Analysis Overview
SHA256
004be9ec7982c94c19af5386132c96e4518e55dd940d895c7e68a6a869c1fee7
Threat Level: Likely benign
The file nazimodpc-v2.4.rar was found to be: Likely benign.
Malicious Activity Summary
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Checks processor information in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 09:31
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 09:31
Reported
2024-05-29 09:33
Platform
win10-20240404-en
Max time kernel
117s
Max time network
137s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe
"C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.0.1127802271\1206895008" -parentBuildID 20221007134813 -prefsHandle 1616 -prefMapHandle 1600 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {043bdb6a-50c7-422d-ae86-333290cdb6fd} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 1748 279709e7b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.1.1902623603\855439829" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {336670c4-4807-4244-9f56-062a76824c8a} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 2120 27970333558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.2.1969952240\1698392040" -childID 1 -isForBrowser -prefsHandle 2676 -prefMapHandle 2904 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fb1b9e3-4858-4834-89a2-8ecbcc8acb33} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 2788 27974ad2358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.3.697405039\1525554926" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3440 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3839351-426c-401d-90f6-a97264683ec7} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 3456 27965861958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.4.1302640262\1494964250" -childID 3 -isForBrowser -prefsHandle 3952 -prefMapHandle 3948 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a40f6f1b-7cd3-4d15-8b3c-ba02e71564fa} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 3228 2797604e458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.5.1727831770\1386050018" -childID 4 -isForBrowser -prefsHandle 4660 -prefMapHandle 4620 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dff1568c-cbe8-4a53-9ef4-e8ff85a05842} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4688 279750b2858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.6.980541135\103815235" -childID 5 -isForBrowser -prefsHandle 4828 -prefMapHandle 4832 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9a59477-203f-40ea-8576-383895bbb739} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4816 27976c3af58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.7.1894156319\51615237" -childID 6 -isForBrowser -prefsHandle 5020 -prefMapHandle 5024 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {349028b7-fba5-413d-846e-e4a991c7f58f} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5012 27976c3b858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.8.806329306\1047516691" -childID 7 -isForBrowser -prefsHandle 5460 -prefMapHandle 5480 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0f3cb17-947d-4dee-b47a-65d538ccf6f6} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5492 27970cecb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.9.1125326847\300506073" -parentBuildID 20221007134813 -prefsHandle 5636 -prefMapHandle 5624 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bf4c297-8115-4f64-9369-c0fb951a7f8b} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5476 27976a8d258 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.10.685143668\2111293998" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5640 -prefMapHandle 5628 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3500a4a4-06f3-4bc5-883f-c63f3a0bc3b0} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5816 