21ed5d1df342b9e180c0e9ac5ab8d72aeb9e1ce70a0f90bd87198b136f169b06

Resubmissions

23-05-2024 09:55

240523-lx9t7sce43 1

23-05-2024 09:54

240523-lw9g2sce4t 7

23-05-2024 09:27

240523-lerkxabh99 7

Analysis

max time kernel
129s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
23-05-2024 09:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

oraxen-1.166.0.jar
Size

3.3MB
MD5

40749750084a4c61e0cb77d651629815
SHA1

1ad2459615ad3f1d9a81a1ac0b842cf4e6154600
SHA256

21ed5d1df342b9e180c0e9ac5ab8d72aeb9e1ce70a0f90bd87198b136f169b06
SHA512

91e58141cd3aadeeb66c695881ed63341179f6f5adc8b3e3b1eed5af6c4f124ca11194505fab38cf97ce60b3fc1656d5ec0bb7a1ca2cf9eb163571205e8ac5c7
SSDEEP

49152:b3/pSLJqlqansp2zr7Wwc2+rLiohlqnbwPgq2zvwqBflgtwA6VOgneLlD7nSC9:bhSLeq2spQSG+/DvPwrveTLlXT

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2380	icacls.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3032	WINWORD.EXE
3032	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4976	firefox.exe
Token: SeDebugPrivilege	4976	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4976	firefox.exe
4976	firefox.exe
4976	firefox.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
3032	WINWORD.EXE
3032	WINWORD.EXE
3032	WINWORD.EXE
3032	WINWORD.EXE
3032	WINWORD.EXE
3032	WINWORD.EXE
3032	WINWORD.EXE
3704	MiniSearchHost.exe
4976	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 2380	3664	java.exe	79
PID 3664 wrote to memory of 2380	3664	java.exe	79
PID 4876 wrote to memory of 4976	4876	firefox.exe	95
PID 4876 wrote to memory of 4976	4876	firefox.exe	95
PID 4876 wrote to memory of 4976	4876	firefox.exe	95
PID 4876 wrote to memory of 4976	4876	firefox.exe	95
PID 4876 wrote to memory of 4976	4876	firefox.exe	95
PID 4876 wrote to memory of 4976	4876	firefox.exe	95
PID 4876 wrote to memory of 4976	4876	firefox.exe	95
PID 4876 wrote to memory of 4976	4876	firefox.exe	95
PID 4876 wrote to memory of 4976	4876	firefox.exe	95
PID 4876 wrote to memory of 4976	4876	firefox.exe	95
PID 4876 wrote to memory of 4976	4876	firefox.exe	95
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 3820	4976	firefox.exe	96
PID 4976 wrote to memory of 1564	4976	firefox.exe	97
PID 4976 wrote to memory of 1564	4976	firefox.exe	97
PID 4976 wrote to memory of 1564	4976	firefox.exe	97
PID 4976 wrote to memory of 1564	4976	firefox.exe	97
PID 4976 wrote to memory of 1564	4976	firefox.exe	97
PID 4976 wrote to memory of 1564	4976	firefox.exe	97
PID 4976 wrote to memory of 1564	4976	firefox.exe	97
PID 4976 wrote to memory of 1564	4976	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\oraxen-1.166.0.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:2380

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4008

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3704

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:8

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.0.1337463582\898428022" -parentBuildID 20230214051806 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef145437-ab21-434b-9286-4a2b37377d02} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 1832 16c5921fe58 gpu
    3⤵
    PID:3820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.1.908084002\244749934" -parentBuildID 20230214051806 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97f79151-0fff-4050-8ef6-b34b99e0db75} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 2356 16c4c589358 socket
    3⤵
    PID:1564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.2.1201885280\1391943748" -childID 1 -isForBrowser -prefsHandle 2896 -prefMapHandle 3008 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eab3c477-7214-4dd8-83fe-46966389a293} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 2992 16c5bbe5858 tab
    3⤵
    PID:4340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.3.1176322568\1341529906" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b261603-3e64-471d-83fd-519f85b1926c} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 3580 16c5e775a58 tab
    3⤵
    PID:2344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.4.994494190\467206432" -childID 3 -isForBrowser -prefsHandle 5144 -prefMapHandle 5180 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82ea8d4d-2c4f-4f1a-a76f-09bac713818a} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5188 16c5fee1858 tab
    3⤵
    PID:5116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.5.986734016\321391737" -childID 4 -isForBrowser -prefsHandle 5316 -prefMapHandle 5324 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {747be363-c868-49f5-afb1-4c34c04c32b4} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5308 16c616b2358 tab
    3⤵
    PID:2428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.6.977186311\484338977" -childID 5 -isForBrowser -prefsHandle 5592 -prefMapHandle 5588 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1312 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12713af2-1c3b-456b-a705-4b39ad54aba1} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5604 16c616b3558 tab
    3⤵
    PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
e2348d9aefc21121d561ca92dbe83213

SHA1
0f9420ed4051306e9030a61afb3ade5499826f79

SHA256
ca841f1945d79580879cda0e9d0c35a54f50918588f58dbea1de5ff7d65c649e

SHA512
b4dde40e54d04e00c75998b8ee8f5544abeea3cebca31f9f82f545f856338aa9f6af991a09cf75ba966685b83e75308922b29831f6a7c2e1145a1a968d439424

