hxxps://collegereaction[.]iad1[.]qualtrics[.]com/jfe/form/SV_eJcHY0KH1MQ9Xf0?Q_DL=flvRqjA1lFsyLtR_eJcHY0KH1MQ9Xf0_CGC_xAeoMSgITjc2138&Q_CHL=email

max time kernel
33s
max time network
36s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240418-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240418-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
27/04/2024, 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://collegereaction.iad1.qualtrics.com/jfe/form/SV_eJcHY0KH1MQ9Xf0?Q_DL=flvRqjA1lFsyLtR_eJcHY0KH1MQ9Xf0_CGC_xAeoMSgITjc2138&Q_CHL=email

Score

4^/10

antivm

Malware Config

Signatures

Changes its process name 64 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	gmain	1533	Process not Found
Changes the process name, possibly in an attempt to hide itself	gdbus	1539	Process not Found
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1540	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1542	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1542	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1542	Process not Found
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1548	Process not Found
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1548	Process not Found
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1547	Process not Found
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1547	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1546	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1546	Process not Found
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1545	Process not Found
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1545	Process not Found
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1544	Process not Found
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1544	Process not Found
Changes the process name, possibly in an attempt to hide itself	pool-firefox	1549	Process not Found
Changes the process name, possibly in an attempt to hide itself	pool-firefox	1550	Process not Found
Changes the process name, possibly in an attempt to hide itself	Timer	1543	Process not Found
Changes the process name, possibly in an attempt to hide itself	Timer	1543	Process not Found
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1552	Process not Found
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1552	Process not Found
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1554	Process not Found
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1554	Process not Found
Changes the process name, possibly in an attempt to hide itself	glxtest:disk$0	1555	Process not Found
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	1556	Process not Found
Changes the process name, possibly in an attempt to hide itself	Cookie	1557	Process not Found
Changes the process name, possibly in an attempt to hide itself	Cookie	1557	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1558	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1558	Process not Found
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	1560	Process not Found
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	1559	Process not Found
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1561	Process not Found
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1561	Process not Found
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1562	Process not Found
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1562	Process not Found
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1563	Process not Found
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1563	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1566	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1566	Process not Found
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1565	Process not Found
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1565	Process not Found
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	1564	Process not Found
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1568	Process not Found
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1568	Process not Found
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	1567	Process not Found
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	1569	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1572	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1572	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1571	Process not Found
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1571	Process not Found
Changes the process name, possibly in an attempt to hide itself	MainThread	1567	firefox
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1573	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1573	Process not Found
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1573	Process not Found
Changes the process name, possibly in an attempt to hide itself	Socket Process	1567	firefox
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1574	Process not Found
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1574	Process not Found
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1575	Process not Found
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1575	Process not Found
Changes the process name, possibly in an attempt to hide itself	Timer	1576	Process not Found
Changes the process name, possibly in an attempt to hide itself	Timer	1576	Process not Found
Changes the process name, possibly in an attempt to hide itself	Worker Launcher	1577	Process not Found
Changes the process name, possibly in an attempt to hide itself	Worker Launcher	1577	Process not Found

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/proc/cpuinfo	firefox

Reads CPU attributes 1 TTPs 14 IoCs

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	nautilus
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size	firefox
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size	firefox

Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus	gvfs-gphoto2-volume-monitor
File opened for reading	/sys/bus/pci/devices	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus	gvfs-mtp-volume-monitor
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent	gvfs-mtp-volume-monitor
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/uevent	gvfs-gphoto2-volume-monitor
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent	gvfs-gphoto2-volume-monitor
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/usb/devices	gvfs-gphoto2-volume-monitor
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent	gvfs-gphoto2-volume-monitor
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq	glxtest
File opened for reading	/sys/class	gvfs-mtp-volume-monitor
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent	gvfs-mtp-volume-monitor
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:05.0/usb1/uevent	gvfs-mtp-volume-monitor
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq	glxtest
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class	glxtest
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor	glxtest
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource	glxtest
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor	glxtest

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/filesystems	gvfs-mtp-volume-monitor
File opened for reading	/proc/filesystems	gvfsd-trash
File opened for reading	/proc/1599/cmdline	dbus-daemon
File opened for reading	/proc/filesystems	gvfs-afc-volume-monitor
File opened for reading	/proc/self/fd/37	firefox
File opened for reading	/proc/filesystems	xdg-desktop-portal
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/stat	firefox
File opened for reading	/proc/self/task/1761/stat	firefox
File opened for reading	/proc/self/fd/39	firefox
File opened for reading	/proc/filesystems	gvfsd-fuse
File opened for reading	/proc/1770/smaps	firefox
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/filesystems	dconf-service
File opened for reading	/proc/1719/smaps	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1757/smaps	firefox
File opened for reading	/proc/self/fd/49	firefox
File opened for reading	/proc/self/fd/52	firefox
File opened for reading	/proc/1651/smaps	firefox
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/filesystems	dbus-daemon
File opened for reading	/proc/filesystems	xdg-document-portal
File opened for reading	/proc/1640/cmdline	dbus-daemon
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	gvfs-gphoto2-volume-monitor
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/1609/cmdline	dbus-daemon
File opened for reading	/proc/self/stat	firefox
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/1911/cmdline	dbus-daemon
File opened for reading	/proc/sys/kernel/cap_last_cap	dbus-daemon
File opened for reading	/proc/self/fd/50	firefox
File opened for reading	/proc/1651/statm	firefox
File opened for reading	/proc/1701/smaps	firefox
File opened for reading	/proc/self/task/1781/stat	firefox
File opened for reading	/proc/1762/smaps	firefox
File opened for reading	/proc/1538/attr/current	dbus-daemon
File opened for reading	/proc/1719/statm	firefox
File opened for reading	/proc/filesystems	gvfs-goa-volume-monitor
File opened for reading	/proc/self/task/1570/stat	firefox
File opened for reading	/proc/self/fd/46	firefox
File opened for reading	/proc/self/fd/48	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/stat	firefox
File opened for reading	/proc/self/fd/32	firefox
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/stat	firefox
File opened for reading	/proc/filesystems	glxtest
File opened for reading	/proc/1621/cmdline	dbus-daemon
File opened for reading	/proc/self/task/1704/stat	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/1876/cgroup	gvfs-udisks2-volume-monitor
File opened for reading	/proc/self/fd/41	firefox
File opened for reading	/proc/self/fd/10	firefox
File opened for reading	/proc/1588/cmdline	dbus-daemon
File opened for reading	/proc/cmdline	dconf-service
File opened for reading	/proc/self/stat	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/stat	firefox
File opened for reading	/proc/self/fd/30	firefox

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/firefox/.parentlock	firefox

/usr/bin/firefox
firefox -new-tab "https://collegereaction.iad1.qualtrics.com/jfe/form/SV_eJcHY0KH1MQ9Xf0?Q_DL=flvRqjA1lFsyLtR_eJcHY0KH1MQ9Xf0_CGC_xAeoMSgITjc2138&Q_CHL=email"
1⤵
PID:1521
- /usr/bin/which
  which /usr/bin/firefox
  2⤵
  PID:1522

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -new-tab "https://collegereaction.iad1.qualtrics.com/jfe/form/SV_eJcHY0KH1MQ9Xf0?Q_DL=flvRqjA1lFsyLtR_eJcHY0KH1MQ9Xf0_CGC_xAeoMSgITjc2138&Q_CHL=email"
1⤵
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1521
- /usr/local/sbin/dbus-launch
  dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
  2⤵
  PID:1534
- /usr/local/bin/dbus-launch
  dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
  2⤵
  PID:1534
- /usr/sbin/dbus-launch
  dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
  2⤵
  PID:1534
- /usr/bin/dbus-launch
  dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
  2⤵
  PID:1534
- - /usr/bin/dbus-daemon
    /usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
    3⤵
    - Enumerates kernel/hardware configuration
    - Reads runtime system information
    PID:1536
  - - /usr/libexec/xdg-desktop-portal
      /usr/libexec/xdg-desktop-portal
      4⤵
      Reads runtime system information
      PID:1588
  - - /usr/libexec/xdg-document-portal
      /usr/libexec/xdg-document-portal
      4⤵
      Reads runtime system information
      PID:1594
  - - /usr/libexec/xdg-permission-store
      /usr/libexec/xdg-permission-store
      4⤵
      PID:1599
  - - /usr/libexec/xdg-desktop-portal-gtk
      /usr/libexec/xdg-desktop-portal-gtk
      4⤵
      PID:1609
  - - /usr/libexec/gvfsd
      /usr/libexec/gvfsd
      4⤵
      PID:1616
    - - /usr/libexec/gvfsd-trash
        
        /usr/libexec/gvfsd-trash --spawner :1.6 /org/gtk/gvfs/exec_spaw/0
        5⤵
        Reads runtime system information
        
        PID:1640
  - - /usr/libexec/dconf-service
      /usr/libexec/dconf-service
      4⤵
      Reads runtime system information
      PID:1632
  - - /usr/bin/nautilus
      /usr/bin/nautilus --gapplication-service
      4⤵
      Reads CPU attributes
      PID:1637
  - - /usr/bin/gnome-keyring-daemon
      /usr/bin/gnome-keyring-daemon --start --foreground "--components=secrets"
      4⤵
      PID:1866
  - - /usr/libexec/gvfs-udisks2-volume-monitor
      /usr/libexec/gvfs-udisks2-volume-monitor
      4⤵
      Reads runtime system information
      PID:1876
  - - /usr/libexec/gvfs-afc-volume-monitor
      /usr/libexec/gvfs-afc-volume-monitor
      4⤵
      Reads runtime system information
      PID:1882
  - - /usr/libexec/gvfs-mtp-volume-monitor
      /usr/libexec/gvfs-mtp-volume-monitor
      4⤵
      Enumerates kernel/hardware configuration
      Reads runtime system information
      PID:1888
  - - /usr/libexec/gvfs-gphoto2-volume-monitor
      /usr/libexec/gvfs-gphoto2-volume-monitor
      4⤵
      Enumerates kernel/hardware configuration
      Reads runtime system information
      PID:1894
  - - /usr/libexec/gvfs-goa-volume-monitor
      /usr/libexec/gvfs-goa-volume-monitor
      4⤵
      Reads runtime system information
      PID:1899
  - - /usr/libexec/goa-daemon
      /usr/libexec/goa-daemon
      4⤵
      PID:1903
  - - /usr/libexec/goa-identity-service
      /usr/libexec/goa-identity-service
      4⤵
      PID:1911
- /usr/lib/firefox/glxtest
  /usr/lib/firefox/glxtest -f 13
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1541
- /usr/bin/lsb_release
  /usr/bin/lsb_release -idrc
  2⤵
  PID:1553
- /usr/lib/firefox/firefox
  /usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20252 -prefMapSize 231436 -appDir /usr/lib/firefox/browser "{377970a5-739f-4b42-825e-7311c914cbb4}" 1521 true socket
  2⤵
  - Changes its process name
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1567
- /usr/local/sbin/dbus-launch
  dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
  2⤵
  PID:1578
- /usr/local/bin/dbus-launch
  dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
  2⤵
  PID:1578
- /usr/sbin/dbus-launch
  dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
  2⤵
  PID:1578
- /usr/bin/dbus-launch
  dbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr
  2⤵
  PID:1578
- /usr/lib/firefox/firefox
  /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 22645 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{772aa665-5629-44b5-9f9a-b173c2bc436e}" 1521 true tab
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1651
- /usr/lib/firefox/firefox
  /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 22313 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{6ccda6aa-8040-402e-808e-3dd7a5f21d13}" 1521 true tab
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1677
- /usr/lib/firefox/firefox
  /usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 22662 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{d2e67b18-dc94-4b99-9ae6-b84a841a41ec}" 1521 true tab
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1701
- /usr/lib/firefox/firefox
  /usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 28662 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{4d2e29e7-4d30-4837-9f8d-da0c33053162}" 1521 true tab
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1719
- /usr/lib/firefox/firefox
  /usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 29796 -prefMapSize 231436 -appDir /usr/lib/firefox/browser "{adb98825-96ec-40cb-9b36-b31741b79706}" 1521 true utility
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1756
- /usr/lib/firefox/firefox
  /usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 27904 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{e02519e0-297e-4a68-a85a-9f5b8815c9a2}" 1521 true tab
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1757
- /usr/lib/firefox/firefox
  /usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 27904 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{bb451ed9-c76b-492a-aebb-fe08c1d6bd70}" 1521 true tab
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1762
- /usr/lib/firefox/firefox
  /usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 27904 -prefMapSize 231436 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser "{f6aad979-12a4-436d-bed9-1fe97d4aa3c3}" 1521 true tab
  2⤵
  - Reads CPU attributes
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1770

/usr/libexec/gvfsd-fuse
/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes
1⤵
- Reads runtime system information
PID:1621

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.cache/dconf/user

Filesize
2B

MD5
c4103f122d27677c9db144cae1394a66

SHA1
1489f923c4dca729178b3e3233458550d8dddf29

SHA256
96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7

SHA512
5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54

Download Submit
/root/.dbus/session-bus/4816dd152e8c48ff97e9117d197c13d8-0

Filesize
466B

MD5
2be779381635ae81b1736ecd839e3bc2

SHA1
33cd95ad8ab88246b3b790abbf4753d408d79485

SHA256
9cb376ad0a948b617dcb4d6a6c399d2ee0851f6f34dea21ebd26fdcce7ffe539

SHA512
e64b588422fd76cdc0aa97e52d9cf61720847b2d18963c33334bac6f002a458d5d6c2ae99c76ab03d6183061058fdb39a54e2bf315c8b345aa0ddcf74736891b

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads