hxxps://file[.]io/TLCGzmjUIHos

Analysis

max time kernel
91s
max time network
80s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
22-05-2024 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://file.io/TLCGzmjUIHos

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\c03ae5259a0e39b573f623202921a0cc36009b0b43d47b87d302f6c45c650590.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

firefox.exe7zG.exe

description	pid	process
Token: SeDebugPrivilege	3560	firefox.exe
Token: SeDebugPrivilege	3560	firefox.exe
Token: SeDebugPrivilege	3560	firefox.exe
Token: SeRestorePrivilege	5520	7zG.exe
Token: 35	5520	7zG.exe
Token: SeSecurityPrivilege	5520	7zG.exe
Token: SeSecurityPrivilege	5520	7zG.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

firefox.exe7zG.exe

pid process

3560 firefox.exe
3560 firefox.exe
3560 firefox.exe
3560 firefox.exe
5520 7zG.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

3560 firefox.exe
3560 firefox.exe
3560 firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

firefox.exe

pid	process
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe
3560	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3660 wrote to memory of 3560	3660	firefox.exe	firefox.exe
PID 3660 wrote to memory of 3560	3660	firefox.exe	firefox.exe
PID 3660 wrote to memory of 3560	3660	firefox.exe	firefox.exe
PID 3660 wrote to memory of 3560	3660	firefox.exe	firefox.exe
PID 3660 wrote to memory of 3560	3660	firefox.exe	firefox.exe
PID 3660 wrote to memory of 3560	3660	firefox.exe	firefox.exe
PID 3660 wrote to memory of 3560	3660	firefox.exe	firefox.exe
PID 3660 wrote to memory of 3560	3660	firefox.exe	firefox.exe
PID 3660 wrote to memory of 3560	3660	firefox.exe	firefox.exe
PID 3660 wrote to memory of 3560	3660	firefox.exe	firefox.exe
PID 3660 wrote to memory of 3560	3660	firefox.exe	firefox.exe
PID 3560 wrote to memory of 2900	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 2900	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 1688	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 3536	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 3536	3560	firefox.exe	firefox.exe
PID 3560 wrote to memory of 3536	3560	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://file.io/TLCGzmjUIHos"
1⤵
- Suspicious use of WriteProcessMemory
PID:3660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://file.io/TLCGzmjUIHos
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3560

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.0.386475266\594256888" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1628 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1d1f9cd-3bba-406e-b61f-859d1e03b54a} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 1776 19cff4f1858 gpu
3⤵
PID:2900

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.1.698673869\1264805425" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8597deb-93dc-469e-abe3-cb4f169e71a4} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 2152 19c87cd1e58 socket
3⤵
- Checks processor information in registry
PID:1688

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.2.43925380\1459415063" -childID 1 -isForBrowser -prefsHandle 2876 -prefMapHandle 2872 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5a2f1d2-9e69-4757-9a71-c3e2786fe678} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 2888 19cff45a858 tab
3⤵
PID:3536

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.3.1853828100\1948709870" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c167bbfc-cb52-480a-8e47-07df89ada6ee} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 3568 19c8bccf558 tab
3⤵
PID:4544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.4.1083029883\1956449021" -childID 3 -isForBrowser -prefsHandle 4724 -prefMapHandle 4732 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64dd573c-d94c-48e4-a6ba-8688b3658daf} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 4748 19c8cc87b58 tab
3⤵
PID:1208

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.5.1497287529\1391307515" -childID 4 -isForBrowser -prefsHandle 4904 -prefMapHandle 4908 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0215bb81-22ec-4e47-8289-1bcf6ef48149} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 4896 19c8cec0c58 tab
3⤵
PID:4252

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.6.598762258\1676040495" -childID 5 -isForBrowser -prefsHandle 5096 -prefMapHandle 5100 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {627211f9-85d7-4e0c-87f9-a3912232f93a} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 5084 19c8cec0358 tab
3⤵
PID:1692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.7.63661377\101439647" -childID 6 -isForBrowser -prefsHandle 4856 -prefMapHandle 5512 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4cab3e0-59bc-4f14-918f-8d4b197bd0e4} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 4844 19c8e9dd058 tab
3⤵
PID:2356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.8.123244165\774157021" -childID 7 -isForBrowser -prefsHandle 9208 -prefMapHandle 9212 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01d0c624-500f-4674-af46-d179b2952644} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 9196 19c8f9b3c58 tab
3⤵
PID:3012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.9.105347540\1060620169" -childID 8 -isForBrowser -prefsHandle 9056 -prefMapHandle 9052 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c153a63-f3fb-44ff-8a39-5a7e3001ddaf} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 9676 19c8f9b1b58 tab
3⤵
PID:4112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.10.390199639\1914976640" -childID 9 -isForBrowser -prefsHandle 9068 -prefMapHandle 9064 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ef1535f-6134-4971-8004-cf8c38f3c9cf} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 9080 19c8f9b4258 tab
3⤵
PID:4420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.11.3066973\2049011389" -childID 10 -isForBrowser -prefsHandle 9268 -prefMapHandle 8840 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82d89df4-7d62-4b9f-903c-90f57ae10716} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 9880 19c89dca858 tab
3⤵
PID:4052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.12.719529460\1868715061" -parentBuildID 20221007134813 -prefsHandle 10136 -prefMapHandle 10140 -prefsLen 26464 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db8697b7-39ce-459f-a81e-6835101ac33b} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 10128 19c89dc9658 rdd
3⤵
PID:5192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.13.781204092\286605042" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 10060 -prefMapHandle 10064 -prefsLen 26464 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c406016-4914-46c0-90d3-8235e257d68b} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 10160 19c89dcae58 utility
3⤵
PID:5200

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.14.1219242509\1856547747" -childID 11 -isForBrowser -prefsHandle 8640 -prefMapHandle 8644 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e4fd5fd-4c63-4331-95ca-d627852c7a89} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 8624 19c9077a858 tab
3⤵
PID:5532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.15.1026104952\1820959609" -childID 12 -isForBrowser -prefsHandle 8388 -prefMapHandle 8392 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f09023b-dfaa-4466-82d0-556722795b9f} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 8420 19c90ecb658 tab
3⤵
PID:5756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.16.553795017\1286329293" -childID 13 -isForBrowser -prefsHandle 8244 -prefMapHandle 8248 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04dc54f3-7608-4805-af64-cdb98194434b} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 8264 19c90ecbc58 tab
3⤵
PID:5828

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.17.1380551445\2012647859" -childID 14 -isForBrowser -prefsHandle 8100 -prefMapHandle 8096 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2532a3f4-0cb7-42da-b565-a2d9f69a615d} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 8276 19c911a1658 tab
3⤵
PID:6116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.18.2138138544\1015520770" -childID 15 -isForBrowser -prefsHandle 7828 -prefMapHandle 7864 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d45babd3-2438-467e-9f53-a9be2931e4e5} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 7804 19c9195ac58 tab
3⤵
PID:5988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.19.324298447\1737993101" -childID 16 -isForBrowser -prefsHandle 7792 -prefMapHandle 7788 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {433a9975-abe6-419d-9141-1bd53a34d74e} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 7672 19c90cbba58 tab
3⤵
PID:5992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.20.1272630134\1731450241" -childID 17 -isForBrowser -prefsHandle 7496 -prefMapHandle 7492 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd7f54aa-05d4-4d0f-a6dc-78b0af327050} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 7500 19c91959d58 tab
3⤵
PID:6004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.21.1830928536\1905331151" -childID 18 -isForBrowser -prefsHandle 7128 -prefMapHandle 7124 -prefsLen 26464 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b54916f5-9f1b-4abc-aeac-98a1fe1131b4} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 7136 19c90a6ea58 tab
3⤵
PID:6708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.22.1131415376\1515018537" -childID 19 -isForBrowser -prefsHandle 6884 -prefMapHandle 6876 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f18bb211-552b-4f8b-a698-e1da1b77dfa9} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 6864 19c9077c958 tab
3⤵
PID:7132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.23.1286327042\1585662591" -childID 20 -isForBrowser -prefsHandle 7636 -prefMapHandle 2540 -prefsLen 26785 -prefMapSize 233444 -jsInitHandle 1004 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59e53a0c-8874-45cf-8906-9b65cd861c36} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 2536 19c883b5458 tab
3⤵
PID:7020

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6660

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap8407:186:7zEvent4569
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5520

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\10451
Filesize
7KB

MD5
4ae72bc851cb4f34c52b70167938eaff

SHA1
e232af9117fcb4d94e5babb6ccbb2cf97fbfd503

SHA256
65ecaf867cdbb0dc5096af4c17436ff0ee52e95cdbb4fb741b0e0644dc6d1292

SHA512
de96ff7e2daa7ceba443d2efc70df7f0d3b74265be5655530650e52ad0b059571cbe06feba981ba98d264737f2cd5a2d229b108b65c0181213e6d66563c9297a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\27695
Filesize
8KB

MD5
27c17ccc010e1251676c392823a48787

SHA1
a229bedfd67270ac8938f0c76e7ca218e85e85c6

SHA256
b6337ac3bbe96a68c327f51d60f030aed544cad7010cddd8830e7aa96a3863da

SHA512
b7be7aa502ddd807ec49638a2dc0ce7a37e9392a1b465bfb424f32bb5564ba4205ffd2e4e1fc92d47a7f293a05b48b3153fdc9c508f59aec7b1433d8139d70f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\3752
Filesize
8KB

MD5
c48c7d839c8dc6641176711e1fd61696

SHA1
a325e707b297f04d3ea7893d66f3cebc53d99b16

SHA256
cada5cc4db5a81ef17b21aa337690019d04c1ec602657d8bbb72802ee10bab84

SHA512
fc4e4d0c870d8267c820ee14c6a3c36a508e9ac202f825d20695ed12bf2793373ce74a3620adedc438b3ecf4cc38c2fc933ee680ee274bb556e19e3c6de89b96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\25C829FE176A61021A4D6FE1D76C4184C75729CB
Filesize
259KB

MD5
950d20a19e6cff50093089ab6988907a

SHA1
87ca22239adb75b10c1058b59420b09306e177b6

SHA256
07794af39a653f3677ff1ee0bdf31e303ad2c7f946e5f28e28de0e8aa960d446

SHA512
86900472a1e197668637b404c868b595460062a2ba6ec539c31f1e8ce020d1ae6ec5ec4cad75e4ab81f272f1d0a4b80a161a3affd0f6671bf788c504f418ccfb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\9D5C6A89DFD6F95BF4B430CD84AE972D9CFE0F6D
Filesize
57KB

MD5
177c2230c9f8d724972aa6c37b7d9267

SHA1
174d91b441853178304119298ffd1dad57cee7ba

SHA256
57712ee8d9bcfac30a6c7209a042458925e755fd23a04275b241b8371cba4139

SHA512
44127d98d4db3c0d7b03e2a21b5fc9881a0be2c92261f6b608445a3e26e81296cecda9a2b6439e9df1ee21b8c8479f5b22c0d6680797fef1d26bfc31a2d1794f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\B97D3557F7FB6D914414CD2D9D66059E5A353224
Filesize
137KB

MD5
b6dbffc2c9a215b23f7cceb79c79fd6b

SHA1
ae1f240176b78e62aaf323f0b034a5b398631b7a

SHA256
38614234d08a782218a00a1c3e5f9175b49845300634732fcd39b1db95c1c3f8

SHA512
715f46995d8dffe9299763c11d3408320a068414160644815699cdacc22767139b087af1236d4adec0ac1a81abc6d8eaedbe4bcfd54aeadb9870a5d6b3d98876

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\FA2083489969D30038DCF1A73D2A1DE76CE5D9FC
Filesize
192KB

MD5
b8160e5793fae192e698fb9649111587

SHA1
f967320fbc2c7c30fb36517e1a8b832d92799770

SHA256
e9442d883fad703c1e81002b9e6488b6b44163d1c2273038719dff6d40202200

SHA512
889556460dd5c4a8aaa6264bee2c0272e6d74012fd175f027efb131ff64500609a5c16c2276bacbf6511bd4787e6379afd105c6d98bb36a75179cd87f258d787

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin
Filesize
8KB

MD5
ac330be0443a17da09af8c7ef017d21e

SHA1
7d77861b3f92a5f8f2355ae515e0b45b211f7257

SHA256
c81f3e9c97e262197a82597663a44d4391d433e127e9c731a1aee7ae2794539c

SHA512
6bd5020bdd3730fda8f40297b2bc14eb95d98e4af93a6482ef52a3e6c0a3abde8009364adad7914ed5ba810258d0a233fa32e1b46e319bb34a6265e5e0fc1f7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\433e45f5-db46-411f-b51a-6bea7194b7ac
Filesize
734B

MD5
4a1ad15cf0a20ea5027e7c171c5b54eb

SHA1
5738b73f9c0d5c8c987f0147a616d0953222cc06

SHA256
e7ff2acca4c9dd1badfcedb313f3871538792d5e137a8511b21d31e31a42db6f

SHA512
a330f7eed8424f36c8619c4d15dc635f1d38ff1f8ddd888551f6e8c0242e1caa136c7a7cc16889700b954e50440700a5376cdbf40bbc289fbe5480f37cd6ed69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
Filesize
6KB

MD5
1bf66ded14d3fa6399d23d73c769ba15

SHA1
86deb7db3460539ba90d70e3634d844a05a86a2c

SHA256
20b0bb4d890c74e91321e3a92cc6a70fed79bea121e9b8050994bbce59eb6203

SHA512
b66a65fbf03e37e8f76e1caff629f038cd7d1c9e222c29cd8950d301f87a852df9d331d2bc8d9714f3860aa492de8f96566f35d34f9959699a17271dc1847993

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js
Filesize
6KB

MD5
af81de880d4d1b1e1ab4860face2c6d4

SHA1
dfafeb972c81ec5ec92e1f6684aa876b91df57f4

SHA256
debb6f5d407367a5b7473a9116af45754e846a58b60748482dc2884298f4db2d

SHA512
cb83228329adb5e55e8e93918c1f262841007da63f810ac354c29b6e064d73fea4b1bce6446dec5b3490ffd7a171faeceda96c08de65fb28d76d6401e18b1728

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js
Filesize
6KB

MD5
ed41c8808bd8bdeaf0b19b39fd7631b5

SHA1
cfa0038452317e9822b203e3ef5d97a173411534

SHA256
f9861036a58388a31a456f723194cef5248ab13e810cb368c2e07c0744c7a848

SHA512
f5c114829dce4bfe915188b75747a24cba6dfaa6726650f3d937484c1e30736bf2c97dac9763cc8612bcb7ca444b46a6cf3158c0e0d7e0637ebf6e2aeba8de37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
1aae5780091f586ba03ec34206ad57b1

SHA1
eee040b4ba27f05f1a727ec64a4fde6fa2336711

SHA256
c1170911b776eeffbae1c598b136fec9b9f9ef93b9fe208dab0a13439da2aeb5

SHA512
ed7a43e185598cbb8aa19a78bb4fd02b310d246f836b0b0cd21b19c1087853b318e07e832f48d75c6702a647939735b87231880f8ec8691ede07729d66024ae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
0d2bfecba91e446c56434106a752c3aa

SHA1
8d8d17c1b628442a0f8493bbc8e99cbb8ae643d5

SHA256
a50f0b3695b395dcd930afc148386942e1e79519609adeaa3e889b656f8910c8

SHA512
f63ab438e95cc327849586ce0dca29c75612f58167ede28e66ef37715df98b98a0c3fa37746cf57ba4a56ff67b42243947c69a15cea32bd356692649c46074e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4
Filesize
3KB

MD5
465d0f8772ceffccce84df2d2f59425e

SHA1
42b2456bce6a589c7f147e5fe037a014c57bc3ee

SHA256
23c94bb64e8339fedf85eadc59653dae308593387c893c74b945e6f7b3a3967f

SHA512
dd4309ead01e513a8bf6fbb0e9cca786354f63fb1af6331050064fa30466682adf49ab727f4b07dc27757e730c81278a1288e856bebe0e199db8246dcb0ee7e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
69cc4ce68ce55e681c368d219f32a10d

SHA1
28afdfa7d331fbb72dd993ecefea313f2799b446

SHA256
d4e13af44e4664821cf15715fbb0038aa5d3f03e3b7a15a7efd4745d77a4b8d2

SHA512
4b1a2f353f0d8e1efbd9f1deafc551fdde86bed7d32662d025640b67c3a9e71e0c635a3fdab10196eb32ef5870fb58a6973c8920c7f42adbbd537ffb18c399df

Download Submit
C:\Users\Admin\Downloads\c03ae5259a0e39b573f623202921a0cc36009b0b43d47b87d302f6c45c650590.DVMpW81X.zip.part
Filesize
13.9MB

MD5
b226da5012dc29410568daf82b2a87f2

SHA1
8bafce720ed617f73cd292489ec6e3be99d4b4bf

SHA256
8c9d7625713047a3cc7e1555d5fff5efc5a2472da00736c7ac46dfc20dbc2c82

SHA512
6147b39fb934927180b6a4ef542dc89e3130041df038b73a288f25ce243dd26cf43d17973adb19320c6f74858ef0d4ed5c8bed58707fe48624a5541a4c123eb9

Download Submit