hxxps://c2hct122[.]caspio[.]com/dp/e857d00020dec1a10f6541f6a925

Analysis

max time kernel
0s
max time network
258s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
10/01/2024, 16:52 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://c2hct122.caspio.com/dp/e857d00020dec1a10f6541f6a925

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\Local Settings	firefox.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4548	firefox.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4548	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4548	firefox.exe

Suspicious use of WriteProcessMemory 61 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 4548	3752	firefox.exe	14
PID 3752 wrote to memory of 4548	3752	firefox.exe	14
PID 3752 wrote to memory of 4548	3752	firefox.exe	14
PID 3752 wrote to memory of 4548	3752	firefox.exe	14
PID 3752 wrote to memory of 4548	3752	firefox.exe	14
PID 3752 wrote to memory of 4548	3752	firefox.exe	14
PID 3752 wrote to memory of 4548	3752	firefox.exe	14
PID 3752 wrote to memory of 4548	3752	firefox.exe	14
PID 3752 wrote to memory of 4548	3752	firefox.exe	14
PID 3752 wrote to memory of 4548	3752	firefox.exe	14
PID 3752 wrote to memory of 4548	3752	firefox.exe	14
PID 4548 wrote to memory of 1324	4548	firefox.exe	17
PID 4548 wrote to memory of 1324	4548	firefox.exe	17
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19
PID 4548 wrote to memory of 4224	4548	firefox.exe	19

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://c2hct122.caspio.com/dp/e857d00020dec1a10f6541f6a925
1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.0.402159461\407847260" -parentBuildID 20221007134813 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec41a0e9-0930-4ebe-9dda-dc5425c78dd1} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 1856 20030bd5b58 gpu
  2⤵
  PID:1324
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.1.1812590541\1835633176" -parentBuildID 20221007134813 -prefsHandle 2240 -prefMapHandle 2228 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bfeccdb-3f56-40f5-9d96-5dbcb1d970c2} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 2252 20024972258 socket
  2⤵
  PID:4224
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.2.1303472628\25924022" -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2868 -prefsLen 21666 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65a23c15-93a3-44d3-b52f-6dff5bb89cab} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 2940 20035ddc458 tab
  2⤵
  PID:1356
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.3.333166248\1023714387" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cd5d5a2-3e35-42bc-80c8-cc2d10674f75} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 3532 20036d07658 tab
  2⤵
  PID:396
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.6.1319505193\844590711" -childID 5 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b66afa4c-ac05-428f-8804-06d2fde063bb} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 5284 20038245558 tab
  2⤵
  PID:2152
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.5.143018511\428475321" -childID 4 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {211d213d-d114-41a0-8edd-0c86aea6fa10} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 5100 20038244f58 tab
  2⤵
  PID:2464
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.4.2049603461\707152224" -childID 3 -isForBrowser -prefsHandle 4968 -prefMapHandle 4964 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {264dc724-5d49-4bfa-8bee-0b4637f5b1e4} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 4976 20038243a58 tab
  2⤵
  PID:1860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://c2hct122.caspio.com/dp/e857d00020dec1a10f6541f6a925"
1⤵
- Suspicious use of WriteProcessMemory
PID:3752

Network

DNS

content-signature-2.cdn.mozilla.net

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A
DNS

contile.services.mozilla.com

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

contile.services.mozilla.com

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A
DNS

c2hct122.caspio.com

Remote address:

8.8.8.8:53

Request

c2hct122.caspio.com

IN A

Response

c2hct122.caspio.com

IN A

52.54.182.160

c2hct122.caspio.com

IN A

34.196.31.55

c2hct122.caspio.com

IN A

3.219.5.82

c2hct122.caspio.com

IN A

50.19.70.60

c2hct122.caspio.com

IN A

3.225.54.254

c2hct122.caspio.com

IN A

54.236.149.198
DNS

c2hct122.caspio.com

Remote address:

