Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    01/05/2024, 01:22

General

  • Target

    FirefoxReportLogs.exe

  • Size

    1.8MB

  • MD5

    ceef4762b36067f1d32a0db621ee967e

  • SHA1

    d23da38df6b0fca8c524b641c59c700a2338648e

  • SHA256

    efb6169bbb869a849afb91184a75b906fe509cbf6e672b6b4f3311c02343bbbb

  • SHA512

    6301871a95e48f2873b60c706757af38d956c895112f14c28eac4c4a83456a1acdf15d0a5b1cd35f267a4149dc78b2469c427bde6a1bf5aa99de51d5e824d1b3

  • SSDEEP

    24576:fMWohhojVlG981FE03Pb+Cp67LkDdlXUi+nNv3O5AcAQNwuWSfJST4HCLgCGT/TH:KhujVl6p8UiaAKRT4HCUN1

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FirefoxReportLogs.exe
    "C:\Users\Admin\AppData\Local\Temp\FirefoxReportLogs.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1512-0-0x00000000007E0000-0x00000000017E0000-memory.dmp

    Filesize

    16.0MB

  • memory/1512-13-0x0000000000400000-0x000000000060E000-memory.dmp

    Filesize

    2.1MB

  • memory/1512-14-0x00000000007E0000-0x00000000017E0000-memory.dmp

    Filesize

    16.0MB

  • memory/1512-20-0x00000000007E0000-0x00000000017E0000-memory.dmp

    Filesize

    16.0MB

  • memory/1512-28-0x00000000007E0000-0x00000000017E0000-memory.dmp

    Filesize

    16.0MB