6ec15af1bc5b6d5c960a01769eac364ec3a219e5391b4f82ed7e97ed29665322

Resubmissions

15/05/2023, 17:14

230515-vsctcafa81 6

15/05/2023, 17:11

230515-vqmkrsgf24 1

15/05/2023, 17:10

230515-vp4gwsfa7z 1

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2023, 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

16KB
MD5

97d64f3958d236e4b24ad96be8aed5ed
SHA1

87eb717af41b5c189f7e5022abb284fb87c62820
SHA256

6ec15af1bc5b6d5c960a01769eac364ec3a219e5391b4f82ed7e97ed29665322
SHA512

787b827e39c4637043fa2cb3d2f78a5180b2f836c79826fe3514aefdfbb51356fac9e40e2a6d0de9c1036e6bd6e3e38a2fae32e5c9479468f9b9d427485e98e7
SSDEEP

384:ry1ajhn8DpmRgVoOsKKElKeGMmU8HhhbPUf7628B2dBJCBXQL:rqUSfVoOsKNI1MsBhbsTE+JQQL

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31033185"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31033185"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "810240797"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5B7E7A1B-F354-11ED-ABF7-62080863D4B5} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a9700000000020000000000106600000001000020000000a0538d1b2ebab458a089c6b7acc2dd6febdd64755a719504b8468cf7fc5afd0e000000000e80000000020000200000005a55cb36d6f0402e5afd97b14b84037bece95e481207cee179a90b85bcfae096200000003e9292a9ead93de6a6a6fc02a6d3802f010aec95036e0d2ea4e158d0c30ddf84400000005320038d895b588bed52d98642d9c04b618c346ebfebd46e6688d8c07ec64307b6641182bb6a4dc0a8d26e2b80ccc4c7166e08c823a28e56f390ff169adf7f8f	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "810240797"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0ad29326187d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00a636326187d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a9700000000020000000000106600000001000020000000a0b5327818dca3adc1fde7ada127bdfd8330f4ac18fef9d2f7b7d27469820bbc000000000e80000000020000200000004c6ab5aa79d685efe71562a20e676414447b04ecd6c80647a8e03d931eea853920000000a74f30a921358cfa6c560fbfdf0215b3ae6abfebb6557f7aaf0b32c19560bf804000000052d881d0fa06edaf9704dfa4cf2f7b2efd59999fa4a75ba33c480620cead3f6f339ed646476627cbba1a4d04306296847d45eedc4117b52a0cc23c433ca06f74	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	220	firefox.exe
Token: SeDebugPrivilege	220	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3384	iexplore.exe
220	firefox.exe
220	firefox.exe
220	firefox.exe
220	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
220	firefox.exe
220	firefox.exe
220	firefox.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
3384	iexplore.exe
3384	iexplore.exe
1596	IEXPLORE.EXE
1596	IEXPLORE.EXE
1596	IEXPLORE.EXE
1596	IEXPLORE.EXE
1596	IEXPLORE.EXE
1596	IEXPLORE.EXE
220	firefox.exe
220	firefox.exe
220	firefox.exe
220	firefox.exe
220	firefox.exe
220	firefox.exe
220	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3384 wrote to memory of 1596	3384	iexplore.exe	83
PID 3384 wrote to memory of 1596	3384	iexplore.exe	83
PID 3384 wrote to memory of 1596	3384	iexplore.exe	83
PID 4996 wrote to memory of 220	4996	firefox.exe	87
PID 4996 wrote to memory of 220	4996	firefox.exe	87
PID 4996 wrote to memory of 220	4996	firefox.exe	87
PID 4996 wrote to memory of 220	4996	firefox.exe	87
PID 4996 wrote to memory of 220	4996	firefox.exe	87
PID 4996 wrote to memory of 220	4996	firefox.exe	87
PID 4996 wrote to memory of 220	4996	firefox.exe	87
PID 4996 wrote to memory of 220	4996	firefox.exe	87
PID 4996 wrote to memory of 220	4996	firefox.exe	87
PID 4996 wrote to memory of 220	4996	firefox.exe	87
PID 4996 wrote to memory of 220	4996	firefox.exe	87
PID 220 wrote to memory of 4884	220	firefox.exe	88
PID 220 wrote to memory of 4884	220	firefox.exe	88
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89
PID 220 wrote to memory of 4512	220	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3384
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3384 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.0.757970519\1778058509" -parentBuildID 20221007134813 -prefsHandle 1840 -prefMapHandle 1832 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {650ec3cd-a988-4604-a355-7177118fb5df} 220 "\\.\pipe\gecko-crash-server-pipe.220" 1916 2bbe0218358 gpu
    3⤵
    PID:4884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.1.420019239\878902219" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {621bd656-da8b-4797-b2f1-54e5e6218bfc} 220 "\\.\pipe\gecko-crash-server-pipe.220" 2316 2bbd226f558 socket
    3⤵
    PID:4512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.2.1802356448\1481663181" -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 2932 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61e354c4-a7fb-4c2c-a6e1-71f5344cad6c} 220 "\\.\pipe\gecko-crash-server-pipe.220" 3004 2bbdf18f458 tab
    3⤵
    PID:1524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.3.747119878\350766758" -childID 2 -isForBrowser -prefsHandle 3580 -prefMapHandle 3576 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd8cb428-c5ac-49f9-996c-4cf4d9bce74e} 220 "\\.\pipe\gecko-crash-server-pipe.220" 3592 2bbd2266258 tab
    3⤵
    PID:388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.4.1519535805\1969991283" -childID 3 -isForBrowser -prefsHandle 3964 -prefMapHandle 3960 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddc1760a-b04b-4ce8-89fa-fdbf08d4b75f} 220 "\\.\pipe\gecko-crash-server-pipe.220" 3976 2bbe3fc0658 tab
    3⤵
    PID:2636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.7.333442884\1061335972" -childID 6 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {222d1987-d7ce-4e0b-8412-8387a00ebfd6} 220 "\\.\pipe\gecko-crash-server-pipe.220" 5276 2bbe5884958 tab
    3⤵
    PID:2844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.6.684653802\155719936" -childID 5 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ae72579-bf67-46fa-8e72-d6c25e539fc4} 220 "\\.\pipe\gecko-crash-server-pipe.220" 4968 2bbe5884658 tab
    3⤵
    PID:5076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.5.282210926\434476941" -childID 4 -isForBrowser -prefsHandle 4952 -prefMapHandle 4620 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fa22bc2-a7be-4510-ab0a-68afba6002df} 220 "\\.\pipe\gecko-crash-server-pipe.220" 4940 2bbe5884058 tab
    3⤵
    PID:1016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.8.1500535907\557871683" -childID 7 -isForBrowser -prefsHandle 2792 -prefMapHandle 2760 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57fbd9be-8ac8-40bd-af09-718857e0840c} 220 "\\.\pipe\gecko-crash-server-pipe.220" 5736 2bbdf4e9e58 tab
    3⤵
    PID:4400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.9.278736013\1877428268" -parentBuildID 20221007134813 -prefsHandle 3628 -prefMapHandle 3652 -prefsLen 27195 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d3f8075-580a-47cb-816d-debe3fa7dd67} 220 "\\.\pipe\gecko-crash-server-pipe.220" 4856 2bbe733b658 rdd
    3⤵
    PID:3148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.10.1956280558\616348815" -childID 8 -isForBrowser -prefsHandle 6072 -prefMapHandle 6068 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6c428be-6b73-44af-aa5a-0c5f5985e680} 220 "\\.\pipe\gecko-crash-server-pipe.220" 6080 2bbe744fd58 tab
    3⤵
    PID:2956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.11.1902605736\313103806" -childID 9 -isForBrowser -prefsHandle 6152 -prefMapHandle 5272 -prefsLen 27384 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34004470-ab62-4261-8a52-54e442202f3b} 220 "\\.\pipe\gecko-crash-server-pipe.220" 4484 2bbe58a2e58 tab
    3⤵
    PID:5060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.13.774083301\739837143" -childID 11 -isForBrowser -prefsHandle 6268 -prefMapHandle 6272 -prefsLen 27384 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {110ce016-2996-4e05-829c-cd9fd8879b2f} 220 "\\.\pipe\gecko-crash-server-pipe.220" 6264 2bbe8295858 tab
    3⤵
    PID:1404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.12.2063948991\404195696" -childID 10 -isForBrowser -prefsHandle 5216 -prefMapHandle 5192 -prefsLen 27384 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d40868e8-c76c-48ca-8c89-fc7ea4091587} 220 "\\.\pipe\gecko-crash-server-pipe.220" 5000 2bbe8292e58 tab
    3⤵
    PID:3800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.14.718136171\404847384" -childID 12 -isForBrowser -prefsHandle 5844 -prefMapHandle 5924 -prefsLen 27384 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed041e5a-c361-4920-afd4-435150b15bc4} 220 "\\.\pipe\gecko-crash-server-pipe.220" 5900 2bbe73f8a58 tab
    3⤵
    PID:1924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.15.718320731\1875570828" -childID 13 -isForBrowser -prefsHandle 5836 -prefMapHandle 5616 -prefsLen 27384 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {153491b7-a5fa-4f73-813b-3fa18c0f466f} 220 "\\.\pipe\gecko-crash-server-pipe.220" 4448 2bbe3d4fb58 tab
    3⤵
    PID:4360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.16.1670048574\742154437" -childID 14 -isForBrowser -prefsHandle 5448 -prefMapHandle 5444 -prefsLen 27384 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48526f7c-a287-425e-aeb6-d4297b52a24b} 220 "\\.\pipe\gecko-crash-server-pipe.220" 5420 2bbdf461e58 tab
    3⤵
    PID:3616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.17.1424780158\1701192521" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5460 -prefMapHandle 6788 -prefsLen 27384 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d595cf26-8091-4a97-99b7-7a50c199760a} 220 "\\.\pipe\gecko-crash-server-pipe.220" 6800 2bbe80ea558 utility
    3⤵
    PID:3644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.18.1675157006\151148592" -childID 15 -isForBrowser -prefsHandle 6728 -prefMapHandle 6752 -prefsLen 27384 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {310cd4b0-4ce7-4804-990e-0f06e4e70e33} 220 "\\.\pipe\gecko-crash-server-pipe.220" 6716 2bbe812cb58 tab
    3⤵
    PID:460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="220.19.172743309\589069698" -childID 16 -isForBrowser -prefsHandle 9832 -prefMapHandle 9836 -prefsLen 27384 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0f9516f-f53c-4aa3-b8b5-255da90b5ded} 220 "\\.\pipe\gecko-crash-server-pipe.220" 9812 2bbe96a6858 tab
    3⤵
    PID:2812

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
153KB

MD5
295b3e7422bf0e60f7a19e2339ef3779

SHA1
04ee61552736f612ae5dfa4be4c7a8f8ce13b3cb

SHA256
3aa60083116b8c0cee964da688e1efbac92e20d0c422e9a77317be5241877364

SHA512
e76454398b5e9d7f25d5fecbba80d62298591a8156ce15107f57e3a4853d8a11fa9e0f124c6149139f890d659f276d2b1ac480be42d268a711aaa1463069e51e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\1269

Filesize
15KB

MD5
de3cef8bb282a3e8dd7f87bdb3329f90

SHA1
b9ce07edff7b58d992ec8b95cff366dda552f51e

SHA256
7530bd2141fbbb4b439256cb428eaebcef5015847a2a5c5ebfb666daa5f1936c

SHA512
c2215350fa83a5435aa8ca61947fb51fb2897d88edb332f4b86b963abab5a4235bf55f1e4079792ac49459ee9146ab5feffbbff04d677337d314997773338f15

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25123

Filesize
8KB

MD5
9c63c99a1744f5ff84cefb685bcdd24c

SHA1
c231599e25d6b034e7a72eb1c0183870a76ef721

SHA256
d2c3630714d32731eee3fd216c142ccf0b42b57af6b3f21f1260e4de387b8a89

SHA512
a97c1846d2b17b5bf23a60333e74266c2f3209586149fdabdfa502857eacf15f1969ef7bd72f653b7abda40e5de6375d7967f9d6a0bd3d24404afe9130daa491

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\387BD88CC13D1D1559D64089BDE18AE54726516D

Filesize
26KB

MD5
b1cc6e4b198c6ac593f9977703cec8a9

SHA1
1b9f8a5d1fed76d79d54f7470a8efa7c53f8107c

SHA256
7dbaf0b8de54992e4335fd8e0fcfe87dea712ab3a279eb762f1562ed08840aef

SHA512
e381e161cd5766ab0a026e7e64ee8c496470943774655b8a3f3cfd2960fda5d7cbf1beb0dae9815b6d5d812362e484a30da9bf84a9b5e828264d6fd1434a2297

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\9ACE5AB45F1B9BEFC8D5BF86B4D122A8125D5D13

Filesize
33KB

MD5
dec659276eccf6c49f93c310a15c80d7

SHA1
493f71db3b5da9edaf631f3f6e82b4f6140053ce

SHA256
dfcce541346612814c880c8b71e218aa143b58d48ad78c965060e15562dc0e5f

SHA512
1987862bde59a75079bd010d8b6d127c0a33293c114e5c0c74b47dab7a3e3786eac6fa700d621258d41f5965e028a9795f8458127ae142553a7c98991c1527fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\jumpListCache\lSvf+NIet1XzQTD5eIbEJw==.ico

Filesize
598B

MD5
6343bc1dca21a8f96f4b84f6fae26211

SHA1
065302a8828ffc4af683c525a116587a0fa77d83

SHA256
38427ea346abb58d2d75a6eff89d085ecb7ab6cee3d0cf31e21b0ea0400827b3

SHA512
8b2f3acd93ffcf0acb676f2e293944598e82566b2fa7e6d32873f082c9de5f8e3e4fd0bc7f6f0401fa59b8a3849ad8f0ce371e1d15aac7d336729777e1a8e54d

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF772207B4B52A2BC8.TMP

Filesize
16KB

MD5
51c1b97d3c8f3dadb3fce5f5223bf44a

SHA1
5057ff44beed2b099bbe442543ac79d15dc9e7da

SHA256
d024dc4ad595868bb7d83d5ada393ac9a5d5a4391e0aca2bd287ee29f9fd4666

SHA512
a2c1186b5d3f7b2e2a49eab759dfecb7a6e992c8aa309e571bcd1b20aef67af04edad79bb791fd0ca8e321ce54aaee77f05de1246df6c74a76d88c4c7382c55e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
68f4b09e688ffd304028ea7b0d55faae

SHA1
e965b8d6e7b8e0db27a0defd720c7a84f930bd71

SHA256
fea4dbd70626a17680373038298346ca509c2f36cc310bf90e8f66b6ad4e85f7

SHA512
a6a6cb422317a78ee7b4e275dc753dd34cee1438fc095cd63c56ee084eedd9788e0b9a9b031d9716c29de1983b402e357ef900ce9a60fa9c34c8d0fb805f3749

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
0928f850457060880698a4fcaea02ae4

SHA1
856507626628f559c1fb2bc6938bb30f634366bf

SHA256
a1af8ed3740bf62ce9ee27136d5201ff16a7d826ee35085ca847ae37fa7d64b9

SHA512
4b59ccf3c7113dd6d0da8e1393489e209767561762402c9cbd9b83f4e3c830ace74c194f97db619ac5d9cd93ebcdd4d5f020f5a2a2d2779edbaa753e334705ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
b8eac350b3ebdec199caf16496add1d9

SHA1
b68d1cc251ea135c44e339ea21f2712203bc2ea4

SHA256
4ce6921462cc68bb0bf2a4cf2a94c4ff348ab3f88fac22b7e750627b15da0f39

SHA512
32077aaaf6aa5c2db174d61ebe08e9ea462bf437131b7af0fb866fd350dd607ed7ae4cd120317c2dba2ace41666648a5db756143bf8feb2d2fd30cd016e3553e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
ce9b3e9d4dddb75cfc6de429babe58bb

SHA1
00828023bf7806cd74dee406053778de15daebcc

SHA256
92365dce22b4611376f70cb6461125aec276c927c29501988e1eed1fc0506f9a

SHA512
85c66c8b4927618f07c041e613099472a6218566f2dc0abaaaf1a1e66bf6bbcfcd93f2e3572ad2dda4e4bb19f4d495841e396e7793401ca4f164bcba87c71574

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
f46772e06e805c4491ad2554201f1450

SHA1
72ba30d7601ecdaf3e4e6430e90a248d57924df6

SHA256
a7a1e8230fddeef292bb4a75ea783dca6d4d7937d4ce54b3f1f8e23285a822e0

SHA512
e166bd9bfc8d4a17925e514a0888fd48510ca6c70f8e8f7297d6b221e3754eb5b374f627967c79b8e4de7880cb69c9da99c6751c2f274f6f305a3b20e4bbef51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js

Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c7916177ec74fdb55325811109d9ca75

SHA1
6ebe04caeb53daae006987abaa243e638c0475d9

SHA256
21fea8036d978ad83fab146e4c3b89ef61cce280f8c34db02773a7789280c45d

SHA512
21721b692dd184c4a4888641f1cba10c65f0b4823e1ffb0bae901a26e763519f7419f478af241f287898bc0c0f97161021cd5f64cd5917b2e5514523f321ac94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
59e9fe860ce760b8cde62e22667b11dd

SHA1
97a57f0af3fab7abc37ec982d96578f09c9d2a32

SHA256
7040f4afdfd8c22c20db5b6c378180862199a3731642d71e47e4483979b8ac53

SHA512
9c4096210c2b96d775bc7b6875aa36e06b3288579bae1f095c1f0bee4cb9979b98b4092bfd36acc2971c2e181f22826b140a5c6503b13141a6ced8ebbaab3217

Download Submit