Analysis Overview
SHA256
8b7e008ac8ec80e892065d05ab6f50f117273230c71362269b52e464426d870e
Threat Level: No (potentially) malicious behavior was detected
The file K1XP8K was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Checks processor information in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Checks CPU information
Checks memory information
MITRE ATT&CK
Enterprise Matrix V15
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-15 23:36
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:39
Platform
win10v2004-20240508-en
Max time kernel
124s
Max time network
133s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\K1XP8K.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\K1XP8K.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.0.274714595\841077730" -parentBuildID 20230214051806 -prefsHandle 1808 -prefMapHandle 1800 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86741cce-fe81-4612-ab61-e401fabfa96c} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 1880 1df7d510858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.1.1878895056\14465646" -parentBuildID 20230214051806 -prefsHandle 2476 -prefMapHandle 2472 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f024fce4-3bcf-4cb8-ad07-f8906ffd315d} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 2264 1df7088b258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.2.2042072640\1746451686" -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 2992 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1240 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a36d6230-5e23-4552-bcce-2cbb7e2835ec} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 3188 1df02647c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.3.230127996\1398561827" -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3600 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1240 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edbc255f-796f-403b-be04-5a3c81832075} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 3068 1df03b93058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.4.1416399740\661144089" -childID 3 -isForBrowser -prefsHandle 4980 -prefMapHandle 4960 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1240 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f63ce45c-a299-445a-b36a-172fce764501} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 4988 1df05d22858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.5.598252843\1552510514" -childID 4 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1240 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {151dab5a-615e-4a95-bd87-7e970de7c235} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5116 1df05d22b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.6.1492708252\728893412" -childID 5 -isForBrowser -prefsHandle 5320 -prefMapHandle 5324 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1240 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7d11818-e773-4e41-bb86-8422d72bffe6} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5312 1df05d35a58 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:55906 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| N/A | 127.0.0.1:55912 | tcp | |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js
| MD5 | b21c46409696b25fadb44d03ca304da3 |
| SHA1 | ffdbe616c4728cbdd023ff0a8ce3a1dc10da2789 |
| SHA256 | 6f92beec36a78a67ef6b76667b806183b4d2560d2133014207a3f23f84bf2707 |
| SHA512 | 6db2a5cb8ed28c2d99588acf7f0bd6f1d80f9c0278a2f182a9ae3142749d03e923fcb56efe3e7ae59115c4e3204a8faf703c86299c89c1293fc62c7159298053 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js
| MD5 | 52790bf4e0022452160a7060fe9ce28e |
| SHA1 | 942cc59fd0b142ba6a8e4eb9cedaecea2a8081de |
| SHA256 | 00a7e8c2cd38943832ccbaff7f443c41bc3edf3ef49607451e242e1543bc9312 |
| SHA512 | 119bdedc9d3fb3223ec07cd9b54c5a5a9dacee7765daeafee9d760cc955cc30048c3cd85569f4d186e63ee9e98849f6271d9655471f9f6f8d87419b07b312c00 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8161eef5e6a82edd4755d72689f58209 |
| SHA1 | 1534f641fa43ab3ff35ba44bced519d6e9aa284a |
| SHA256 | 8ac25679ed30c36703dad873308b764c2d69d5337ad47e0127c54c3086cc3466 |
| SHA512 | fd1fe25dc90f5b19fea1a40947f54a0fd248a6559bf32242f417065fb5006564ed3eaf43706efff6ab1732de24a9b37484bc2200388aeb5ebf8ef909bf05f22d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | c11c2bbcab654cd1670fecd3492eaed5 |
| SHA1 | 3a0edc9eda7e05e2ed2a55d94860596a0a1a710e |
| SHA256 | 6e0018e7c248b234b4b5a7022a117b2d873027410f6b45eb18ad32c03badeaff |
| SHA512 | 91f3a235acf55a1c35f723176ac951179a22495c0a387219ad7c1096bd36593fe781931292b1e966b3b516f9d090ac83cfa28d9868ece47ca969e79311cb3a37 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js
| MD5 | 90fe1bce73c8c20a239d424b0d576406 |
| SHA1 | 8ecf3c5acbea37d820e07d05ee59f2ac121b2bac |
| SHA256 | def07ae8e3c01737e6222c1a5d689a19835eef5cab2d94841c9c61c55072855a |
| SHA512 | eb43b9810d7fe9e4f754625f310acf4cdfb214e255fb1c13db9a443f9e5b4d6851ab177349e7495133ae56ab9aa821aae9144a8477c87b5ea7645659ff337eb4 |
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:36
Platform
debian9-mipsel-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:36
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/K1XP8K.html
[/tmp/K1XP8K.html]
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:36
Platform
ubuntu2004-amd64-20240611-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:36
Platform
ubuntu2204-amd64-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:39
Platform
win11-20240508-en
Max time kernel
138s
Max time network
150s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\K1XP8K.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\K1XP8K.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2480.0.1552260003\443503138" -parentBuildID 20230214051806 -prefsHandle 1824 -prefMapHandle 1816 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32e5a99c-a49d-464f-8089-cc6b312f4353} 2480 "\\.\pipe\gecko-crash-server-pipe.2480" 1512 1da8e524258 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2480.1.1013206807\1051006416" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84b03cbc-d8b0-4004-863d-9a6af4e0caaf} 2480 "\\.\pipe\gecko-crash-server-pipe.2480" 2436 1da82987258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2480.2.505999447\1449726683" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3004 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1114f335-2899-4889-97c1-05876d0f2278} 2480 "\\.\pipe\gecko-crash-server-pipe.2480" 3012 1da92538a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2480.3.348061836\1737827585" -childID 2 -isForBrowser -prefsHandle 3460 -prefMapHandle 3456 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {060e8016-44ef-4970-9dcd-05365a7f91bc} 2480 "\\.\pipe\gecko-crash-server-pipe.2480" 3420 1da94e1de58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2480.4.1908825022\1604650951" -childID 3 -isForBrowser -prefsHandle 4940 -prefMapHandle 4880 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7194245b-16c4-46f2-9c9f-4dd15335cd26} 2480 "\\.\pipe\gecko-crash-server-pipe.2480" 4884 1da974c8558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2480.5.1386601685\1453887383" -childID 4 -isForBrowser -prefsHandle 5240 -prefMapHandle 5236 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e4239a9-5c1e-46c7-a438-f46eb02d2420} 2480 "\\.\pipe\gecko-crash-server-pipe.2480" 5248 1da974c8858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2480.6.696912198\969653680" -childID 5 -isForBrowser -prefsHandle 5432 -prefMapHandle 5428 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05145f4f-a1f2-4b75-8e35-5402e3afec62} 2480 "\\.\pipe\gecko-crash-server-pipe.2480" 4884 1da974c9758 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49726 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 127.0.0.1:49732 | tcp | |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 597b2b24e3433c1b527f0576d174c90a |
| SHA1 | 9d556e67736c794895fc59d22309fdb3437df9cf |
| SHA256 | cda9709aeea40f13cc28f454b9ef666dd60d19e31bdd3fb34df226c3a01b1450 |
| SHA512 | 609dfef6f9d73e4ff8690b0f8157d630e1a416058fc04fb8bb1117cb964cdab430c6e357d7e3c3f9d254654476bb900f5ff1cdf761e7fb8954c436484fef3584 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\activity-stream.discovery_stream.json
| MD5 | 83c616e3372eba714c23d1282743b5ed |
| SHA1 | b0f76dc7ab902aae9d38579bf6d2708bbb794e64 |
| SHA256 | 53ebbde52e16fe034b2d6f1dea9950883cc677937cffa328002f64fb953f1e34 |
| SHA512 | 82471a22d814e821e8c32147e7e647516947f29228b14b7b4383a333a2849c755a16406a4e737520a219811f7b066abfc7e9b5c79801c6d7596ec790f9137ef8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs-1.js
| MD5 | d9b0b4b670f8ea22cc412f445b6e5423 |
| SHA1 | 41da5f20008ace70562e3ca8cd9d1b5a5ed609f8 |
| SHA256 | a0f3efd4ee6f78870181096579022dbf973da642caa3d883a3e83aeb7d6f4e0b |
| SHA512 | f28248f2f24754396ea97379f322fdab16fc2831509a3c7e59b457c6943938c482692300e8147d64e6e289f9b3b4c16d8bdef64bd901c71e8a3cc34f5b318d4c |
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:39
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
172s
Max time network
141s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | tcp | |
| BE | 142.251.168.188:5228 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.234:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| GB | 142.250.180.10:443 | udp | |
| GB | 142.250.180.10:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 142.250.187.234:443 | gmscompliance-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 142.250.187.234:443 | remoteprovisioning.googleapis.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| GB | 172.217.169.42:443 | remoteprovisioning.googleapis.com | tcp |
| GB | 172.217.169.68:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| GB | 142.250.200.3:443 | udp | |
| GB | 216.58.201.100:443 | udp | |
| GB | 216.58.201.100:443 | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:37
Platform
macos-20240611-en
Max time kernel
13s
Max time network
16s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/K1XP8K.html"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/K1XP8K.html"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/K1XP8K.html]
/bin/zsh
[/bin/zsh -c /Users/run/K1XP8K.html]
/Users/run/K1XP8K.html
[/Users/run/K1XP8K.html]
/bin/sh
[sh /Users/run/K1XP8K.html]
/bin/bash
[sh /Users/run/K1XP8K.html]
/usr/libexec/dmd
[/usr/libexec/dmd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
Network
| Country | Destination | Domain | Proto |
| US | 52.182.143.213:443 | tcp | |
| US | 8.8.8.8:53 | onedscolprdcus22.centralus.cloudapp.azure.com | udp |
| US | 52.182.143.215:443 | onedscolprdcus22.centralus.cloudapp.azure.com | tcp |
| GB | 17.250.81.65:443 | tcp | |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 23.59.171.27:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a479.dscg4.akamai.net | udp |
| US | 8.8.8.8:53 | h3.apis.apple.map.fastly.net | udp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:36
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:36
Platform
debian9-mipsbe-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:36
Platform
debian12-mipsel-20240221-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:36
Platform
ubuntu2404-amd64-20240523-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:39
Platform
win7-20240221-en
Max time kernel
149s
Max time network