8.8.8.8:53

Request

c2hct122.caspio.com

IN A
DNS

shavar.services.mozilla.com

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

52.24.152.80

shavar.prod.mozaws.net

IN A

34.213.155.5

shavar.prod.mozaws.net

IN A

44.239.151.67
DNS

shavar.services.mozilla.com

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A
DNS

shavar.services.mozilla.com

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A
DNS

push.services.mozilla.com

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

autopush.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

autopush.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
DNS

autopush.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA
DNS

firefox.settings.services.mozilla.com

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN CNAME

prod.remote-settings.prod.webservices.mozgcp.net

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

firefox.settings.services.mozilla.com

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

contile.services.mozilla.com

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

contile.services.mozilla.com

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

c2hct122.caspio.com

Remote address:

8.8.8.8:53

Request

c2hct122.caspio.com

IN A

Response

c2hct122.caspio.com

IN A

3.225.54.254

c2hct122.caspio.com

IN A

3.219.5.82

c2hct122.caspio.com

IN A

52.54.182.160

c2hct122.caspio.com

IN A

34.196.31.55

c2hct122.caspio.com

IN A

54.236.149.198

c2hct122.caspio.com

IN A

50.19.70.60
DNS

c2hct122.caspio.com

Remote address:

8.8.8.8:53

Request

c2hct122.caspio.com

IN AAAA

Response
DNS

shavar.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

shavar.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA
DNS

prod.remote-settings.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.remote-settings.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

shavar.prod.mozaws.net

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

52.24.152.80

shavar.prod.mozaws.net

IN A

44.239.151.67

shavar.prod.mozaws.net

IN A

34.213.155.5
DNS

styles.caspio.com

Remote address:

8.8.8.8:53

Request

styles.caspio.com

IN A

Response

styles.caspio.com

IN CNAME

d17mjlt2c5z7qs.cloudfront.net

d17mjlt2c5z7qs.cloudfront.net

IN A

18.64.119.29

d17mjlt2c5z7qs.cloudfront.net

IN A

18.64.119.110

d17mjlt2c5z7qs.cloudfront.net

IN A

18.64.119.40

d17mjlt2c5z7qs.cloudfront.net

IN A

18.64.119.2
DNS

styles.caspio.com

Remote address:

8.8.8.8:53

Request

styles.caspio.com

IN A
DNS

styles.caspio.com

Remote address:

8.8.8.8:53

Request

styles.caspio.com

IN A
DNS

160.182.54.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

160.182.54.52.in-addr.arpa

IN PTR

Response

160.182.54.52.in-addr.arpa

IN PTR

ec2-52-54-182-160 compute-1 amazonawscom
DNS

80.152.24.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.152.24.52.in-addr.arpa

IN PTR

Response

80.152.24.52.in-addr.arpa

IN PTR

ec2-52-24-152-80 us-west-2compute amazonawscom
DNS

d17mjlt2c5z7qs.cloudfront.net

Remote address:

8.8.8.8:53

Request

d17mjlt2c5z7qs.cloudfront.net

IN A

Response

d17mjlt2c5z7qs.cloudfront.net

IN A

18.64.119.110

d17mjlt2c5z7qs.cloudfront.net

IN A

18.64.119.2

d17mjlt2c5z7qs.cloudfront.net

IN A

18.64.119.29

d17mjlt2c5z7qs.cloudfront.net

IN A

18.64.119.40
DNS

d17mjlt2c5z7qs.cloudfront.net

Remote address:

8.8.8.8:53

Request

d17mjlt2c5z7qs.cloudfront.net

IN AAAA

Response

d17mjlt2c5z7qs.cloudfront.net

IN AAAA

2600:9000:2261:5c00:3:2951:bd00:93a1

d17mjlt2c5z7qs.cloudfront.net

IN AAAA

2600:9000:2261:2c00:3:2951:bd00:93a1

d17mjlt2c5z7qs.cloudfront.net

IN AAAA

2600:9000:2261:cc00:3:2951:bd00:93a1

d17mjlt2c5z7qs.cloudfront.net

IN AAAA

2600:9000:2261:7000:3:2951:bd00:93a1

d17mjlt2c5z7qs.cloudfront.net

IN AAAA

2600:9000:2261:8e00:3:2951:bd00:93a1

d17mjlt2c5z7qs.cloudfront.net

IN AAAA

2600:9000:2261:4000:3:2951:bd00:93a1

d17mjlt2c5z7qs.cloudfront.net

IN AAAA

2600:9000:2261:8800:3:2951:bd00:93a1

d17mjlt2c5z7qs.cloudfront.net

IN AAAA

2600:9000:2261:8000:3:2951:bd00:93a1
DNS

29.119.64.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.119.64.18.in-addr.arpa

IN PTR

Response

29.119.64.18.in-addr.arpa

IN PTR

server-18-64-119-29txl50r cloudfrontnet
DNS

aus5.mozilla.org

Remote address:

8.8.8.8:53

Request

aus5.mozilla.org

IN A

Response

aus5.mozilla.org

IN CNAME

balrog-aus5.r53-2.services.mozilla.com

balrog-aus5.r53-2.services.mozilla.com

IN CNAME

prod.balrog.prod.cloudops.mozgcp.net

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A
DNS

201.181.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR

Response

201.181.244.35.in-addr.arpa

IN PTR

20118124435bcgoogleusercontentcom
DNS

201.181.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR
DNS

ciscobinary.openh264.org

Remote address:

8.8.8.8:53

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

88.221.134.209

a19.dscg10.akamai.net

IN A

88.221.134.155
DNS

a19.dscg10.akamai.net

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

88.221.134.209

a19.dscg10.akamai.net

IN A

88.221.134.155
DNS

a19.dscg10.akamai.net

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:869b

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86d1
DNS

a19.dscg10.akamai.net

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN AAAA
GET

http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

Remote address:

88.221.134.209:80

Request

GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK

Last-Modified: Thu, 16 Nov 2023 07:38:17 GMT
ETag: 85430baed3398695717b0263807cf97c
Content-Length: 453023
Accept-Ranges: bytes
X-Timestamp: 1700120296.01123
Content-Type: application/zip
X-Trans-Id: tx83dabe2b359f4df0880f4-00655605b9dfw1
Cache-Control: public, max-age=73961
Expires: Thu, 11 Jan 2024 13:27:03 GMT
Date: Wed, 10 Jan 2024 16:54:22 GMT
Connection: keep-alive
DNS

prod.balrog.prod.cloudops.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA
DNS

prod.balrog.prod.cloudops.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA
DNS

209.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.134.221.88.in-addr.arpa

IN PTR

Response

209.134.221.88.in-addr.arpa

IN PTR

a88-221-134-209deploystaticakamaitechnologiescom
DNS

redirector.gvt1.com

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

3.1kB
12.0kB
31
24
34.117.237.239:443

contile.services.mozilla.com

tls

3.4kB
8.0kB
26
21
52.54.182.160:443

c2hct122.caspio.com

tls

12.1kB
98.6kB
74
104
34.149.100.209:443

firefox.settings.services.mozilla.com

52 B
1
34.107.243.93:443

push.services.mozilla.com

tls

2.3kB
7.2kB
15
15
34.149.100.209:443

firefox.settings.services.mozilla.com

tls

5.3kB
112.7kB
69
101
52.24.152.80:443

shavar.services.mozilla.com

tls

3.3kB
4.2kB
10
10
18.64.119.29:443

styles.caspio.com

tls

6.5kB
175.5kB
110
138
127.0.0.1:49748

firefox.exe
35.244.181.201:443

aus5.mozilla.org

tls

2.6kB
6.0kB
27
21
34.149.100.209:443

firefox.settings.services.mozilla.com

tls

1.7kB
5.4kB
16
13
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

2.3kB
11.8kB
26
25
88.221.134.209:80

http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

http

11.3kB
467.4kB
220
347

HTTP Request

GET http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

HTTP Response

200
34.117.121.53:443

tls

203.5kB
1.6MB
1753
1984
173.194.183.73:443

https

694 B
508 B
14
10

8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

287 B
354 B
3
2

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

contile.services.mozilla.com

dns

148 B
90 B
2
1

DNS Request

contile.services.mozilla.com

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239
8.8.8.8:53

c2hct122.caspio.com

dns

130 B
161 B
2
1

DNS Request

c2hct122.caspio.com

DNS Request

c2hct122.caspio.com

DNS Response

52.54.182.160

34.196.31.55

3.219.5.82

50.19.70.60

3.225.54.254

54.236.149.198
8.8.8.8:53

shavar.services.mozilla.com

dns

219 B
157 B
3
1

DNS Request

shavar.services.mozilla.com

DNS Request

shavar.services.mozilla.com

DNS Request

shavar.services.mozilla.com

DNS Response

52.24.152.80

34.213.155.5

44.239.151.67
8.8.8.8:53

push.services.mozilla.com

dns

281 B
366 B
4
3

DNS Request

push.services.mozilla.com

DNS Response

34.107.243.93

DNS Request

autopush.prod.mozaws.net

DNS Response

34.107.243.93

DNS Request

autopush.prod.mozaws.net

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

166 B
161 B
2
1

DNS Request

firefox.settings.services.mozilla.com

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

480 B
796 B
7
6

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239

DNS Request

contile.services.mozilla.com

DNS Request

c2hct122.caspio.com

DNS Response

3.225.54.254

3.219.5.82

52.54.182.160

34.196.31.55

54.236.149.198

50.19.70.60

DNS Request

c2hct122.caspio.com

DNS Request

shavar.prod.mozaws.net

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

309 B
131 B
3
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

445 B
583 B
6
4

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Request

shavar.prod.mozaws.net

DNS Response

52.24.152.80

44.239.151.67

34.213.155.5

DNS Request

styles.caspio.com

DNS Request

styles.caspio.com

DNS Request

styles.caspio.com

DNS Response

18.64.119.29

18.64.119.110

18.64.119.40

18.64.119.2
8.8.8.8:53

160.182.54.52.in-addr.arpa

dns

590 B
1.1kB
8
7

DNS Request

160.182.54.52.in-addr.arpa

DNS Request

80.152.24.52.in-addr.arpa

DNS Request

d17mjlt2c5z7qs.cloudfront.net

DNS Response

18.64.119.110

18.64.119.2

18.64.119.29

18.64.119.40

DNS Request

d17mjlt2c5z7qs.cloudfront.net

DNS Response

2600:9000:2261:5c00:3:2951:bd00:93a1

2600:9000:2261:2c00:3:2951:bd00:93a1

2600:9000:2261:cc00:3:2951:bd00:93a1

2600:9000:2261:7000:3:2951:bd00:93a1

2600:9000:2261:8e00:3:2951:bd00:93a1

2600:9000:2261:4000:3:2951:bd00:93a1

2600:9000:2261:8800:3:2951:bd00:93a1

2600:9000:2261:8000:3:2951:bd00:93a1

DNS Request

29.119.64.18.in-addr.arpa

DNS Request

aus5.mozilla.org

DNS Response

35.244.181.201

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Response

35.244.181.201
8.8.8.8:53

201.181.244.35.in-addr.arpa

dns

146 B
126 B
2
1

DNS Request

201.181.244.35.in-addr.arpa

DNS Request

201.181.244.35.in-addr.arpa
8.8.8.8:53

ciscobinary.openh264.org

dns

271 B
508 B
4
3

DNS Request

ciscobinary.openh264.org

DNS Response

88.221.134.209

88.221.134.155

DNS Request

a19.dscg10.akamai.net

DNS Response

88.221.134.209

88.221.134.155

DNS Request

a19.dscg10.akamai.net

DNS Request

a19.dscg10.akamai.net

DNS Response

2a02:26f0:a1::58dd:869b

2a02:26f0:a1::58dd:86d1
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

164 B
2

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Request

prod.balrog.prod.cloudops.mozgcp.net
8.8.8.8:53

209.134.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

209.134.221.88.in-addr.arpa
8.8.8.8:53

redirector.gvt1.com

dns

65 B
1

DNS Request

redirector.gvt1.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request