Resubmissions
04-05-2023 09:31
230504-lg4y1sbc88 304-05-2023 09:28
230504-lfhpdsbc84 304-05-2023 09:01
230504-ky4txabb99 3Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
04-05-2023 09:31
General
-
Target
dope internal.dll
-
Size
673KB
-
MD5
53fcf13c64c27fa11e9b6f8573da2a68
-
SHA1
8c62c1da0e6973211e8c1249ebdcdd5655319faf
-
SHA256
6ba5628affbed64053d1ff1ef51b27c4d0ced0a8bd083278926db9ca9c3ccbde
-
SHA512
f660a3226e62c2ac8af0a3e8f6a7d78a6446bf8b06f95d6586c3adc0e5ae9cdd150c5c1845f576a6dcb826e2abb2f8f4ec9885c4f08e63a3d9b90c35d59ce034
-
SSDEEP
12288:J70yGLf4Sun2ZeufT1Hgl7IZOgY6EJE0B6PlsTdHnTop+DJzB:JAyGLfOn2ZZusZBY6j04POHnTS+d
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\dope internal.dll",#11⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.0.1413700249\1353941277" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a60559e8-fca0-4b99-885e-ce419bb05745} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 1940 260b90ea558 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.1.1590605028\1675901037" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20848 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2af95c5e-3d82-4a91-b504-7140ae8bbc4f} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 2332 260ac070d58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.2.1606179625\60026737" -childID 1 -isForBrowser -prefsHandle 1620 -prefMapHandle 2936 -prefsLen 20931 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4773e1db-b14f-4871-bbea-f4109cf01e9b} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 3052 260b9069858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.3.1064983708\2116271176" -childID 2 -isForBrowser -prefsHandle 3388 -prefMapHandle 2872 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf3bfdf8-ffb7-4f90-a00c-de5075374532} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 1088 260ac060458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.4.886280739\349169161" -childID 3 -isForBrowser -prefsHandle 4044 -prefMapHandle 4064 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d97ddb72-cfea-4382-bd26-ab5be8e93c41} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 4072 260bdc81058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.5.1682212026\381739025" -childID 4 -isForBrowser -prefsHandle 4952 -prefMapHandle 4948 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66472a72-284f-48e9-94db-70e5944ba4b2} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 4544 260bf531e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.7.1542564344\185493349" -childID 6 -isForBrowser -prefsHandle 5096 -prefMapHandle 4984 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d619b9fc-c1a8-48fc-8c38-ef758fdcf326} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5204 260bf5d6858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.6.1943015409\473424995" -childID 5 -isForBrowser -prefsHandle 4968 -prefMapHandle 4936 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28a43cbf-04d8-4cbd-8bcd-618258e80322} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 4984 260bf5d8c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.8.408553085\2067462851" -childID 7 -isForBrowser -prefsHandle 5652 -prefMapHandle 5524 -prefsLen 26692 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d529440-3f03-4cec-a351-a563142b7227} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5660 260bfcea558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.9.1984336073\349648841" -childID 8 -isForBrowser -prefsHandle 5660 -prefMapHandle 5840 -prefsLen 26771 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a639cdb-f548-4f09-bda4-94d7ed4a7c32} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5900 260c10bfb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.10.1819206978\1304572000" -parentBuildID 20221007134813 -prefsHandle 6096 -prefMapHandle 6136 -prefsLen 26771 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc663e21-5746-4a89-8d3e-b7e5c72ae070} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6088 260c1292658 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.11.1543826508\1239519135" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5188 -prefMapHandle 5104 -prefsLen 27036 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61daebcc-3e60-48b8-832e-beb711f6221f} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5156 260bfa7cd58 utility3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.12.889001063\1258943198" -childID 9 -isForBrowser -prefsHandle 6328 -prefMapHandle 6320 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e3d99b7-2433-4afb-b9b9-1fb418192a99} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5456 260c15df958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.13.400021211\1046912403" -childID 10 -isForBrowser -prefsHandle 6564 -prefMapHandle 6556 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d87e48f6-9986-47f1-8737-43d70f73cb7f} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6572 260c1a8dc58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.14.491491070\554770518" -childID 11 -isForBrowser -prefsHandle 10000 -prefMapHandle 10004 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c91c620-f4c3-4664-ae4d-bb2a8d5dc06f} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 9992 260c38dc758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.15.1117254026\1389892874" -childID 12 -isForBrowser -prefsHandle 9776 -prefMapHandle 9784 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {289448f7-ffa2-4de1-8be0-af5d2d527d46} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 8972 260c3a12e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.16.2069001326\1808059526" -childID 13 -isForBrowser -prefsHandle 9596 -prefMapHandle 9600 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2386259-0fe4-45f9-8474-8769c65a6e70} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 9584 260c3c0ab58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.19.1869723004\1721356838" -childID 16 -isForBrowser -prefsHandle 9236 -prefMapHandle 9320 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6591183-99f8-4958-a327-9c27c2f19a9c} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 7576 260c3791058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.20.553013049\1960127165" -childID 17 -isForBrowser -prefsHandle 9368 -prefMapHandle 9364 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dab4b83e-d27a-4800-89ba-5c2de63aca58} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 9380 260c3b2b058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.18.1502212139\625867535" -childID 15 -isForBrowser -prefsHandle 9348 -prefMapHandle 9352 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {692b9234-ad99-45bd-bc7a-759e05a580f8} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 9340 260c3dbd258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.17.954059758\1974120794" -childID 14 -isForBrowser -prefsHandle 8928 -prefMapHandle 8924 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {668be51d-7187-4193-a09b-c48a4ff1583f} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 9796 260c3d5c058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.23.1384693999\1774797363" -childID 20 -isForBrowser -prefsHandle 5160 -prefMapHandle 3588 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3886cc1a-4e70-4c0b-a08b-161d84ff0d18} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5216 260c44ae058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.22.2057521049\1190680125" -childID 19 -isForBrowser -prefsHandle 8680 -prefMapHandle 8676 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9365df4f-ed55-4594-b7f7-3255bcb6d2ca} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5556 260c44acb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.21.1021897118\889928431" -childID 18 -isForBrowser -prefsHandle 8708 -prefMapHandle 8960 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3d1dcf4-9448-450e-bcd3-dffd35ff9237} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 8768 260c44afe58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.27.1365840439\1237514549" -childID 24 -isForBrowser -prefsHandle 8512 -prefMapHandle 8508 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3153cfbb-f398-4999-a8ce-92f5dcbcb240} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 10804 260c4dad658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.26.123547876\2081374515" -childID 23 -isForBrowser -prefsHandle 8500 -prefMapHandle 8496 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f345a653-3d5d-4867-8341-9ac74f04d1e7} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 3588 260c4dadc58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.25.1042073559\1954003794" -childID 22 -isForBrowser -prefsHandle 10556 -prefMapHandle 10552 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {684139d2-66f6-4f56-b668-cc1140a4750e} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 10572 260c4b0cb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.24.2100655227\1345973952" -childID 21 -isForBrowser -prefsHandle 10516 -prefMapHandle 10512 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1fe2cf5-c31f-4daf-af81-145d785f846a} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 10500 260c4bdf058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.28.1629289066\2055936156" -childID 25 -isForBrowser -prefsHandle 8508 -prefMapHandle 3588 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6563ec9-3400-484e-9b9c-e319fea92a70} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 11036 260c512ae58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.29.1064940769\1300635104" -childID 26 -isForBrowser -prefsHandle 5660 -prefMapHandle 8272 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f25b568a-516e-4d78-9d79-4b0906e51833} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5128 260c6108458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.30.1559303446\1763345228" -childID 27 -isForBrowser -prefsHandle 8212 -prefMapHandle 8152 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {557eb854-9b7c-43d8-8aea-595d71a5ab66} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 8160 260c6a9cf58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.31.839688664\764046578" -childID 28 -isForBrowser -prefsHandle 8064 -prefMapHandle 8060 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cfc0444-21d7-4e39-be97-17aa0ae3ec85} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 7956 260c6d25658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.33.458517856\1557934876" -childID 30 -isForBrowser -prefsHandle 7608 -prefMapHandle 8436 -prefsLen 27172 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {513161a4-d8e2-4ffd-b3fb-1a907161704f} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 7420 260c3b2c558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.32.2096367918\879297873" -childID 29 -isForBrowser -prefsHandle 7712 -prefMapHandle 7956 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a37cf51-6fae-44b9-adc5-482544f4b8e2} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 7700 260c6d24458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.34.1006207407\275895305" -childID 31 -isForBrowser -prefsHandle 10856 -prefMapHandle 8144 -prefsLen 27172 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {149561c6-9cc0-4cba-abb2-e0b1b1c530ea} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 10512 260c7a35258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.35.1818895610\11513734" -childID 32 -isForBrowser -prefsHandle 6896 -prefMapHandle 4824 -prefsLen 27212 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34980040-68dd-4dd5-99b2-37b644e7daba} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 7200 260c551ab58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.38.1206675505\877702267" -childID 35 -isForBrowser -prefsHandle 6812 -prefMapHandle 6808 -prefsLen 27212 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2c4f0f3-cc62-40e9-8c93-b0def21755b2} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 3640 260c6808b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.37.1248179497\1018661979" -childID 34 -isForBrowser -prefsHandle 7008 -prefMapHandle 7004 -prefsLen 27212 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e129826e-c07b-47d2-8417-d234cc4d4ea3} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6816 260c6808558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.36.1353569155\1446292719" -childID 33 -isForBrowser -prefsHandle 6940 -prefMapHandle 2716 -prefsLen 27212 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18dd6cd5-f13a-45bf-b3e0-2a4138950409} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 10844 260c48cff58 tab3⤵
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_deltarunetitans-c2.zip\DeltaruneTitans.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_deltarunetitans-c2.zip\DeltaruneTitans.exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
145KB
MD56b3b791b2aeb5a0c7f8b0984334c66ba
SHA117989424a8adb38601a5a21ae320359305677c69
SHA2565f4d2b6da9698f3d5344055f6fccf68c68481c6bd8a827243fbdc0543c36a13b
SHA5127d3b61955f321e7f5dab35709ce7a92a1af8a1a9ceaa2f38306c39d7cf64c62d95f1f1e2d2733159c7872256f23d0588ad53dd0a4c8ff2462e2facf7d0c1c3e7
-
Filesize
8KB
MD54f461283ac7f109fbdf5f80796e97e18
SHA124c74d585f65aa536fbe6831d58c7d319b21d2e0
SHA256246ece9e65b21f16867b90593ab4ed0cb1f1807cca1efb456e195603c8941143
SHA512d84b4f5a8581f51b92ea9e8df21f9f76a6540084d2e660cd93486d820b44b5e0d5098fe20a73078117734564d368c022f55186b83131e24d96e2edfd2ab3103a
-
Filesize
9KB
MD531de99937bda1e3f620ce935f9461851
SHA1181a922e3b4e442ed1e33c60ece92cd1efa66ca3
SHA25647e5bfc52fa45461258cb7ae96add66a8053fb6cae9b133bd8bf2cc822720420
SHA512474668607c62ddc6c068bd5337ba180cf54c5311737fabf48e3bcef2478c41c2abb01a2561d7c2df538fb29a079eaa3ac1e3cdce72174ddcb443649c3d8b5206
-
Filesize
8KB
MD5081987183144b6fb02ad92bb73c83325
SHA16bcb8c8b8ebca1c6b05e9cbdfe982f1e8eda2209
SHA256d5a881c8aa83a0f7f56e36b1677ce8a5c051ca6295e171d87bfa3ee2c678b962
SHA512f16f55689e523d94fd51daa70e0c625b79266625b8db5a029a86090a03eb5c3eeccea268d0626c966f8cd2e813eba08005da88943bcfee35f16318e6b411c57a
-
Filesize
16KB
MD5b6dc91d3fa374398240ca9c97da5d64e
SHA1f85a9e3f550d846788a15d5a66a9d7a49fe2c45e
SHA2565339623bbd501dc2e6eba8fce8c892b4ef5e9829af553ead95b867a705b187c3
SHA5123db120a9a70b4ba663a62b610ae57a1e6d580d9ef23370fc9e3398057da62bbadc1da21f95d692d12f2f7eb1983c5553d198b90be265505a405b1a650527d20d
-
Filesize
9KB
MD53fd32710039d3cab914f02d72675e784
SHA101cc0edca17b4c4618a29aa835ab63ab3655f2e5
SHA2567057bcabdbff82424abd419d3da163c783d0bea07cfcd01283c2a3d7336046ca
SHA5126c817c6a73090acb8f736562a8a66cb889d047763cccc49ddb8b461c819ad3d2cef472fd7b609da312c453a8e0198661d301a3cbc046a0d7fdf157fe66ec87c1
-
Filesize
8KB
MD519ba97d456664bf0445adc82d45eacdb
SHA14ed79493de99181b00642d08c68fdcfc795aa173
SHA2563704a56be4629a6e84a7943c470427c93fbc864aa48e5ad3e6b58add4ae3df2f
SHA5127aade439b27d728e372aaa48bcf9a2f92041a24dd782d2d6343a29f15f53aed9f644d8a2dc7bc6016224df18af660c8bfcee0cae92a339d7efe18daab1c04371
-
Filesize
8KB
MD508547b0664458f7adeeaac11b183321e
SHA14156fae712c53a903aca8aafb27b272f66003a88
SHA25636dd40a430ce7694f4a2d14d19cde6ecbf89c4bd031794ec9a9ec1a3fdc43415
SHA512d263fb8e10f15492085bd1abef62520c8b977c36c9e903f07ea671466da20db0bcb2511a4c829fbd8b11abf36becb4145b3fbfa3b1e65655dc7c8c7f7b9ee232
-
Filesize
8KB
MD501ac467eab86fb4b4592f1dec5bb2973
SHA1d6f45e25f359031976e082449c2918db8e583387
SHA2562f83cb2e599eec65eff883d6178f7647b269112e13b09b6e8f1761e20338401c
SHA512f82be8210dfa8412acb6e3c0acfa71fffc99cbddb5cc9994da502ba21900849b84e85ef00afc1b1720c9d131c1efc81df9225ff6d4e9ed0898bb76d98d18bffc
-
Filesize
9KB
MD5aac2bcc2bb4303aab0fc309e78cc1547
SHA1ebeb6b94e0c41a2e4f10282f236654db0fdbed10
SHA2567c7d4b73230fd44a38194aa727c7bb391f907858487abea989745dc0ac92341d
SHA512cb26db31354a66182002e1495f5f7b375246b5785329927461746c40dc625218dc7dc6f768d9d257c8610237698c040ae76d3f657c54b55786d75c9a016fb812
-
Filesize
8KB
MD5e4c1e96bb5b35a4a6fcdba9cfa6ea7c9
SHA1772254b61a11be8f99826a729ca20d5aaff63d80
SHA256f7a97a45f44738ea7cdb62d1e1542e28f8cf515875594ea9ec7cc9f89df1d862
SHA512875b8637fbcb7f38e0ef77035c27c9b061fb63d955d6e87a878f6e562ef4d49b4847c0aab0c7d7b8651116962a402fce0458464d1faf4309465e8a1f41aa9b53
-
Filesize
15KB
MD51b03e22b22ea7ebb4f15b1764894ee9f
SHA14c909f1f74652de3d64b66a26f5bf23d95d10ba1
SHA256bd39c1cbf011623c74294c16503a2cba090cdc398ffd626eb5039308ebe2b188
SHA51274b28d6ed421c92c4b110d5d4ab43c13bc79a0bdba887e4a7651a40333630c3b3bf6a53b6f89cb8c2fd20945f80cd93a10af32db3be6b8b619ffb826b67ff63f
-
Filesize
519KB
MD54d70ada3549ca119a098b5a049b20298
SHA1015db9bc7602e87f58fd25d81dd1b01c8de3ea2c
SHA2563f9d6047682aa1a8a6be08a3b7b66fa123653c69b3f6e090f452532940e07aef
SHA512401ab3f04ab2513a87e128ddcdb68c33e4a3c45968371463e28bed5ce66e38725901dc208d7216c8e0cbc69c7e951d4860aea532cc11919e7af93743b45e4ed8
-
Filesize
14KB
MD5df619fa9b278376173fb007910bbe6f1
SHA155fca9eee03270f799ed649bb95687e6401b0639
SHA25621d27090be63a4ddecc7a847d0bffe673db3ba1cde2f321177ed5110dd3b6b1b
SHA51255827f89e965e1348f6175bea93f8c22f20fecc6db4c5600749084744cffe3ce490b4d0f314416c29f2f371b37ace5cfcafc79c860ead5e1d3284334c503cdc8
-
Filesize
100KB
MD5b2d0508834d80ffba9337bf7ba9556a2
SHA1b94508d2aa84f5f1daeb3c2fdeed8a35de2fd635
SHA256f26d251f98d212d4b772671491907304ca39c286ff0c1d51fdf0486ccfcbaba4
SHA512ad20bcdd516e509125718c33857e2f05c4620c7ddd6736a3a033a9923ef8b5f8c7f27097b10195248154ce4832712eb252b28b1c2e0de2ce08faa8f575c2979f
-
Filesize
23KB
MD5e8dfa45a163d43520da934603de8df82
SHA137ec1a3ed66e3de3d4e4fa6421c17743e82ffb68
SHA2563384d33f5e81684aaa98c583d1df355fc50a4ec642733f2d92995a6a42a1c862
SHA51299f61f0afea9219587d09cd2c6cb94faadecec53b6b2b02eea635af7cbd1305bf5bbfc5052158905877abc573e75d0a044182b8bdfaf0f8800dea772cfb84f0a
-
Filesize
1.1MB
MD58187187395cf0e77229bc9edbc706b9d
SHA16c450145e6529095562f8159adeef80d24625695
SHA2566dad38ff7607ee86e41a41d9b4b65da74d02eabfb5f06377cfd72171553b7759
SHA512624495ed8185d509f79ac93333af385d6a58a06320aabe06ec86ab9b409ef9a2bd7a390eaaa593395254b9a0323732ec83da810b441485790b8a0c66f691f8ce
-
Filesize
248KB
MD51ffaff2785d3a6dede14203ad8c717c9
SHA1bd45663dfaba4329cc722e967b758b676460c9cf
SHA2560c1f6adf75bce62800ae9e6f5f9285c919ad6cfa22eb6be5f0b7bfaed7f4b1d4
SHA5121d9fd67593c79314bf32e9165b96ba26b42bf94bbd29c0b2823a641b52943af4b2bfabaa7ff41c39337d70b3293ed181b00caa7f0fb9abe7b75acd581ab715e8
-
Filesize
119KB
MD5594171b670e3dacf5f0b15614ca89a33
SHA19afe9e668c878de2c8cce39c1f04b5d85dd5bb5c
SHA256c077981bfbe3bf924bc6cef44aefcf0e3022c25672cf5c679af35e949ff3ca00
SHA512cd7306d7052af0a096ab6c2fe946871c1fce2d47564f0ec9c221e7c3cb58fa3c7e6025ff7dafadc2e09bb7add30bdcb8cde3adcd193a9c664c6139658c4f547f
-
Filesize
6KB
MD525972f7b69aa351119900b02f0976d2d
SHA153bc6b3436eb14a91ea21d3e6ee2f394ce393c5c
SHA256fcd8ec8a732a2f169ac0e3beb3187d5d9d4e4b7f41074d237c9d2ca3ec519434
SHA5123b74718c26ebdedf493afbcc67ddd74d158ff67e61b3861257d9dd0df0ca0933004612b03034e3ee09367c5ea9ca301202341951fc130c765f21c4b605617d65
-
Filesize
6KB
MD50dfbf287f381bbe5e3b0d8f6104e43de
SHA10367a08c6859a4fd8499cfeec9c59cdaeb2cbf74
SHA25628aee6a4e17c605d3f93b317358997780c3f60a6cc3a99a76d6a63f3db8d5258
SHA5126b27b1bf79f898ef900a0c5b6bca28735826d7343d985dec8d4d24188509bba91380abf3e35304771fd7e4b923fb1ba06c55498fb47f55ba69a82a689cecc7ad
-
Filesize
6KB
MD531e124e6f72908a4fe98157b0e08827a
SHA18c0a3fafa216e1179bed4b1acd24479350a0510c
SHA2567b10e2a4909e8363be68a49e611891cacb210e2c7487380ead67b257be130f95
SHA512ba26634d907f547e4a9c5cdbce2c5401c35977c60364dc4e407e34bcd39ececae97e68c939787ce745d5528061efbde9a6154453e666ad1efae666ecea01ebff
-
Filesize
7KB
MD5697f2d4e084f7ce646a803d6472b4619
SHA1fb04a51994b3cc1838a3636b7a0023db8061cec5
SHA256bf9fc7d79573a60b9b9d507529bc65625c59c0b387df4a043e2c10c85359ba69
SHA512727f2c72bd64f6ded3964dbdf4e235db979b3c5ee247a097539ee31984633566389c1135cf4e75076b6d1b0fbbdfdee2031bcdc4bbb3d2e07496e59461a4b368
-
Filesize
7KB
MD513d90956cf1d19002cbdf681a9e7229e
SHA12f069fe0fc4b70f12fcb67e34c2ebe735f162448
SHA256debfc36565b5bc6ecf35c11c34323a79e71f472261c462d1a2547ad45187d485
SHA512a23f8dec48e4bff5143a68fd5dd474ef22594f2d77894bdef5b562ee804c8c0fe3e6b32adec4153aa3182b8d4ade1bcdbfb47cfd0f246f9b641cfcc87ea97818
-
Filesize
6KB
MD5360554a24841dd49eb3d969fe4739b7e
SHA17d8fbd63c6e69207951262bceeca77342e5812d1
SHA25661af6b02c6fe72fc04cf33de16b700178acae2aad4538cdbf7ed01c03cc57692
SHA512efb4b0db6f00f2b8f0abd3e3f4926fc11f428486351f5a5967ee8c1e73f8c7545f15b685104c603acd4bb87553c5858b19651f809ffcb1c0cbcd72491750c240
-
Filesize
6KB
MD59971fa8fa89a208685d3e30835832fb5
SHA15d9972a3bdbd4c18b3648597d2fd9f9fd6e30300
SHA25613417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084
SHA51202b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f
-
Filesize
1KB
MD5f14453325bab8abf0f1243f07c6fe65d
SHA1899d840bd7dd49622f2ccdc03421418eee70b316
SHA25658ca53810613ffe3860bad9c42d65436faae9e713526412e6e383dd94da8eb52
SHA512557a04de371cee34062656683bfb4c49249ea1f3ab7ec241592a6ad4c7216cd6b3c4683ce1101fcab84d768a822f8b46cda737b12b798d6affff58d625dda558
-
Filesize
1KB
MD5a93abc7b2578930c5ba954bbf769b6f4
SHA1bc78cbb4b454f6db627a410815b168d93b60d67d
SHA256d53ef1859457d3ef6e2e1c2b58aef43cf320b7aea80669b67dbb226412d728d0
SHA5127f88a5f9109077aba1236bebb059750a43641197ba8057b2b3cb1e978ec111752eab12fa910a0dc0fc5c62548ef516a83fce2cb4c2c12d5d51e60fc7bc7659b7
-
Filesize
48KB
MD59cd2894dc58add7e3dee01091d422e62
SHA1db42e1cadca55fc6fdcd9ff432824b61570a8127
SHA256c8a465740f26ae9feee6975d4fd57c75596b03e3c1ca37d37afe1bb8f2d22654
SHA51241b1a0307da33ef19a5350d677bdcc26603544c79d371fae12ed588dafbe386e01aa41995520e8c244da331886f52183c1cb8c8144eb133904f70ae12fc99c8d
-
Filesize
70.0MB
MD5c950ba64ecba0280324fde9739cce7f6
SHA1a437117b5b2de99f7dda422440747d83abc7b0be
SHA256e696eaae32935f410f995d322215bbc140e09853b3b79dfb11f13ce45a9daa11
SHA51216ca28181de2ad88aa800883c29e2542bb0466a84d99e790df6b8b75a2b85c07063d8cc77145f4f249bddf411c0f7224f12355839775ae278266c482c63ea321