79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
Size

1.2MB
MD5

c405ccb4db5e6b3603e8d263acf6efec
SHA1

a7af8499340084c5fc9084fac7403fc7d1d14e98
SHA256

79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f
SHA512

cbd990037ce94951b50567cdb605f2e886239aeac56a313be1b3cdd7654648a8ca59ca1c1a1d5adc7ef35a58801518afd68775dcc04314db7e8c27eb3ac8b396
SSDEEP

24576:0qDEvCTbMWu7rQYlBQcBiT6rprG8aLM2Sbly7TWEPje:0TvC/MTQYxsWR7aLM2dW

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1048	firefox.exe
Token: SeDebugPrivilege	1048	firefox.exe
Token: SeDebugPrivilege	1048	firefox.exe
Token: SeDebugPrivilege	1048	firefox.exe
Token: SeDebugPrivilege	1048	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1048	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 116	2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe	86
PID 2736 wrote to memory of 116	2736	79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe	86
PID 116 wrote to memory of 1048	116	firefox.exe	88
PID 116 wrote to memory of 1048	116	firefox.exe	88
PID 116 wrote to memory of 1048	116	firefox.exe	88
PID 116 wrote to memory of 1048	116	firefox.exe	88
PID 116 wrote to memory of 1048	116	firefox.exe	88
PID 116 wrote to memory of 1048	116	firefox.exe	88
PID 116 wrote to memory of 1048	116	firefox.exe	88
PID 116 wrote to memory of 1048	116	firefox.exe	88
PID 116 wrote to memory of 1048	116	firefox.exe	88
PID 116 wrote to memory of 1048	116	firefox.exe	88
PID 116 wrote to memory of 1048	116	firefox.exe	88
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 708	1048	firefox.exe	89
PID 1048 wrote to memory of 3832	1048	firefox.exe	90
PID 1048 wrote to memory of 3832	1048	firefox.exe	90
PID 1048 wrote to memory of 3832	1048	firefox.exe	90
PID 1048 wrote to memory of 3832	1048	firefox.exe	90
PID 1048 wrote to memory of 3832	1048	firefox.exe	90
PID 1048 wrote to memory of 3832	1048	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe
"C:\Users\Admin\AppData\Local\Temp\79bf5e36c3bd475045d5e2c4472530299e3352d273ded288f79930bdceca179f.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1048
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bb96e74-3bfb-4d92-8eee-2a6a0ac6e5e3} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" gpu
      4⤵
      PID:708
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 26677 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbef23c6-8906-4c34-833a-4004f7566a72} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" socket
      4⤵
      PID:3832
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3008 -childID 1 -isForBrowser -prefsHandle 3056 -prefMapHandle 2788 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {988eff1d-e924-4586-bf84-ec7f7d92fcbf} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" tab
      4⤵
      PID:2604
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3668 -childID 2 -isForBrowser -prefsHandle 2960 -prefMapHandle 2932 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06f11d63-913b-4178-b83a-2d10e51a41f4} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" tab
      4⤵
      PID:956
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4788 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4780 -prefMapHandle 4776 -prefsLen 31167 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4fef799-2e10-45bb-af83-947d7ac9e28e} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" utility
      4⤵
      Checks processor information in registry
      PID:3220
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 3 -isForBrowser -prefsHandle 5588 -prefMapHandle 5596 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e1bc450-2b10-4bc3-9961-f403585d3627} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" tab
      4⤵
      PID:2708
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 4 -isForBrowser -prefsHandle 5476 -prefMapHandle 5480 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51f31b8f-01ef-420e-a782-0502fbed1579} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" tab
      4⤵
      PID:1796
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -childID 5 -isForBrowser -prefsHandle 5876 -prefMapHandle 5884 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b38a8865-ff29-49af-8bae-56a3efd203fd} 1048 "\\.\pipe\gecko-crash-server-pipe.1048" tab
      4⤵
      PID:2016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4cs2motb.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
a4322aacb4ad3d2011ecfcd5c27ac594

SHA1
a5b21578d62aa698688fd94f52b4794099eb7ad2

SHA256
1ec9c938cf1d6172e9dc39fd221a23b2558822348df19cebbf8e4608fbbaffde

SHA512
7f83cb1dbe98a7873d0bc3ad0bc9a88593fae8f027c1f3d7002e11e01616625dadccf3b690d02aef634aa569f63e4f014cc879f1ea8c160910d2c9aae3ba14f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4cs2motb.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
18cbbbc92723f0a9da16c00167c89f19

SHA1
82f28e12471a77cf0ff1e181130c7ae3e9ead79b

SHA256
47838a79f69c0984fbc23f298d721d0bded4c6649589805ea84454b5e5c0ccbe

SHA512
f1895767cde9559b4d55656a883f1a76e41a0bc96fe724454fb21f408778591c719075d5af110272fcffcdf790ea99fcb23f382fbc16b05c7b4f952a96a4d921

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\AlternateServices.bin

Filesize
12KB

MD5
62f4a560e69ac2789a54a1943b964d0a

SHA1
47abce388a52953ac74748ced2afe9440fec5583

SHA256
8b880506b4ee27b905c2f3804442b82454ad8a595be1f218778cefe2d35e40d0

SHA512
3a7b2ebad8bafc543effd71c2ee7506e7ec32afbfa53c8dc4d4ac6af21a1a6d7366002c04a0f1af3893e99168af61fe7cfeacde68fc94438288bbc4ec0a1100d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
642ff945119c47ab5fe5606b3a1b20d1

SHA1
c40b403be24691d139b0dbe9a3fdbc13f1356cec

SHA256
a781ec607c91c2b10c66f2c32c12598f8301f2ac33da7e9d10316ac7ea905438

SHA512
22259698872b587ce8cd0b25c59b5fd989b5513d7c9e2b748458734dde3d82d5cede61d8d08a98826e5595fdfd24129b6da93d300d4723bdc358696c0ff525c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
747fb042584497cc25cde4649821cbaa

SHA1
1ddd9e63a531bd76a510dc77147523213c076f36

SHA256
a580f17018232d03f17a05a68b508689b6f7d4a90ee882d8731eeafffce58d5c

SHA512
2722d18f0768db605ed570c7c302d69dcfdd7524109306dfc390c130f5a353b82823fb2b01a0cd74f2a417ec3c6aac5966740dc629c3c44a5e7eeea3880f3796

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
249631ed1ba4de80a1ed1bffc8f9df29

SHA1
fd32d1a1d19d42a19125882d4a02f226b0ee1f97

SHA256
e38e42839f2cf718dcba9219be8ec978f7bf6f820730fb3cbb9573c797831e06

SHA512
a1f324763fb9de3a1afedd6c99261b228d5af933d5b2dee4cbc4d92fe66bacc170f962b0bc542a6891597c014a4c2657ebaa90c1afe563aadf8377d7eb50f5aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\pending_pings\260d545a-3e77-4fa1-abd0-05cf94f0338a

Filesize
671B

MD5
22aef908323feb25135c08b740fdb8ae

SHA1
b4280810f378ad33bf7af1b57b88c2616830d000

SHA256
5b8ca17784314fa26e220e5cca7febd3399f4872fd348bb145e91bbf027c882f

SHA512
194443c7cba5172aacab7aa5a392b68bcf258eb2414b3579619e61a2a2d49cac6b5293c601853d595a7ccb665dbcac0ac5ed0f3024c954a2884512edc5e7732e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\pending_pings\31b5ee92-10f2-464a-b248-4821bf901ba6

Filesize
982B

MD5
7b6a53436e73d6caae78a78394116ee1

SHA1
ae2a549dac5b9f20d6026e4bcca3d6e123ec0524

SHA256
26424778bd4ad9504834c64edbfe377c5537be6b14cfd2219faff7a02d1e9e92

SHA512
0a3e2e4d9dee02b0ab75536ac25217385d29d8d6dcfec7797fa71d7fb8e83ecba02a90aa19fcb64bbcd584123d0b2f296e6cb48fb2745240200717169e5d5fe4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\pending_pings\4300b047-12e5-46c3-a7af-287ab209d12f

Filesize
25KB

MD5
630dba62b151a72d8acd9f2b29913b4c

SHA1
872c200f76213bd4c718305ffdb39bd16ffbc96f

SHA256
0c15f7279bcd643650ba370e7eb0f76ed15189fdc06f8fdd99b37d8cb873be13

SHA512
e48171efacf9c97341c225e5f81aca00240f5d23b564ccb4168acd82b220e1eaa4b2ebe1bb634966c59d4db4399c89dbcd2c327cb98c9cf99c6353b72ea9f077

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs-1.js

Filesize
13KB

MD5
31fa23de163c758c5e2400158c040a15

SHA1
94c3d8ad149a99531f1d3b2428b1f0b76b9f0508

SHA256
c09cdb5a82e4bb4fdcb2f9e7405f31410c26c48db2ce38436aa379051a873f26

SHA512
bb6023e6083b4e38b260a32a0503fd7d024c769cf700ca9d148085de0d923a0f1bc7274c42f99b352a3c395d84c232885d252524e4d2cb6e185a0cfdabe84b87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs-1.js

Filesize
16KB

MD5
5c71cdc9ab9320852c9f6b564ec6b0c0

SHA1
bb7291cfee1083ea3ab1a56ded52ca98998539ec

SHA256
6793f92a91c1972b765172ed50918b7ce34a36d1aa0cb8bc23ed14d44d45c5b7

SHA512
31519d5f5412e5d5df8a74d2748c8ffaf733b8a73ae5b1293137f10e8da213d7829eeccbfda4556cd2e0adaa83223c066d34dc3e360c4db05204e7a1d93aea42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs.js

Filesize
8KB

MD5
2cb2a436726fb756e451ec5175181659

SHA1
42a9dc3f4e3a00d60ab1ffc0233bc0ebf545af6e

SHA256
108c1898e00c9a7017ccfbf6354e14e1561e8ebfb054b18aa2bcd47d6bb72a29

SHA512
c304e4d162c9dba815b8b6017a0813e485c1535ae4e0ffb5f35dbd9a454f54b12e1f04c73cf74591d54933e86f017f57614ba7cca8e39e8ee1b7e50dd3fe5396

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs.js

Filesize
11KB

MD5
4b142275efe4d82141967267013263db

SHA1
891d77e230195bc30531ca2052a3eeef42dcf36c

SHA256
bed5a50c242797fbf39e18f6ea2a6c257819c222230ea7dea86ac38e1077b01f

SHA512
f919c3143d047cc633f47eddd998baf60597c128c6fd37647c315c9ee9623c75ce2afe2099228e6623a66e69d50eb367f8dd1f001d9023fb58de180c40b113b6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads