Overview

overview

7

Static

static

1

View_alert...].html

windows10-ltsc 2021-x64

7

View_alert...].html

windows11-21h2-x64

7

Analysis

  • max time kernel
    14s
  • max time network
    16s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    11-12-2024 15:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    View_alert_details_#[9YYZQ].html

  • Size

    3KB

  • MD5

    bffe485917d85ee454d67ad1adbdab3c

  • SHA1

    2d6a8a60577328d0244349e697708d23927cde38

  • SHA256

    b4174bb02e66b2511999c41eb455b520cbfcbf215d6df795cc563647b90cb7eb

  • SHA512

    f1bf0c6ffd831b50c96b40cdff5dc9b50ad6b89050004ef96eb1aa91a21c6f57392a57f11240e7c83dda8edf596b834ea577f2344c0b0fc4e5e71f060cf38416

Score
7/10
microsoftdiscoveryphishing

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Detected potential entity reuse from brand MICROSOFT.
    phishingmicrosoft
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\View_alert_details_#[9YYZQ].html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1532
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\View_alert_details_#[9YYZQ].html
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4468
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1900 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc78c4f2-9187-4ec5-8912-252a4c7f61d3} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" gpu
        3⤵
          PID:1412
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2432 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93a0e51c-30eb-44ea-b852-41bdb2ca0e0c} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" socket
          3⤵
            PID:1640
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2944 -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 2996 -prefsLen 24742 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6441826-cd80-4f54-87d7-1b0b8998a831} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" tab
            3⤵
              PID:4260
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44572b4b-24d7-4460-812b-c3beeba1f5dc} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" tab
              3⤵
                PID:4648
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4844 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4836 -prefMapHandle 4832 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ca25f57-6263-4530-8ac1-e7d3d35407b6} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" utility
                3⤵
                • Checks processor information in registry
                PID:5076
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 3 -isForBrowser -prefsHandle 2840 -prefMapHandle 2836 -prefsLen 27093 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8ce5000-471c-4262-bb99-445476cbcf21} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" tab
                3⤵
                  PID:1440
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 4 -isForBrowser -prefsHandle 5788 -prefMapHandle 5792 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7bb4d6d-623e-4f1b-801a-bc10354f537e} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" tab
                  3⤵
                    PID:3068
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5844 -childID 5 -isForBrowser -prefsHandle 5924 -prefMapHandle 5920 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4cccbb8-8b1b-4089-be56-1d9477845cb7} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" tab
                    3⤵
                      PID:2328
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6052 -childID 6 -isForBrowser -prefsHandle 6060 -prefMapHandle 6064 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b25a0c2-ea16-4c2c-bf2d-924f2e9eea78} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" tab
                      3⤵
                        PID:2700
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6356 -childID 7 -isForBrowser -prefsHandle 6256 -prefMapHandle 6240 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f07c063-666b-4dde-a1cc-9ee385b5e911} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" tab
                        3⤵
                          PID:4656

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                      Filesize

                      15KB

                      MD5

                      96c542dec016d9ec1ecc4dddfcbaac66

                      SHA1

                      6199f7648bb744efa58acf7b96fee85d938389e4

                      SHA256

                      7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                      SHA512

                      cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin
                      Filesize

                      6KB

                      MD5

                      7e6ab8f77c54012a119f84cbb1c2dc67

                      SHA1

                      c9937da3f81c6c3449c14844ee765380e8d5fec6

                      SHA256

                      3b77041ed36ff224e69acf3d07dcf37fa009e893312cd1a1f9dd9ba487dfefd1

                      SHA512

                      381d0fcd83912957177dacccdb83aba69afc3b84269b17d407ea3445e7fd451063b7a0402d5102b121c6133c810cff14e8b76f191b824ae801cceed2b7a54af2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin
                      Filesize

                      6KB

                      MD5

                      0b75c7be166d9bf5e4410abfd0dda4c4

                      SHA1

                      560093b2f604dbcc52e9555d6d5506173899c50f

                      SHA256

                      1682fe22bea36d788e6dc24dd6355d23a2d3f66a3a972538d41fa647a00956a1

                      SHA512

                      abddc3f1c97e3414e147bb15b6cdc5eb640a2f3bce8b33528783c9ab2742a8210e195d10432fc908e5bd94b3c261c3d99583815979accb16bb24e9085c75f74a

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      5KB

                      MD5

                      1ac5adc057bc21ecdaf82196893bce72

                      SHA1

                      2fa02f8fc257930ed795b86692bce97555474c37

                      SHA256

                      1024fd9e9186972a9a42ad1474ae7c756d30c0bad761dbedab546e7f5adb9e21

                      SHA512

                      443e7abb8677fbc90d86829d86764bacba10dbdcdec27a9c3f864ad2b17d7b9a1b0946cc24fabefb434f0c2de2349a917a9568598dde75dd71a2f5c1403b66b4

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      6KB

                      MD5

                      d5c818af18b64708d454190601c3da6a

                      SHA1

                      9faae36ccaa5370b63d07510f93e0c4f66cee52e

                      SHA256

                      7bb1f9930ad40d9313267f3d452680bb3254ddcd7e672aa87ca29a7d1775bb76

                      SHA512

                      a20b1539c13036003529b6b89ffdd497943fb3e16990eccacfc277098d525220a910870d71a76ae9f1e1bba5450a8f95de99644e02d567644d3833b2a1fc8485

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\01d6dd87-650d-40fa-a486-3f540c7f8191
                      Filesize

                      25KB

                      MD5

                      f34626a9b18a34fa8b95de191caa2d20

                      SHA1

                      98d51498196fcfea4438a100665b006734b31b1c

                      SHA256

                      ecffc3c689c00a5cc4df9227c7eef3d3a8d61ca4eccccf851283d37529726ffc

                      SHA512

                      5f1ae2e177d24a1e22fa92d92119b617181d5b26aa3875af5b9788d033fff2c0916d17cb835625bbd6af7714b1ff1a02caed0f53c59a26d2d81a83d0811e4aab

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\d6e288a9-8a77-4c08-a61a-05834f921182
                      Filesize

                      982B

                      MD5

                      0c1203949c2c80effbd5a7e01f922fd0

                      SHA1

                      7ac7f3eea9d172a0f9a94ab48badc2a11c6e1a14

                      SHA256

                      e3f7d6ab37e8164875e939c1260cd2b97ee31e5d1a7cfd8fc19b82c33284e82b

                      SHA512

                      c2a06be124ee30816335784173bb310568a87905446031be6fa0da1db54886e19b4a9897029028e721ab1f4fbd42db6ec8adc584815fa214b43c57b93bdeadf9

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\e1217222-57b5-4cf5-bbe4-de4bd616e869
                      Filesize

                      671B

                      MD5

                      78474cd3346bdaa751edbfc4c6e15dfc

                      SHA1

                      863c5925fe65cd7cce74068eae6b6dcb925a8f20

                      SHA256

                      0987e39805fff351e49fd79cea08859cae92f1666700f3d024d0e4f510912683

                      SHA512

                      55a4c9d4046b411e53fd44699d84b53bbaac8a5539eed54b78cff467f76b7759850efe33e847b4a7846b8174440c592775193ce0e12d0d985976ffc5d599a326

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js
                      Filesize

                      10KB

                      MD5

                      b862e85238066f61ace148ec817cba9d

                      SHA1

                      fad96e97281fa8618294399b66c0e293e372e604

                      SHA256

                      8c644a15c16426a1ac5c7f17eb0e9c7277de38ace47047ba6ffa017701638688

                      SHA512

                      5a12cf432bbaffe20ca9f7560dec9cb1c41bd87f89171f3bb0ad830bcb765a01de4fd4a785f50baea3177530bd8dbc31aa25029048bc8bfef7dda5edc9531ed0

                      Download Submit