143s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\K1XP8K.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\K1XP8K.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.0.1549597691\1483407283" -parentBuildID 20221007134813 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bb35272-8af7-4020-8f54-c65c0d368b1b} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 1276 11ed8558 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.1.471525565\519139139" -parentBuildID 20221007134813 -prefsHandle 1480 -prefMapHandle 1476 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67a3da0e-a5ba-44ae-8dd3-e452503ca9cd} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 1492 d71458 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.2.1691842201\489677129" -childID 1 -isForBrowser -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aceeaa9a-5312-4afd-9c83-96d6753013e5} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 2140 19d9ba58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.3.2069679355\330723631" -childID 2 -isForBrowser -prefsHandle 2716 -prefMapHandle 2712 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {134b15aa-d6d7-41ea-8b04-f3c2d3fd2f75} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 2728 d5ec58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.4.1078851934\678909074" -childID 3 -isForBrowser -prefsHandle 3500 -prefMapHandle 3504 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0811d4a5-3170-4bc5-bfa0-973a23ba926b} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 3508 1d767f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.5.426352107\1247139711" -childID 4 -isForBrowser -prefsHandle 3616 -prefMapHandle 3620 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eafe4b55-d883-4fca-a8cb-3e00f012d096} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 3604 1d8c1558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.6.2077872922\1435548209" -childID 5 -isForBrowser -prefsHandle 3780 -prefMapHandle 3784 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7246f133-c43c-4410-83d5-b074d03a12a6} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 3768 1f0f2758 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 44.232.194.163:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:49190 | tcp | |
| N/A | 127.0.0.1:49197 | tcp | |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\datareporting\glean\db\data.safe.bin
| MD5 | f0258ee35daa0c493b8190030cfe8613 |
| SHA1 | ffedcb095903a31884836039813cc9882683644e |
| SHA256 | e240e1212c64d1163a3162779ddaa10b650c481bb08c921f622af98414da444d |
| SHA512 | d9156a68003a911722d82d5fbb835daa85a61bbd8eae5cfe6558f66a9e32b1016549ad2974c0b30c3e354aa70b4a61189790761f99ca1ebf6e8e768fab88505b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\datareporting\glean\pending_pings\a1930dad-94c0-40c4-a934-301910a35a75
| MD5 | 39f1d5753163acfdf69eece32c3b2b8c |
| SHA1 | 14bb111391c30ae3a54cbc916cd7edcfb1f2ea70 |
| SHA256 | f6dab3c5c8902f257f6438544cb05a2a2cf04a68872349cad2c7ea8dd9d23225 |
| SHA512 | 5967442e2ce9f295bf22c06b01ff33f86fd43d4fcd649bd772944ea4c3ccc94102bf60a64b12ed33314b57ce376b713eace9a88ebf4481b655fb73148a36b006 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\datareporting\glean\pending_pings\eeea02a7-ac5f-4277-8c24-1854592345c9
| MD5 | ac7eead4833f7e1383c52fa0ddfc6a0f |
| SHA1 | b546c7c56e5ff7b7e10a1706529248c51aba4e72 |
| SHA256 | f3e05a640a1c127cc2e412173ab24fc8a96d2d6039d75b41b0ffe8e3a3e6e8a5 |
| SHA512 | d4c29f5b89e4bd7c995c69b686dc30d2c82136c17dbfdf47ff1673ae2a5d78522510bde6fcaeb6d352b81ea802a7e2ff93d4507b369f4db73ebf085ef41c752b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6f1a11429e083228fc8f5d09c24a2ec8 |
| SHA1 | fbda7fc79e0e098d8e2be70a9e9a5a923df6e3b2 |
| SHA256 | 1cfa42595b9abab961733c69e920401bcf5cb8a97e5de1cc9c936fea93afb7d6 |
| SHA512 | 230ec88dd404f61974a631ae1784553c8919d06822f1da701e8cd26387d6b3e503f2739afec7c6869e1b078b6f95125bd1a4f5a7e891b138e2e4b294c7a5d50d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9bot8sq2.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | 4235ef8a2d2489c450b17903aac07c58 |
| SHA1 | 7e1ec405cfbfdd02f14fa3de18b0b57d2ad58af4 |
| SHA256 | 83b95930a70394322df92ef7c63661576e5a3721764d741f940a8400a7eb4e4f |
| SHA512 | 924581027bb74e8c8d8eff17f6bb97aaec3c7332fe55e7a445044706f48c6b84de2b47513d346d6508bbdc112094f600b10597e2bba2c5d1f1cb445ad3fe5027 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\prefs-1.js
| MD5 | 320543ecad88c59652d6beb8a7d72a68 |
| SHA1 | 3bcb175ce5dd43b421e6fbef93585c8564a1893b |
| SHA256 | 02d6b8da59132b8db2492dd993d59dbaf539d7c7214bde0163e15459d8726f98 |
| SHA512 | 47c8a59bde0414e342dae98c954fe16232e13bfa8c53ef81ceb6bc6caec5cc06b894995afa7fd8b224209d55dccd22cdba92ec036d13186c6ead6015fb6ab052 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\prefs-1.js
| MD5 | 6683fecb57c2dacf52f7349b0349842a |
| SHA1 | d610ec45ba0682eba2e45d7e7ca61dc2ed65f0d0 |
| SHA256 | 31ad933a204f3ebe92b820b16cc598ebd251b8b38f68eaab3521948bd693bb2a |
| SHA512 | d533484df89ab1945c695310e1fe85436cd70c45dabac4d5d340c2a52d6405a20f92fbdcd9d9e5b5cded56eb2dc98634d30c06a76838641351450dc1a8fbbfdf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9bot8sq2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | ca559fd889e5102efec54bcf0597e1ae |
| SHA1 | 6ec0c88913e45f0921f5f7490374ec8f543748d6 |
| SHA256 | 8ab84a1f30e38d58dc754dc339936143461c2cd92c77a75fe11d583ddc663de6 |
| SHA512 | 8262072c676457240e47b06d8b5d17ff5a703c602be24acc49c032e9d0f8e9a9908c4bf3593345ac5f8f720896fed2030690a5b26853f4ad14ae30cdb45983bc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:39
Platform
win10-20240404-en
Max time kernel
149s
Max time network
147s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\K1XP8K.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\K1XP8K.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2936.0.1603151220\758446874" -parentBuildID 20221007134813 -prefsHandle 1680 -prefMapHandle 1640 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0338d16f-3f4e-416f-9e60-e97fa77b810e} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" 1760 19edcf14758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2936.1.1297798837\1113416564" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1780dd18-a54f-4861-a53c-b6d30fd52b37} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" 2136 19edbcef758 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2936.2.1453037619\1458451824" -childID 1 -isForBrowser -prefsHandle 2692 -prefMapHandle 2604 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfac9a4c-1613-4735-9451-8349928fc249} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" 2616 19ee0104d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2936.3.2080212481\219471770" -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3496 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d9554a7-34fc-4168-8ee6-aa634b6601d2} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" 3476 19ed0d62058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2936.4.1283919201\1394818053" -childID 3 -isForBrowser -prefsHandle 4624 -prefMapHandle 4656 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bfe482c-e68a-4734-bb37-00e30f85332e} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" 4716 19ee2740858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2936.5.60589372\369088045" -childID 4 -isForBrowser -prefsHandle 4852 -prefMapHandle 4856 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e92b1437-84bf-4f6c-981e-0be018024a14} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" 4844 19ee2741458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2936.6.971487967\1170645468" -childID 5 -isForBrowser -prefsHandle 5044 -prefMapHandle 5048 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {628d543c-95b2-4fbf-9749-45e737cde42b} 2936 "\\.\pipe\gecko-crash-server-pipe.2936" 4716 19ee2741a58 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49775 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 52.33.96.36:443 | shavar.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.96.33.52.in-addr.arpa | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:49782 | tcp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.73:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | b52def81db11882d25da061960ae1727 |
| SHA1 | b43ec1aaf100bc9a91f4d80acaf45b1c2cc1b01c |
| SHA256 | 25bb86e50348bf5b941878f60e21f4b69798ce831276368faf00ca0623c2a5b0 |
| SHA512 | 1b14cda4db35950df60e1509e8593819dd7aad78ef0e35600032dcb5693bd61061deac01278fa92cc7997a8d4d8a95771b13206efdeff5f45a9560c4bb5f5289 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\349b24fa-056b-406c-b0f0-146d9f46c2fc
| MD5 | 5b058f77014de74518fdf89d9e651f5b |
| SHA1 | 34e28c90b0a11d75a52b38c5ffc03accb0b518d5 |
| SHA256 | 3eb728e6cccb065c8c2897490994800b10c240fb28f5ef3e9e3f05df6b795546 |
| SHA512 | 5d5c41c43bbc58cdae85898d96c2829b4f7bdd68fe603f3e7620c30631f903a60cb9f5493afe3464d2aae3b1b075b4a85742dbd358794b7fec9849f22652af33 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\c4cc886f-8455-4880-8470-6a816b6f9c9c
| MD5 | 24743d657907b87ff6c24f49825fe708 |
| SHA1 | b1ad62dd8db785e84493eb7d9179b32a8ce4907d |
| SHA256 | 45f1f67654cae8e13f541befd0d80fb30c276a3ab7b74367ee1870ec138073d5 |
| SHA512 | 4b1e5e0851bd70922ef74655d93e2ec1599a0c0dc4e0f9225bba9cf7cadc6a9e8d9176f059c7c92ba90ac8b188667d09cdff4bf72c8d481f42eb86d58d8c8698 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4e988f9b699c32cd0a9c7a6c4072c28e |
| SHA1 | e69790d9efab335aed3410f8045e2d739b32d6ed |
| SHA256 | d9a0e85ce7d228d73f210ed7ae50b4d588e6549e44f1afd779e9a6429866e9ca |
| SHA512 | 4e6adeccea14b834eaed298c0260186025540aba620551ae654cb74d137db0c54f1c6a3615df7bbbb8638b6445e45e0be11afdbf816bbffc46b504b6248333c1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | bf39eb2b02f18f6ca60e2386484be252 |
| SHA1 | da2712fd7c04e05422189c8d3d9a100ea3d4d782 |
| SHA256 | 89d763c79f69a6be776add742519fbe6567be00da0e07f6415dde42f9a879862 |
| SHA512 | 6c057626aa691516df837e703a3c54b1c71effd08f022be8c02fe19d87dd06ab5274326c518ac61be5e4388dc4c555911b7a268efd7863c6dac87e7d83cff414 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | e656419f7a06e74ffae1135f782eabc0 |
| SHA1 | 8d0fb0e6521cb43051535c0911ed9d4e2087131c |
| SHA256 | 34be6f32f9775e5e7b7581370a7dbf471235aea965dabdb65655e46238731e0d |
| SHA512 | e8121e3bc7c795394021444731a7fb83c0272740c4579a023d888ba7b4268ac7891d434e158706229c9116c62204b7b24354a376e88b3302711f899c0e356a2b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 2f4236846cb0cc5f9aae9222d1b369ce |
| SHA1 | fc480532cbbcf455633143120debcd1443d23773 |
| SHA256 | a8a92028fc205b36d629c1d841044a6b1fcb036cd79c036bb487e7a25b647932 |
| SHA512 | 63b6d67ab4cf3ab95f34a444f1f001e5884c27014f832f7e52aa35cbeb4c34683313f7dcbfb035f79020498e102c517d853e81ae42c980b9332a4e2967175409 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 48bb1b6b2bb8e424e247c6e51b9e51b0 |
| SHA1 | 08219c97b96985bd2341c07a72a1dd773f0fe7e0 |
| SHA256 | f7fa1c9c60b06c0b58ee7b230f59f37c8bf055e29dffc49fe4012d0a9c6ed8fe |
| SHA512 | 0703481fda4cfc58b5444cc7cdd2e20001c05b1716d2282841b621fcf9768a2e1a266218ed33cc58c3ed78de97a8df036778991336b986dc7516563ab0a0835f |
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:39
Platform
android-x64-20240611.1-en
Max time kernel
118s
Max time network
151s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.10:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.78:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 172.217.169.10:443 | tcp | |
| GB | 172.217.169.14:443 | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:39
Platform
android-x86-arm-20240611.1-en
Max time kernel
116s
Max time network
149s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:39
Platform
android-x64-arm64-20240611.1-en
Max time kernel
125s
Max time network
133s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.8:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.169.3:443 | update.googleapis.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.169.3:443 | update.googleapis.com | tcp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-15 23:36
Reported
2024-06-15 23:36
Platform
debian12-armhf-20240418-en