4e2b116b2b07be8dc60364d7f67855815d3761ca853809752eeed3e21b84799b | Triage

Analysis

max time kernel
12s
max time network
9s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 10:24

Sharing

Report Analysis Logs

General

Target

Samples/firefox.exe
Size

589KB
MD5

35bc361385c47db32e0ceeec5f132a3b
SHA1

431a3da4a9fb5054328c2e5a8ea260993ac7396c
SHA256

b52d5c780ea22dfd94c821feba507f35e43b3c3f4afbe3df69b12c929ab1894b
SHA512

b10e6bd794fb9ee751786b4d9dbe1474baaf8474b93fbb2f9827e4aab34b836df707fa9a60cb64e009e8f18c60264a8fed1382cc7d7961ce4df4c3e4a46bcb21
SSDEEP

12288:FNbPOCZeDscndmE0fWOzwHJem7OzwHJe0IhfsXn:FNjVeDsGL0fWkwpemIwpel0Xn

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

firefox.exe

pid process

3152 firefox.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

firefox.exe

description	pid	process	target process
PID 3152 wrote to memory of 2316	3152	firefox.exe	more.com
PID 3152 wrote to memory of 2316	3152	firefox.exe	more.com
PID 3152 wrote to memory of 2316	3152	firefox.exe	more.com

C:\Users\Admin\AppData\Local\Temp\Samples\firefox.exe
"C:\Users\Admin\AppData\Local\Temp\Samples\firefox.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3152

C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
2⤵
PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3152-0-0x0000000074890000-0x0000000075AE4000-memory.dmp

Filesize
18.3MB

Download
memory/3152-1-0x0000000074890000-0x0000000075AE4000-memory.dmp

Filesize
18.3MB

Download