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp

Filesize
27KB

MD5
8ea5a12e2766204cd7132514c832d7e4

SHA1
f87630afe19199a2610489bc1adac4f23b287230

SHA256
58b28638dfbaed1e462181e4418bba9fff2277f750596243c0d8890b0519a2a7

SHA512
a360cee1c2460cb115e53e27fbb35acf92bc12d2ce56cdc225fdcf2119911bfe2bb7fa5d1de20d69d50d0adc58b28c4c0020e6ffbe474a593047dc6a0ae2d4ed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649

Filesize
13KB

MD5
a899084591931d73be3f213cb0f2a0f1

SHA1
f827cc723654ab3e69d260140825de8e95782c93

SHA256
45dd2766758692419add022499c2ce0ce9469f1097b20d233667e0c04eccc09d

SHA512
a08ce138491fc1141b3c58d60eb505f72fc772389f7e81ee985469cd750b247e6ea7581f4aaeae52a19288e7f2649fcaad8243bb61dd51222cfd97bb72bc8c2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
a71ab244d565671f741686cb2c5ed11b

SHA1
b6e766a85f1f878d512f752df2dd4873971755e2

SHA256
06a5716962f3b50a8aa3acd30e33d6c75664465c3d795196ad6dce5e33a80faa

SHA512
0826c8e52b0f5dbcbda745f06390fd59ce9eee8e0e845cdb007f4a97b19065f2544ca63226b34d361adf9e1cf26644672abfe5dcfd75651cd2aeb1ae27f16f84

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
202B

MD5
4566d1d70073cd75fe35acb78ff9d082

SHA1
f602ecc057a3c19aa07671b34b4fdd662aa033cc

SHA256
fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0

SHA512
b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

Filesize
8KB

MD5
c11a3beda568dbc10bbc70cf799385c5

SHA1
60758a4a7aaee82b757f8ddc7b64c6404ba802bf

SHA256
02a232bbc34207bcf5b605b039a304f963e106b8b1ebf0c745b84a70c037bfdd

SHA512
15196df8980eba702190cd586d55930135e9b9fb6064831a9537b0a888afec7857ac198f2d2ed0f6486ca83b42591aa34b51f066b0a3bb9fe7dead5b6a31fffb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

Filesize
7KB

MD5
c387c5b654223f54ec6c9eef8986ce5c

SHA1
5acb9579cc133e9f874488a4a66a81e2002fe5ce

SHA256
e08206a7a6697f7912b6c64be051e9a9d4e2741d28f84dba4f98545fd337b15e

SHA512
afe4dbdef9d4866231e3183794610ab335f3985072801eb7b8e5b491aa83dec8830357e3bfc3c7da9b3e0a9ba30ea42261e806cfd5a3a57843faa4691e6bec25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
4f1ec84aefec6783b499b2f028b62c03

SHA1
650680203f99394a1cf1663cae11c55ec9aebb3d

SHA256
03bff66a7ebde4a65441c387b232242ab46b1db42213e5a2c2771c3105a2d2b9

SHA512
5e4763d74fef94e7efee7213398dcad5dc5692259077cd724cb3b4eeebc173676c3072b17fb76f0ecc4674a210257f636bd1ca16575cfddee8c076b6227e031d

Download Submit
memory/3032-22-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-73-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-33-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-36-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-35-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-34-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-32-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-27-0x00007FFC2F790000-0x00007FFC2F7A0000-memory.dmp

Filesize
64KB

Download
memory/3032-25-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-21-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-30-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-69-0x00007FFC32210000-0x00007FFC32220000-memory.dmp

Filesize
64KB

Download
memory/3032-70-0x00007FFC32210000-0x00007FFC32220000-memory.dmp

Filesize
64KB

Download
memory/3032-72-0x00007FFC32210000-0x00007FFC32220000-memory.dmp

Filesize
64KB

Download
memory/3032-71-0x00007FFC32210000-0x00007FFC32220000-memory.dmp

Filesize
64KB

Download
memory/3032-31-0x00007FFC2F790000-0x00007FFC2F7A0000-memory.dmp

Filesize
64KB

Download
memory/3032-29-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-28-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-26-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-24-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-15-0x00007FFC32210000-0x00007FFC32220000-memory.dmp

Filesize
64KB

Download
memory/3032-23-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-20-0x00007FFC72180000-0x00007FFC72389000-memory.dmp

Filesize
2.0MB

Download
memory/3032-18-0x00007FFC72223000-0x00007FFC72224000-memory.dmp

Filesize
4KB

Download
memory/3032-14-0x00007FFC32210000-0x00007FFC32220000-memory.dmp

Filesize
64KB

Download
memory/3032-19-0x00007FFC32210000-0x00007FFC32220000-memory.dmp

Filesize
64KB

Download
memory/3032-17-0x00007FFC32210000-0x00007FFC32220000-memory.dmp

Filesize
64KB

Download
memory/3032-16-0x00007FFC32210000-0x00007FFC32220000-memory.dmp

Filesize
64KB

Download
memory/3664-2-0x0000023802D60000-0x0000023802FD0000-memory.dmp

Filesize
2.4MB

Download
memory/3664-13-0x0000023802D60000-0x0000023802FD0000-memory.dmp

Filesize
2.4MB

Download
memory/3664-12-0x0000023801470000-0x0000023801471000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads