eb67caec250c1

                      SHA1

                      f09118dc3dcb64313592902352c4eed5b037b1b0

                      SHA256

                      3a7e9a52bc95c0537a3038c204970544802efb07595331102cebc556f017f73d

                      SHA512

                      214bfe16ad288580ece14f8f6fa99cb02acec9ffba9baa758edea803ef1da9e6e2f2db878d7ef898bf6645f807384170ec3dbecd51bb46302f7320c19c79d18c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      5KB

                      MD5

                      f6703cb9e2a142bfb90f3e7d01499d45

                      SHA1

                      de2387afcfcd954b78b32a44884be2f9bef0af9e

                      SHA256

                      7af0ddcef7bb3970ec43688a580666e742c99ecf7412dfb5c7db9c7fc863227c

                      SHA512

                      cda980814368e59a0ff2a97f637f91ccdc76b9fdc82813d226ade626787c6f83478bb245047eb8d6ffb33789cce2c989cc44e8b059215b61ff659434724b6632

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      6KB

                      MD5

                      969dd1bab5cb830631c93627d6436309

                      SHA1

                      bc073726940de868714863acb9655b9e52935e65

                      SHA256

                      aa2616495110c6dd2b611a8c8a5f946633fc5c941ea3a12367e8993ab32e5515

                      SHA512

                      1d86148453cdcd5f049f6432949c3db3a2690c1e64646c72d42ce0e56ece78353f82ecb2b71170c7ebd28fc9d186f6f3975d4491aa1d41429dc601003759858f

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      6KB

                      MD5

                      94eb6899ca0f2f06efda8858088a9961

                      SHA1

                      2078f0c52b84c90ed0fe22dc1a2e2d05d9cc1397

                      SHA256

                      1051ba03d6fe131a08be37789621a777003110e31ab80f78fff34eac8d2f461b

                      SHA512

                      e1c49494a72d6f7dc1890017e2a3cdce94bdffe9f51c65936e20279d6166b7317b5b0d797776a50168aa84c282f860622670f530362d2af0f1894e043620412e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\3051df02-de66-46ac-b2b9-4b659ee560ea
                      Filesize

                      26KB

                      MD5

                      27ac73a0f9ce994f8b0309f889fc1a04

                      SHA1

                      69effad898555802d7acef02811146a790d5661f

                      SHA256

                      d881a60d6cf64efb344c88d22bbe7f0e94c8d61d9c9dbcdde6b1a0f68866cb52

                      SHA512

                      d8de93b91ecd240df75ec0c86f65a3106a44907dc30c7a28e54d67bbda8144bff74000b2232e7348bb5c94a6aa35a0dd1e58f6d4d54a72b62fcba3196bdd35bb

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\bbdcedd5-b384-4cf6-ae02-57658ce90822
                      Filesize

                      671B

                      MD5

                      ae18a6da06623dac976dace3929db500

                      SHA1

                      d554e778709f40eca6aed191764ceb7ad6588d97

                      SHA256

                      95ff870dc5d840759a1c794bf9b159d4c06552bb307f646efaf50c9350af4f13

                      SHA512

                      5153408e7aabcbe7a24bc152adff230cd76641977bd96adf528abae9e11adc158bba297ff284e5116c64e94f1620323fe337500220e485767ea01c4c4758e9b9

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\ffc76c4c-9678-4526-8a2a-4bf3d3738742
                      Filesize

                      982B

                      MD5

                      60eec7512ba03a69f156ff01c814cb5e

                      SHA1

                      6ddc285656600edfd2537de01bffb5e6702da6fd

                      SHA256

                      d542186a6440f7e3a71cae99442d12986bb5db0c5deb9795e965e08a902e9c26

                      SHA512

                      a551f3563cac440b0c55cf5354e94c37abaca238c8107f7cbfe7b38630aec5d71ceae4798d3bc7418cc3e6cf49ad4a35a4679e92e3131ac583b49031fd7774d1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js
                      Filesize

                      10KB

                      MD5

                      67a3a4bbe51ce7d424f5d97c54fd6b40

                      SHA1

                      c1bb95b0c90bf3ff761e8545a44e5e74998d11f6

                      SHA256

                      7790a53dc99d0cb5aa9655f522a48c104664014cdd2475087fdb1dbea5e2576f

                      SHA512

                      646bdf9ffa28bf616c4cf877f954f4938e1bbfb856c8ca005a577c7380af0579b539099bd166b177c040e6afa286ec5687a5bffe2fe0b6ca8495010c30d38f20

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs.js
                      Filesize

                      10KB

                      MD5

                      4bc6716453c1577baa409fd0f88b8499

                      SHA1

                      483e12773b5e82365f34feeb43f9ed498cfa7120

                      SHA256

                      46185c608517509bd0af3b327bb39f4c7b5ee76941db1b958e77e0d7005fb8f6

                      SHA512

                      6c29392616c18f47197d40f490d4f93dfa7b6c82dc69dda97c86fb1f7b4cce839aeb0a4f0ba444457a752583aca743fc9091e5b68bc1d55c6577f44b66376dbf

                      Download Submit