279783bd758 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.11.2083066919\1666912924" -childID 8 -isForBrowser -prefsHandle 6048 -prefMapHandle 6044 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1635eea4-7dea-46bd-8a27-ce80e49e8672} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 6060 27978bcee58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.12.510622200\626160226" -childID 9 -isForBrowser -prefsHandle 5616 -prefMapHandle 6328 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01bf34c5-f532-4576-b908-81ffc589b44a} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 6332 279658c6358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.13.2132583271\1352058634" -childID 10 -isForBrowser -prefsHandle 5188 -prefMapHandle 5184 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4583b025-ca96-4e3c-a73f-f52485f64453} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5176 2796582d858 tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x394
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.14.277048610\4364934" -childID 11 -isForBrowser -prefsHandle 5520 -prefMapHandle 5512 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7e846f9-d80e-44ed-b399-a2ffe6abfda2} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5604 27978350858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.15.1903631504\50496111" -childID 12 -isForBrowser -prefsHandle 10384 -prefMapHandle 10388 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da76f71c-0a40-4b7e-b8ad-17615ed40285} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 10376 27975d6e558 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 44.237.65.238:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.65.237.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:49759 | tcp | |
| N/A | 127.0.0.1:49766 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.179.118:443 | i.ytimg.com | tcp |
| FR | 142.250.179.118:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.179.118:443 | i.ytimg.com | tcp |
| FR | 142.250.179.118:443 | i.ytimg.com | tcp |
| FR | 142.250.179.118:443 | i.ytimg.com | tcp |
| FR | 142.250.179.118:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.179.118:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 118.179.250.142.in-addr.arpa | udp |
| FR | 172.217.20.206:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.178.142:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 172.217.20.174:443 | youtube-ui.l.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| FR | 216.58.213.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.206:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.178.142:443 | youtube-ui.l.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| FR | 216.58.213.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 142.250.75.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 172.217.18.202:443 | jnn-pa.googleapis.com | tcp |
| FR | 172.217.18.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 142.250.75.230:443 | static.doubleclick.net | udp |
| FR | 172.217.18.202:443 | jnn-pa.googleapis.com | udp |
| FR | 172.217.18.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 230.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| FR | 142.250.179.110:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 172.217.20.206:443 | encrypted-tbn2.gstatic.com | tcp |
| FR | 172.217.20.206:443 | encrypted-tbn2.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| FR | 172.217.20.206:443 | encrypted-tbn2.gstatic.com | udp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| FR | 142.250.75.227:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| FR | 142.250.75.227:443 | id.google.com | udp |
| US | 8.8.8.8:53 | 227.75.250.142.in-addr.arpa | udp |
| FR | 216.58.213.66:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.75.230:443 | static.doubleclick.net | udp |
| FR | 172.217.18.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 8.8.8.8:53 | 2.224.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | polyfill.archive.org | udp |
| US | 8.8.8.8:53 | analytics.archive.org | udp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 8.8.8.8:53 | analytics2.us.archive.org | udp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 8.8.8.8:53 | ux-lb.us.archive.org | udp |
| US | 8.8.8.8:53 | ux-lb.us.archive.org | udp |
| US | 8.8.8.8:53 | analytics2.us.archive.org | udp |
| US | 8.8.8.8:53 | 195.225.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.239.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cors.archive.org | udp |
| US | 207.241.224.2:443 | cors.archive.org | tcp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 8.8.8.8:53 | ia601708.us.archive.org | udp |
| US | 207.241.227.98:443 | ia601708.us.archive.org | tcp |
| US | 8.8.8.8:53 | ia601708.us.archive.org | udp |
| US | 8.8.8.8:53 | ia601708.us.archive.org | udp |
| US | 8.8.8.8:53 | 98.227.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ia801902.us.archive.org | udp |
| US | 207.241.228.102:443 | ia801902.us.archive.org | tcp |
| US | 8.8.8.8:53 | ia801902.us.archive.org | udp |
| US | 8.8.8.8:53 | ia801902.us.archive.org | udp |
| US | 8.8.8.8:53 | 102.228.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ia801708.us.archive.org | udp |
| US | 207.241.233.38:443 | ia801708.us.archive.org | tcp |
| US | 8.8.8.8:53 | ia801708.us.archive.org | udp |
| US | 8.8.8.8:53 | ia801708.us.archive.org | udp |
| US | 8.8.8.8:53 | 38.233.241.207.in-addr.arpa | udp |
| US | 207.241.228.102:443 | ia801902.us.archive.org | tcp |
| US | 8.8.8.8:53 | ia601902.us.archive.org | udp |
| US | 207.241.227.42:443 | ia601902.us.archive.org | tcp |
| US | 8.8.8.8:53 | ia601902.us.archive.org | udp |
| US | 8.8.8.8:53 | ia601902.us.archive.org | udp |
| US | 8.8.8.8:53 | 42.227.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\817eaa46-1c96-4bd7-9466-e7f29810d750
| MD5 | 0ac291f95f76158138d7b4b0a8914ba8 |
| SHA1 | 7bbac7d7d5baf3a5ffb7294fe2a583c24ab9aa05 |
| SHA256 | cc49ee416917a7f1f06ff1402c4df574366449b190f9606b22bb674e0f292001 |
| SHA512 | 63108ae97ab0c0a836aee92f982b3a7307fb4cf31bfd359c47448edfd01422c1962759d4c8db2afb5d842cb9eb39aff2df6069ceec733dd492bd5437fb4819d8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\682385d9-6cbc-4a99-9ad1-64324521f4a8
| MD5 | c9818d9c2740df3d9f4e15610a8f2446 |
| SHA1 | 7ee482d0a22bf52cbd1f22b2cb3b50dca5456d90 |
| SHA256 | 01af04d0bb932df91c73f18d1b90befef6d6f702e48beedd2c387f8b03f9bab8 |
| SHA512 | ef537221fb8b781624c83033dd6e9663131b418ec0fcfc41fd0b33bd5935ccbd1b81f4a044cddb23d05e2a91cb711c2a1a844f58318065a016c0860431056976 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 33a0703e461c09fc5810b64accba1dde |
| SHA1 | be273b2a8c03edae470c97645cb3e43a5d79b2dc |
| SHA256 | 75ceabc791af5d7c50b3782c4f5e3efc93f32a75afe3929d3e6d8dfd61be97de |
| SHA512 | 1cb7e7c46ee1e0006684315adec6b459533a71c440ea3ed952aa4fd905c7021411b1dac5e65c1c4740a00e645640725f37c5f16bfe1a04480b58caaeabc2e370 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | e7d901ad03d22078f4c42ecc83c3bd45 |
| SHA1 | 13ffe2ced2026e6b99c39a96d006c7832a72ba17 |
| SHA256 | fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17 |
| SHA512 | 8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9f33f37ce9395976bc60c4e9f13c9686 |
| SHA1 | 7d27a065d8f50e3a105fbb08a6dbb1ceb3384c1c |
| SHA256 | ff93cfcc73204fb5d7898c78b4d8a245658d65b595eb9e16dbdf2cf452402fe4 |
| SHA512 | 499fc036ae46d8dabf02a89e92fbe38226ac1f82373c1c9a5ab2c307b2910e1a4bf575ede2f1e40de0b05c1393c1a8a0b7d97df9a37fece6b70bce432f187bf1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | c104c8585dd560f70a2f733e798292e1 |
| SHA1 | 247ecae1dac6eed12b520c17e381fc9e80c01950 |
| SHA256 | ff880e3d5f702ae8eab8bbe6e817cf92cdd2e38253279cacc9420068dacfcc7c |
| SHA512 | ee9e4e673f45be77b8766d280ae9e98a359d6c8b8ed590d094696da50923243e347787c3188a4000f95a3757c30c76b4f8fe97bebcd2277b63cc6d7a8f339dd6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\14049
| MD5 | 8319bc708a7cf415532bd20d9acd826f |
| SHA1 | f58170c6b5f109ebf3aaaae13d152bb7d84bef77 |
| SHA256 | 8808890cef09b21e80362c26ec430d7e036a8110f89e074487c44f5406cf0bac |
| SHA512 | 5685ce414004f193d1cd678963291f2f5b8a21f04b0b18ef921ecbd12cb9a55965da1c13fcc1c0479086da85cb9d1c22f5d914e5233824eaed2e286fc3291c56 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\8237
| MD5 | 0afea3ce18057b4d4c3f104e62c7b152 |
| SHA1 | 8614b140d89c709a436e43495f749d08e5a006a0 |
| SHA256 | 8eb0e8205ad2efac052cebc9e3a3d7b00b422d1bd6827a7025c5564f9899bd93 |
| SHA512 | a5ab81127fe12cdc55f784e144816caf6937d4e8fdc9ba27fb94b6ad069a6367cce1c07754bb3c63782ff8135896d3d3983439f0bf3ec004d2c2946036d893d4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 909674c5cadcf9315532804fd7a2cadd |
| SHA1 | 74889879dc7e498fc4d2b6cfc4aea2e2db108f13 |
| SHA256 | 812c1d84278d3a119dd1520ef23257cec0250acbf0fff2175407727ab924d650 |
| SHA512 | cc900e6f9a6f34d73f6862b43cb0d3c95db88c9c7176aff3d4450d815fce7c0e776efd73d67e7ef4fe0f8fc76bd8ee727e3f27df1eba4b63151fa00a41352a82 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 012b6f3e59e47bd1cfe1c6e32c0a3ad3 |
| SHA1 | ac218dab43d42ab6aee0a00019556ed2d0663b22 |
| SHA256 | ab201fafc7a476b83220fc939392795b888b884ae32f2cc78be236b58aaee8c4 |
| SHA512 | f6bc86dd55dd7fccd50b01aea180a88a985bd1b2d65fb711d978e015ff34fc28da920fd7905e40de4a2f5d18cb5ef47863826a7be5334373f2b438da73369bad |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5c565def0a817c9300bcb5d3e6710e7b |
| SHA1 | 1b4c10f832a9c3bd3f611fb2a3316f30d0373298 |
| SHA256 | d8382a485213d882ed86e096ff19fbc30355c58792af7016a0f4fc8a1baffc7c |
| SHA512 | 76da9144456e4653fbf133f149d600f29c637a21a5252ae4c8e41d976f6d88c5f68a67f5142883f75c890731233887d5d786b6a0721d9b8649243c6e4162058e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\89FA4208C0AB794E8B089D482CAFD64D171440F6
| MD5 | 742f09e37274f4edc334f4c89b6fd3c5 |
| SHA1 | 6bfa90fde017420604f559b4e1a1fe8f13faee88 |
| SHA256 | ad48f16626ad62641a5a580d97cad8fced5afb74242915a7a1544342d126e0e5 |
| SHA512 | 059f8a82961cf3516186f4e67e766898a76aa73496a9ba5ba8b5d6eb447be91227b59bdf64a570a1d06017bb676527b559004eac641cafcba617f8a37b9a2aaf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\11744
| MD5 | f6d166e4303716902bace575da787122 |
| SHA1 | a0ab1473e9ede59a7b753c588110f59e9636379a |
| SHA256 | f1b9c4cf0dfa9aead2273d3b4aca0a9a5f264072ea4e0562ee7c239e5e4b7978 |
| SHA512 | 1e9d46254f1e274156e373441e5a233cc78ad7a1f1b0cbd6467426d0bae8860199cf0b1475eb35278e642e296de32689957c62d90e03b794d25024cbfc5e967d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\32695
| MD5 | d4342fad406d00647ee4450b45e82e13 |
| SHA1 | b4f4b710cd1913db7f2415aa0416a946410df7e6 |
| SHA256 | 00b0650cdc103d04efda35433c95ddc26d6dd93e9edec241d66ce461153fb452 |
| SHA512 | 93f269bf34efaec6a9472d5ae1bc5b449fa659c3ea25c2c1789efde6f3c08dbdcf352b37f1b04146bfba02c49d2662194827ad771810c8d1f4980a9d41ca1a8c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\1544
| MD5 | 37e83a7d21441359f1b0946f03c5ca63 |
| SHA1 | 1a358a849ffe30069d4d0dc3c94938ae7b7cd7ac |
| SHA256 | bd5fd622b42295bf208f9d52eabd02d2892be9e3321b817c2ab8e3f08e1b7a10 |
| SHA512 | a791e35ac65824a4e5c39c9e14448545ab5693dcbd6ed7ac32473e52dfa9c0166f1a8f6afdff2eb6491e9ac70356279b6650a96b97966630ac8f20f27f7448d4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8eb34f5f1b9a53a61527e816a84ac2a3 |
| SHA1 | b82abd42655d64c1c98759bdad2c59dded02517e |
| SHA256 | 2a12b52553ab3449d04adfa9806c391af79e4731e5939e57e41a4653610bea6f |
| SHA512 | 6758a6ca484eaf946714a54f0aa652258219e63c44f30bf19fbee822d5fa25ff0464731968a9e7fe20973dccf93c97e5117e3a77c8494cbec387d131fa16c671 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++archive.org\idb\2493130302____btrsoewts_esrf.sqlite
| MD5 | 60244d9c9aabaf523e00ba2971f38bb0 |
| SHA1 | 477daaa0f91947d75a2e96b20558ecb590c06ab9 |
| SHA256 | 75d4c2a4d8a3c1bd6f9e10ef0e01e0f06b0b1d10680f7e13a3fc63e12ededbb0 |
| SHA512 | c963082d6f817430561d9daae27b0a86c18671d716486908e04c62451e368ef99ab48c60548451442055336141b5e2e64f0b6fc279d73aff3730f2e4041b88b2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
| MD5 | 0979e5d86069331632968d1d64521363 |
| SHA1 | e1be18e99060d09b0e89b61263c836203435c710 |
| SHA256 | 23e01bc769bf99ff451bff7d425c5fa0be281f254259ae33306332089f4dadeb |
| SHA512 | 823432fceebb1bf732b9e2ebcc36c8dca273a3d286e53191d35ae05e57a7ef8ed0f4e5800696ac5e919b300ecc8b6889b7786240cc877dc5fd8ea44d7faf9e4b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 25ffd9061f183e5b1602934f2311d162 |
| SHA1 | a6ca907baba03d5566ee33f6c15da252ea7001d4 |
| SHA256 | 978e94aecfa0c2d337048ad920ca85b4833aed00b4d079e7d906f59d3a14284e |
| SHA512 | f97e0c2eb0553633b261bea6ee9781a62931ffd231195145406a9d0b06989e8358f1ebef22ec11f38412c6bde25afacfa32b914ddddd657c9b38c86163f11919 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\7739
| MD5 | b2e3ca91e96424a3149b9808fdf7a7ec |
| SHA1 | 96724b6ee98a7a184e7f62eb2f190c16d23c1645 |
| SHA256 | bf1150602d3119b3db929022dbe94d043118adb4dc75c55299b5a64ca8ba994e |
| SHA512 | adb73a8e9c2a01901cddb72a8073b0184e68890a0f658c35e63848ae4eba81e391e13f18928238a9b5a9bb2712cde251613143d8072a790b72353f92e2d6ff78 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21521
| MD5 | 776c9bb09c2990df6d1eeec78d1361a3 |
| SHA1 | 543fdb3072ff33500692b1191ad6b2f98d788d8d |
| SHA256 | ba4d7b1338f40949d90dca7c25123621d4fabbca322db4e4635f052b2f771a90 |
| SHA512 | 5b282c53809d9237a5477cbc8599c56eec317880a0f870f7854c25ee5beabdf85df93fbe9301713ca68c3707e559035c5a9c9a6eec1475538a8a1e247f2963c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\3544415070LCo7g%sCD7a%t6a5baa3s.sqlite
| MD5 | 60599fc22b52e1b46887d8898208c46f |
| SHA1 | 01177d1440dbac1ec3675edf68f77e32cdeac6fe |
| SHA256 | 04b154c59dbf2f137951366a6c11aa045cd1362d436044ffedcc20f51f0dfad9 |
| SHA512 | 2c7c107ee041c6bc15a1363d8d23a38c7d486f2c6d4f1da44513fe7022bab9ea5fac8bc2b33f4c33d8a1efbba5135247b7377cf304a6117f03096fd987cbeaef |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4773260177733430020dd7bd4fb2d2b9 |
| SHA1 | 2cb81bc032cb004edd675a510ef015ac91a30546 |
| SHA256 | b12d401c2de66fbde4c423d5c7ea0cff2eeae06c609a142c4516513241897022 |
| SHA512 | b775b619a6af6b4ee6b51f9da8afd2d14e64d81581b57412b762e2ba0558bb05071fd171161409cf2cfb3295c78664a517bda3066648edcb66c0a0e9f6fad0d4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | de86d7a0a3040914285ef1272cbc4c2f |
| SHA1 | a89e9fb2d47aec14f05a71a4742909897fab252f |
| SHA256 | 1d8bf9046931a0d29d3671c8b62d3b7a72921c624e5532a5890503a471d47c78 |
| SHA512 | f2710b5378775300512cf4ad851e9c841f31f0c1ec1da6bf821376749c81284f400a4e55bea421f96b7962dcdf0d054ea044e462fb1f621881514595fae65dc0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 09:31
Reported
2024-05-29 09:33
Platform
win10-20240404-en
Max time kernel
132s
Max time network
136s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\nazimod-runtime.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 26.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |