hxxps://github[.]com/pankoza2-pl/MalwareDatabase-by-red-wipet/blob/main/Moscovium[.]zip

Analysis

max time kernel
335s
max time network
310s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/MalwareDatabase-by-red-wipet/blob/main/Moscovium.zip

Score

6^/10

bootkit persistence

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
86	raw.githubusercontent.com
88	raw.githubusercontent.com
83	raw.githubusercontent.com
85	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Moscovium.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Moscovium.zip:Zone.Identifier	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4956	Moscovium.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	3216	firefox.exe
Token: SeDebugPrivilege	3216	firefox.exe
Token: SeDebugPrivilege	3216	firefox.exe
Token: SeDebugPrivilege	4952	firefox.exe
Token: SeDebugPrivilege	4952	firefox.exe
Token: 33	3588	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3588	AUDIODG.EXE
Token: SeShutdownPrivilege	4956	Moscovium.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
3216	firefox.exe
3216	firefox.exe
3216	firefox.exe
3216	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
3216	firefox.exe
3216	firefox.exe
3216	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe
4952	firefox.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3216	firefox.exe
3216	firefox.exe
3216	firefox.exe
3216	firefox.exe
4952	firefox.exe
4956	Moscovium.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 3216	1124	firefox.exe	94
PID 1124 wrote to memory of 3216	1124	firefox.exe	94
PID 1124 wrote to memory of 3216	1124	firefox.exe	94
PID 1124 wrote to memory of 3216	1124	firefox.exe	94
PID 1124 wrote to memory of 3216	1124	firefox.exe	94
PID 1124 wrote to memory of 3216	1124	firefox.exe	94
PID 1124 wrote to memory of 3216	1124	firefox.exe	94
PID 1124 wrote to memory of 3216	1124	firefox.exe	94
PID 1124 wrote to memory of 3216	1124	firefox.exe	94
PID 1124 wrote to memory of 3216	1124	firefox.exe	94
PID 1124 wrote to memory of 3216	1124	firefox.exe	94
PID 3216 wrote to memory of 3656	3216	firefox.exe	95
PID 3216 wrote to memory of 3656	3216	firefox.exe	95
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 2376	3216	firefox.exe	97
PID 3216 wrote to memory of 4684	3216	firefox.exe	98
PID 3216 wrote to memory of 4684	3216	firefox.exe	98
PID 3216 wrote to memory of 4684	3216	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/pankoza2-pl/MalwareDatabase-by-red-wipet/blob/main/Moscovium.zip"
1⤵
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/pankoza2-pl/MalwareDatabase-by-red-wipet/blob/main/Moscovium.zip
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.0.1337321551\1920862105" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b680b38-e3d8-4982-ab37-2716e946adce} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 1948 1ef19303b58 gpu
    3⤵
    PID:3656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.1.1684087935\1500626164" -parentBuildID 20221007134813 -prefsHandle 2360 -prefMapHandle 2348 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d147008a-8f14-46a1-b905-10f1537b90d1} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 2372 1ef18105058 socket
    3⤵
    - Checks processor information in registry
    PID:2376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.2.1541698829\711220284" -childID 1 -isForBrowser -prefsHandle 3220 -prefMapHandle 3216 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2843a775-588f-4272-b3ef-67a9b7756efa} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 3232 1ef1c2a4e58 tab
    3⤵
    PID:4684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.3.1312588941\528581458" -childID 2 -isForBrowser -prefsHandle 4080 -prefMapHandle 4076 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f0a714d-c0c0-4f50-885d-95a703da3462} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 4092 1ef04562558 tab
    3⤵
    PID:5104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.4.825948572\112611464" -childID 3 -isForBrowser -prefsHandle 4352 -prefMapHandle 4800 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bb78094-2a1e-4302-af30-8379e5e0e708} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 4816 1ef19a51f58 tab
    3⤵
    PID:984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.5.825252018\1459099053" -childID 4 -isForBrowser -prefsHandle 4308 -prefMapHandle 4364 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {229abb55-d87a-4856-afff-ef81e39cf94c} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 4836 1ef19a52558 tab
    3⤵
    PID:2160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.6.1171483702\667986166" -childID 5 -isForBrowser -prefsHandle 5248 -prefMapHandle 5108 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e12de3c-86ba-4a6e-ad8b-83bd542ef86e} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 5252 1ef19a50a58 tab
    3⤵
    PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4120 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:5928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4280
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.0.1240163789\1906689753" -parentBuildID 20221007134813 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 21138 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e09c00d6-8ff6-4fab-b951-96a1e7efe7c1} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 1836 28c395fcf58 gpu
    3⤵
    PID:5668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.1.31731895\1244512213" -parentBuildID 20221007134813 -prefsHandle 2188 -prefMapHandle 2184 -prefsLen 21138 -prefMapSize 233536 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e66a9a99-882f-4733-b97e-870a9db9db2a} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 2200 28c25adc158 socket
    3⤵
    - Checks processor information in registry
    PID:1768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.2.1326528966\777076504" -childID 1 -isForBrowser -prefsHandle 2772 -prefMapHandle 2872 -prefsLen 21599 -prefMapSize 233536 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d01b090-29dc-4fca-9f6a-ce1e245d40d4} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 2796 28c3d09f858 tab
    3⤵
    PID:5328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.3.2024106953\1262645792" -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 26777 -prefMapSize 233536 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f305dbf-5523-48fc-b68f-dcf9836e8d83} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 3680 28c3e097f58 tab
    3⤵
    PID:5336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.4.1170271241\901186990" -childID 3 -isForBrowser -prefsHandle 4588 -prefMapHandle 4584 -prefsLen 26836 -prefMapSize 233536 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fe17a47-475f-4dc6-adec-2aff49ba1d86} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 4608 28c3f692358 tab
    3⤵
    PID:5312

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4280

C:\Users\Admin\Downloads\Moscovium\Moscovium.exe
"C:\Users\Admin\Downloads\Moscovium\Moscovium.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4956

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x2f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
f8b3b28b006a8c5730e7b6c328b754e9

SHA1
9ea09289194b3aabafb59103e7efbb6f7a748544

SHA256
7eba8bd2db780381c6bbf9b52c3b9f25717e053a797059bfd76dc1cac6315ea3

SHA512
ffaa7b40ff7c7595fc0a52378632d8324d7a758f3f2e9f8998e3ef067b2052f361b4cafe076cb69c5010051c603b18fb80d57760b858a9999749440b5d9888d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\5783CA0EC6FA2BE4C0035FD439D5F0B9DFD7E372

Filesize
47KB

MD5
c1af2f1183d01c619152c0984fe44c3a

SHA1
0f7b0697bdb8ee9bfabb0a51a1ee42146b0cf4a8

SHA256
017a4e862473c32636b831011ec10c4298113216843ca4b171b21c8fbc4f24f4

SHA512
ede181230a170e62414c773f585aea4fd1efc68afcfbe5942a1e7b91f0057376c283f1b403a8c3216d7f42e35b9546ba97d6c8bad872cf278fc8caf91425ce6e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
9KB

MD5
95809ec7e6bfc8336b3a1b7f61b56b18

SHA1
f638848ff9d6fa854109465e7c47d6af8524c20c

SHA256
87e5c22a7810e9172ccb7c2a16783867400ab248d096bead3bb5512adbf7aa23

SHA512
b4e0bf4e1829a210aa2f6af91191cf1169d131d2aade9d955d78f2932e6885d47f39da9495a6a50cfd274d7b85a1f4d736ded3a942c55964986de03f594265d8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

Filesize
13KB

MD5
8078e9d99c53d3bd9d95d06ee31aceef

SHA1
77ae2b19e0ce38fe8c2936a7bdc91bbf891b24d5

SHA256
96ab9352936aae41ed3baf0fc28378ce2ca51ca808473388893de81fcebb6b17

SHA512
b8487ee9088d2ab75c98929d6969f3dad890244c198da2dc76d46340e08e8a89917070ffe602525f2e5b26c40e382b928737648ffefc8dd205d42cdf0ccc8ffd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\startupCache\scriptCache-child.bin

Filesize
458KB

MD5
ecc75f6374fe4c127eabaf6ba184bf8f

SHA1
fcb9bfce7df6533dd18dc516f262b5907d08cd40

SHA256
c7d9559755cf0059c53582443c969d6293545163a3c84096d9f75170ce471315

SHA512
ff5c5dc043bf0078adf070cbe68f0d1d54102681273df6cc6ba0d01d3a067ba150edb5e00f7c9d44241a31c1478b97820b593abb4535e4452ffb455660ea49b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\startupCache\scriptCache.bin

Filesize
7.8MB

MD5
07647606b1eceb020b3de5ef12090cee

SHA1
541baf037efeb39bd13c48a003abf708b15f7601

SHA256
afeb7ae043e2146d2a5b171162d983a4437c2739e59b10532206ad4067eaad84

SHA512
b9295415c6bc6648334d2a968cc3081d43bdcb25b6d30ee8499355008529cec23e3283efa450e73301ccc4e6c789884d275e7dcf59966f0f3a3b3e6a79a5a5ce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
5bf35692daf40cf6455977cc56212cab

SHA1
03232e5e66d74f3c1358a6b1d45e5d868ce66f08

SHA256
751c25c850e46c89f51db22183e14a749bc39a386a9a91fc5ac21bee0ceb6242

SHA512
d1fea7c6a8b4dc7f3b385db34e1d9fc87b9a70a6bbf9a8e9e7a9d6434a64b6f587de75540a505cef27047f56d857b96b2c71b8253279dac649dc3bf4881a1bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\SiteSecurityServiceState.txt

Filesize
575B

MD5
cdd494e3c47e75c5e9897ed5d1dcda4c

SHA1
b6a894fcff31fcb622941896759ca0b80f5873c8

SHA256
ba1d540ee8790d83e404c863e8e77e8302ab9161d5d817752fd8016a548aec98

SHA512
c2ee851a06f99c58d3c1142864cacb88246f58643874270650a3c3b6bb56128aac44201cbac06c62a9e9dca5750a16680e69e58e83ed442f05f025752cb37791

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
eefc565b30b1f565871b93b959013afa

SHA1
5d8aad289d0896a37e2797607071f32118363bd5

SHA256
9b2c48678582b72ec0a97b0420841792ffda6e7c9f2da1b01c119d4e55360400

SHA512
5c0376446b65bea560c246677c470f72a4132bc68ba9b0f93bf3b98ef07734345160215b9e8d22b8a5423ffdcb90c56c65d2877b36e229c47e46139259019077

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\cert9.db

Filesize
224KB

MD5
199bd118458389f2f53ca1f91b98059a

SHA1
efa80ae2fd0cd74772f751ba5ced625b7b514c22

SHA256
64ffd754e3485cbf5f3c0e4efe9692b2d72ea7444f6acc81d22e3704af088e4a

SHA512
72d2e0da541680b51b8e262aa5736ae7c139d6915d556295f3ed583df17c72b82237169c9690a363cc3ca08a2e49433f71832202e877e07b93c6788722c694ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\cookies.sqlite

Filesize
512KB

MD5
48fafb434f74f29d2330a82fd8ddbf76

SHA1
72fd08b5db4e80ec9fb216b0f1ccaa4c90e432cd

SHA256
3844584e868260f1e9a0c1ceed2cb4bfee84d1a487f9f013502b46db24c06443

SHA512
54e139a48a44ce2aec092648bcb8dde8ac577b0544930f33e018f59cad968e54567a6556db71d6e017a6b9b53840a671b5dbe9cb2ebbf3a3c1d2ed1086465409

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
3KB

MD5
f879a0191d3f853212558f4048a148e7

SHA1
39ca26b4b8c9f596d65d68fe397812cc11159748

SHA256
1502aee1fc9c50a9cfb83bad89a348ef0471d703534c9f9e760caf5d138907a9

SHA512
b8583ea4d2c4faf56e2af4326eb1126c418efb127c5b5adb3cfd65dccbe7c5bfbe6b8f6a3b705d7b52f7cfaabdab9dd3fdf17d78bc1d451cd8ecf7749bc9376e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
1ddae72dd734323309d34a56bd95a36e

SHA1
688501a7827ab4257e7a0adc66c2a8f9bca3d351

SHA256
9a28009593644a79bf52d1f117d683032a8ea6bd9ed03140c43dd4f1a91a1497

SHA512
1d89a3739b75e9dc50943f8b8037871bf8eeb2d3a1ffc18a60272f09d7cf9abc275e1e69f1efe60a2987dc60381ae8745648f5c0c7387c01e13973e57bf627e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
5KB

MD5
afb74814901780812962cfec0814e793

SHA1
d0525278918888af924b955cff172d802ec397ef

SHA256
9a2e70bc372c4b328528269d95712ce9cbdb3af273ffd72c6b55159b9015708a

SHA512
57bc24eb3b8759277945143e36c121107cbc826d2db09e4a34dc8d152ac93970a56d6cf4498acee173cfee69f1ad9f7afb7eaf24133ed6dd3e1e867d9c75a68c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\4a90e8a8-ce62-4b2a-a134-e9a4df0a2e66

Filesize
746B

MD5
753f5253c21b628dba4484e4db2391e2

SHA1
7ebda740568cff9af9d051a1528d8994aa0e96fe

SHA256
a7cb1d44fb0e8899a3a106bac992ce164384eac5217baf734cf76722f17791ad

SHA512
ab7d984ce193399a3ed9de7483d2560d9fb44e0ecacdaf34217fe219ee85a3aee0ab26f56f9daac1523193454f33777b8b54dadafd980a5db42059baace487fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\6a948fd6-8ed7-493a-9ac2-ae56cc950c8a

Filesize
779B

MD5
dae8594f0a918d989af660af4c406783

SHA1
1e58ad06774a705c8fbeccd6b7ebedc892901f18

SHA256
1ed9b79cc0a9153a9357a9bf701367b890bfa927fa546a15af517d2365b2b111

SHA512
169c165a88e7d790414f1f35ae138905bb3d53dca4916872e45d4f1bbe2b20a557c0477870c5c94152630a3127384cdf66e81b64b260102ab4f68ef173c0acf0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\8d551153-be8c-4dc6-95b7-3785d96625a6

Filesize
11KB

MD5
0576b9bac61ed41c4774fed825852b2f

SHA1
bb8674a6d6ea206b39823a522056db7720bfe93d

SHA256
451ad830c302a8084dbba4596c05ae4b30e78f7984d59cc5d3f144688b64bec8

SHA512
e899bf92564c9c45b91b5ea09ff34e3fb039ed22c42d21857c0ca8263b313c09de18182c3c7a51677524293122b8a5280912c509f17286396a7fb071995d9581

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\favicons.sqlite

Filesize
5.0MB

MD5
c803c52d1b5575750d621bd9c55b0a51

SHA1
00d87137741e77a20b0e80070d8bbbe1521ef53f

SHA256
347197926011aa98587f69bfc8eac3fad84da4e7bb163d188367955928c3b46d

SHA512
9947bdbcce339a9895c9153a5f025e51d8711be3b790055da68e2b88e0e3757ba99809812bff441cde2696ac23d113f5f3238a8587f6e2a51aede5f64c99f973

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\permissions.sqlite

Filesize
96KB

MD5
24e5c2f48bca7766e9266c9d984505c5

SHA1
8452224c7e8bbb2fdb9d1d924fb10655d0aae18b

SHA256
d6f8fe0929661c6cf4f846bc0645badac4fd00ea1a32d9368658b165460c624c

SHA512
dd455c471b0facabd4f31a343409295a78a75645b525a36662650e19ed11fb9e8c4f8f9f3ca38e20100c26d3930293122d364e16fbf61ba5afc1e1f955a83f72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\places.sqlite

Filesize
5.0MB

MD5
12df46a37cd8926b71f224ecc96eb6e0

SHA1
4498216ffdc8ae9a8b54f8ee264f981af65ba5d9

SHA256
aed557bbcfc408f8f3b363826f01fceefa7f224964de15ab06f5f440c22b141a

SHA512
32362d01ee686f204272a0979627e49d4c02dfe8e051424d43b61f25ae7182d81fffc54288c91d0084166e548dbf4389352743cd21d98eafd877244d8529ca8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
68c922412d96c48b7ec058297a291d5f

SHA1
11618b2d0e99b6208053d74f6ef147a89d6ecc75

SHA256
6717d1e0fe9b978e954614fc29b277961fa66c63c915153de7ed5e435104a5a7

SHA512
5527d42295f7baba505ea4b1d3d52921d8e8ffe480147bade9da8776f507b49a009b6d996555ac6542eee422e037e931d456d542dd863493c91af8d2c1b8d25b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
470d565a7f7ce33848f01e5b291c84ac

SHA1
04a7c6dcafd5b3c4f43d71abbac62b90b66c470a

SHA256
94570eb7fbf1097680911299018274abc52ba28b7636ce5924893908ec6b3ea1

SHA512
31e3ef1d50fe9b06af087e283da934c215f0dbb5c5a9c2060465c14274eb1ccde0c52407d7763983a7cf4c4c879d1103295e4aff59f93ca929779a64a93049a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
0c558fcb8d59fd83a00b3686f80393b4

SHA1
c952dd56793b1205b127489728c7c847aafe7a22

SHA256
d12dfafde2f726496fac73a1f775eca0035d65a0fc617393cdbb1d7d156a333e

SHA512
e16952a6c9377404f15ccaaf9f6f11e715713634aaeb0cbbc8185290a1e6530b5d184d1358cac733271c91c4665c814c4cdfa236e8ca5e917d7d498deec47dc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\protections.sqlite

Filesize
64KB

MD5
deeced8825e857ead7ba3784966be7be

SHA1
e72a09807d97d0aeb8baedd537f2489306e25490

SHA256
b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54

SHA512
01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json.tmp

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
2a4aabc1003b454e9148f9e3c70924f2

SHA1
40f7d936894333a01a8f159435f4f8f205beed1f

SHA256
bbc76203cbd06cd51d58d7a8b07e015accbb950eaab8dd0c5855a737ecea3326

SHA512
9ecf1c9e8a4f028768691a065d9437c07ea2a0c93a4a3a01996a2616bd325c3b5b44cb6559dbc735137c6e0b4b22ab03511dfc7bf354515e14d73b4127afaf7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
e7449af37325ed5b3c01f3f51a68b503

SHA1
73a3661962ea5bb0ce7253923fb9f636cbad8cf1

SHA256
93a9082845c174512357cbfbf69312c30e22da4572467550615d2522bd255db4

SHA512
e0129a65b8c34f56edd03594412891e8bd5ef483e2c303c05bb348bdda4e9cb527c3400f57f5b5e4e31728f914eb5feee70e17dc0cc97de187e8ac48951e13da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4

Filesize
446B

MD5
f20099d2641042bd30e0f2a2bda108dc

SHA1
2e89801d68b8f3ac0e49af986d6082dcca1c3592

SHA256
33021f1660981cfa30b3874aaa964db6f3b6755b1d34364bbcf0e1a10b33d2cd

SHA512
713f3f628afbef6e7d82e04fd22de97443fee0120b330ba73e69ea0360edbd923c6a9a44cd0afef11cdfb0693ac1f75fe777412f716d93ab36bf7e649ad6d2c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4

Filesize
2KB

MD5
543320ba7895cf536ab8c7be1402c6ff

SHA1
29ba857fc32a12a21e3ee0da74b79c1158011e4a

SHA256
6751e3ff1a26890f482dacb952267597afa5e959eb8bb00c8567d766c3440181

SHA512
877b91709f9b084df7c30eac0865f4647dc5bdd105f13b5e55235f23e8306a8f96cb0cf291091bfa0d824bddb9a74bdbcf94dab91818ce200cc614c04330df4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage.sqlite

Filesize
4KB

MD5
5448754ee7e7c26850313e56a9b741a1

SHA1
3218d49680f22364fb666aa8ce9e36bf693eefa6

SHA256
f9097d55201c53a6c5386b8ade7426ed4a9a30d776383b31d8dd07cf9eb00f9b

SHA512
d989b2352e6eb57dcf6ae6e78afd87bbec9d63beecbac5023291edfedb65595216f477d677e1b610ca2686df70c68ff42ed5bd904fa0f2c9fa15a68710b9cc4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
c15e66bf896929636935bb07116e4473

SHA1
8924fcff6d57090320c7edd7967df5d478fc982d

SHA256
8c565eb29ec57280ccb5d716553f9d7886cc8f920f800de4399c9dccbf035ad8

SHA512
50a0e031af610de011fb94ded8af13e18054bd71b6da37b5538b28db2c82759c291d748e5c52fe2b21c37ae35ded4b929c91ad3ca71bb85fa931ed0024e1c561

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
24fa8359f84703a98556dd813b93503f

SHA1
24b55919763bc9765f9f086be7b161d947f58d40

SHA256
ed0a13a805cebb3dd8eb08403a4189276d4efbd443479649d2ae488b16b7954d

SHA512
7ed89d393e7e1ebddce18fb1974ec45958c1b2299cf138a15013796a69c7d38391fad23aea99680961f6644e933630f0524d6d69e78145cf01bb67641d9bf2df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\xulstore.json

Filesize
217B

MD5
58e240288763218d12bf235d34e5aee2

SHA1
89135494b57f590011c09668dec3b90d2c5ee9ae

SHA256
615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176

SHA512
caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936

Download Submit
C:\Users\Admin\Downloads\fHXKG7XZ.zip.part

Filesize
305KB

MD5
26258d50bd6fd56488bf7a69f5e7e2e4

SHA1
60ce4f9e88327195efcae090aa6b3f7b959a6190

SHA256
6ff64093b8f0cd450d9985af37970191933b6338954d13dfc6b635c0b6c4b348

SHA512
bf27e566f0dec645cc92ab8f2ca5b6bc413e81461701f53475d72cc473cb6a0c58fc10ee7bf601bee493df58779420148b174a432734d27cd471cffb944ca13f

Download Submit
memory/4956-491-0x0000000000A00000-0x0000000000A9E000-memory.dmp

Filesize
632KB

Download
memory/4956-492-0x0000000000A00000-0x0000000000A9E000-memory.dmp

Filesize
632KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads