Overview

overview

7

Static

static

1

Transactio...].html

windows10-ltsc 2021-x64

7

Transactio...].html

windows11-21h2-x64

7

Analysis

  • max time kernel
    12s
  • max time network
    16s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    16-12-2024 17:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Transaction_details_#[D3L9M].html

  • Size

    3KB

  • MD5

    31b7c1ec32981c5690f2005a834bbeb6

  • SHA1

    49ff99df464e0551f4cecfae9cd062f60b9ca6ad

  • SHA256

    865f8557e7fb7bce49eedfc2c2a57fc7a5814b2eafaacb0c13475044eff64a96

  • SHA512

    0a6cf5c9a9bb53b41762955bdaad02509fc40f537ce18494cd9823bfad8fce68558512fbad77e51cbdb44b8ce8184197c15697eef3a62f47f1d671654b08f66f

Score
7/10
microsoftdiscoveryphishing

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Detected potential entity reuse from brand MICROSOFT.
    phishingmicrosoft
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Transaction_details_#[D3L9M].html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Transaction_details_#[D3L9M].html
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4520
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41df21c4-8d9f-4475-9c35-a39e3fbd0a70} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" gpu
        3⤵
          PID:2396
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {265f6daf-95a2-4bb3-86d7-24de7ba51693} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" socket
          3⤵
            PID:2388
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3132 -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 24742 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8b78a60-eaf7-4cd9-a858-8fbe7e27aa01} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
            3⤵
              PID:4180
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3984 -childID 2 -isForBrowser -prefsHandle 3452 -prefMapHandle 3104 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7966579-c96e-40f6-a69e-611195803063} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
              3⤵
                PID:580
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -childID 3 -isForBrowser -prefsHandle 4768 -prefMapHandle 4764 -prefsLen 26986 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6a5a290-5e8e-4eee-bb87-d65fd1865a60} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
                3⤵
                  PID:984
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5216 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3940 -prefMapHandle 5156 -prefsLen 29240 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c59c9f92-5e13-42ee-a1ca-8f65ab044655} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" utility
                  3⤵
                  • Checks processor information in registry
                  PID:4280
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 4 -isForBrowser -prefsHandle 5564 -prefMapHandle 5552 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b2589f7-d521-4124-96ce-fda90605f212} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
                  3⤵
                    PID:568
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 5 -isForBrowser -prefsHandle 5716 -prefMapHandle 5724 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {688e7d48-0530-45b5-815d-635ea55101cd} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
                    3⤵
                      PID:2464
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5768 -childID 6 -isForBrowser -prefsHandle 5776 -prefMapHandle 5720 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25bb9513-cc23-42ec-aa61-8e58f17a7415} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
                      3⤵
                        PID:988
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6204 -childID 7 -isForBrowser -prefsHandle 6220 -prefMapHandle 6216 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {482b7fee-f919-4881-8b7e-cdfa670a6cb4} 4520 "\\.\pipe\gecko-crash-server-pipe.4520" tab
                        3⤵
                          PID:3584

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      22KB

                      MD5

                      2def604e576bb1fb86d967ff5fbc76b5

                      SHA1

                      b488860df0bac25fadec0a8c3126a3574142a451

                      SHA256

                      35b8d0b515427ef707d8902a7ba0a4921851a5fc5b7c99515d8fa48658642c81

                      SHA512

                      01e5c2fed2ac980e194b7103c3dbc8bb1973a171a8645ea8e1168234b6b66c9e7b4fd9e9d16a2fb5d2e3f33b45435c503a0702a5fbd539db9206068a02bfc682

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                      Filesize

                      15KB

                      MD5

                      96c542dec016d9ec1ecc4dddfcbaac66

                      SHA1

                      6199f7648bb744efa58acf7b96fee85d938389e4

                      SHA256

                      7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                      SHA512

                      cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\AlternateServices.bin
                      Filesize

                      8KB

                      MD5

                      07e9bfa2ce89d68045058a6ad82f4e66

                      SHA1

                      55234741bdb14e736f81b3b228b1431e1a1ccc25

                      SHA256

                      2e37232ac92b9c7d4e9fd28ae6a8069d4e2b35eac7f2d2471a8e40e23291522d

                      SHA512

                      12ed0d7cd499bca4373233414a54ac7c0451515088f52f37825d18ab39bf12b3ff7877185046d05e327715932ce7b58060253c1d21a795c31107360e5f1e7211

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\AlternateServices.bin
                      Filesize

                      6KB

                      MD5

                      b3e6a50c74a45426071dde4ef2272cb5

                      SHA1

                      a068a8a3fef567605a0432aa7a0d9de2cb043882

                      SHA256

                      a3e536ade568e96d22292c722387aa9c6e35b95f9015d1f0ca2e5a6d2f54227d

                      SHA512

                      c3fae0e1bffc37e6f604a0a05f62dee9186c16443292e99f3e1048607c5921e8cf1be250e865b9b1fa127360b49f981f462e0538dd3c30786d2059442998caec

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      3KB

                      MD5

                      d1423bf463a17843636d0143a6e7047d

                      SHA1

                      b27bf9238bb89463e0249c2f5d4de3d51557ba0f

                      SHA256

                      25d9c06f9281d29e3560cfbe46fb6339221d31ebef56c5dc043e19ad24474a91

                      SHA512

                      4cb7fb01e5b56887d6d4ed1d58df7a948908f1b999d24e9451208af93542f82da1cc43d7da27f20c5da066efe749d2aa4495125f6bb7949da722fc99cbfc1010

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      5KB

                      MD5

                      b4bb885c166d6216cd84256b9e12bf36

                      SHA1

                      df4c35b62eabc0c0fee91baf2480b7718c127849

                      SHA256

                      cb68e74040ad8d6d477591e2992cc9ea24b5f3b60f1a79a7257cf10ea48dc3f2

                      SHA512

                      1b4917abd640f630752c0b04305dfee599d18fd19384ec217b0cd45c5dd961dfe4d356054a509146a5b357bb111a54ccf775186bd7f55029dba754283261a536

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\pending_pings\27c24ec8-1cf2-40b0-9b56-a2a7f602cee9
                      Filesize

                      26KB

                      MD5

                      58e30711f18b41fb7a732ae66b612d29

                      SHA1

                      1a2d215dcf5cfff85c470d67fe7f3a17849b17d8

                      SHA256

                      73d4bfdcc4866c367f8fad9420a1271824d2f4a4c264213de08ef09931cb7965

                      SHA512

                      36d0a624aa99f855ae40d44ef911b5d1737a260e69554d5d293a4aaa359b7871799401d201f101e97cb4a62960f32958bc7a3aee5f7c434927dc102914a05033

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\pending_pings\473179fc-513e-4733-9d4d-2c74dd388498
                      Filesize

                      671B

                      MD5

                      d7a3249cf7fa040d6113420ce0e15fd5

                      SHA1

                      062c518d2ed3632f0dbeb9ac3645f4f83e3d89cf

                      SHA256

                      8f5cfad8c8dcbe50206b6ac6f4b7704560bae5945a8d754d352e6de157a437fc

                      SHA512

                      231e2225f92c7acbd0ab0283d84f94203b94fd501fecfa593320515b4eb3bf8716637026ea6fc4bc67abc09e964c543bb4c4f2b135ec0a91668cd5a0fda88275

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\pending_pings\a00f74dd-8101-41ac-a4d1-91fd421955b2
                      Filesize

                      982B

                      MD5

                      426c45707e475db577d4f4aee0b64cee

                      SHA1

                      8d45f02748b91d5723544846eeef2ad7b745790c

                      SHA256

                      87b7d81d4e038938d4df9a45f17367f72a01bde110c7b54065f80b3a7539a88b

                      SHA512

                      ec7819d8b53fb7a1e9f9a6faed03385892768b5a585628c6790552918ae31f0812db6ed855b5916e5a8e5c973015d3be466b7b39127138965ae707307df5a4c4

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\prefs-1.js
                      Filesize

                      10KB

                      MD5

                      6a83da9ce4b4f907b6663cbedba75d96

                      SHA1

                      6086c1b3396c1cd6fda187d2afd7daf3ecbef889

                      SHA256

                      bfe37e36fde97d753d7436e89b80f9a0f7962efd43849938bb6ae6afff614660

                      SHA512

                      16e8852b9e97d3bd2d826e8e079d198ccd69805dbc2f1aaf86b4e416ed764efbe2955db78860aeffd51dd49a40c16fe61ef57e2a17fb96143057a202801c32be

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\prefs.js
                      Filesize

                      10KB

                      MD5

                      afb708af785fd8cf1eba0dfbf8d17f66

                      SHA1

                      b5418afe7449b89303e2bb1297d952b5a3db4456

                      SHA256

                      840151b868410d665e39a5a47b2bb5e7e4026df570af5c8c40a5082a7e745885

                      SHA512

                      f9b3207777d2b166c71c5d39b6ed95a18170f39d1bc2bbf8f2658af8361b9f029a96ef515c326ae7c2fb358a90d3cf54748810344e74f3495f915e1a015a8b77

                      Download Submit