98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
Size

1.2MB
MD5

95400fe4401436bc758adf545cedaf96
SHA1

1f49b7413c0b8f9c1223163df28c455b2db546b0
SHA256

98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613
SHA512

e8de73ea985e7429bb71d31368643995e6a26035df7adff0f3292c9518fbfb0d68da29d2b39f7c27d80e8d73f4e4a54a058c5f2ebe2cd87d1456fa51d414d9f5
SSDEEP

24576:UqDEvCTbMWu7rQYlBQcBiT6rprG8aL12Sbly7TWEPje:UTvC/MTQYxsWR7aL12dW

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3296	firefox.exe
Token: SeDebugPrivilege	3296	firefox.exe
Token: SeDebugPrivilege	3296	firefox.exe
Token: SeDebugPrivilege	3296	firefox.exe
Token: SeDebugPrivilege	3296	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
3296	firefox.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3296	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 3636	1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe	86
PID 1272 wrote to memory of 3636	1272	98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe	86
PID 3636 wrote to memory of 3296	3636	firefox.exe	88
PID 3636 wrote to memory of 3296	3636	firefox.exe	88
PID 3636 wrote to memory of 3296	3636	firefox.exe	88
PID 3636 wrote to memory of 3296	3636	firefox.exe	88
PID 3636 wrote to memory of 3296	3636	firefox.exe	88
PID 3636 wrote to memory of 3296	3636	firefox.exe	88
PID 3636 wrote to memory of 3296	3636	firefox.exe	88
PID 3636 wrote to memory of 3296	3636	firefox.exe	88
PID 3636 wrote to memory of 3296	3636	firefox.exe	88
PID 3636 wrote to memory of 3296	3636	firefox.exe	88
PID 3636 wrote to memory of 3296	3636	firefox.exe	88
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 436	3296	firefox.exe	89
PID 3296 wrote to memory of 2184	3296	firefox.exe	90
PID 3296 wrote to memory of 2184	3296	firefox.exe	90
PID 3296 wrote to memory of 2184	3296	firefox.exe	90
PID 3296 wrote to memory of 2184	3296	firefox.exe	90
PID 3296 wrote to memory of 2184	3296	firefox.exe	90
PID 3296 wrote to memory of 2184	3296	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe
"C:\Users\Admin\AppData\Local\Temp\98e79119ed5b24d84c9fca0c8b21defcab5fc3c7e2494a5babc5902a780ca613.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3296
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eeeb278d-4621-4943-a884-802469c4cdbc} 3296 "\\.\pipe\gecko-crash-server-pipe.3296" gpu
      4⤵
      PID:436
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {700981c0-b64c-4f8d-ad0f-928923b1b5a5} 3296 "\\.\pipe\gecko-crash-server-pipe.3296" socket
      4⤵
      PID:2184
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3048 -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 2888 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db6d3c46-a8c5-480b-aed9-5c3398e65c6b} 3296 "\\.\pipe\gecko-crash-server-pipe.3296" tab
      4⤵
      PID:2392
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 3440 -prefMapHandle 3520 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb67ec6f-a245-4759-9a42-0e08c62064e0} 3296 "\\.\pipe\gecko-crash-server-pipe.3296" tab
      4⤵
      PID:4852
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4536 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4764 -prefMapHandle 4752 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b33b3290-13c3-4d17-8598-e40fdae09507} 3296 "\\.\pipe\gecko-crash-server-pipe.3296" utility
      4⤵
      Checks processor information in registry
      PID:2732
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 3 -isForBrowser -prefsHandle 5448 -prefMapHandle 5464 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {807b7fc3-acc5-43ec-996b-cf8d44d158a0} 3296 "\\.\pipe\gecko-crash-server-pipe.3296" tab
      4⤵
      PID:2124
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 4 -isForBrowser -prefsHandle 5632 -prefMapHandle 5640 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7adfd154-88ad-42bb-8cdd-97bdb7543e96} 3296 "\\.\pipe\gecko-crash-server-pipe.3296" tab
      4⤵
      PID:3800
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 5 -isForBrowser -prefsHandle 5808 -prefMapHandle 5812 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd72fce0-92cd-4f08-acac-349ad91ca209} 3296 "\\.\pipe\gecko-crash-server-pipe.3296" tab
      4⤵
      PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
2eed90c5a74e02ec3c2ccd1ff9748392

SHA1
e0f3d980b7c59c7667b474bb339f71fdff8b09fc

SHA256
2b5244277d229d42d0a068072395cd196f9f11fe514a12a556f6078594d0f70e

SHA512
295ea9a300ea089895cbff1abc65e7c51b054610921f5f7be45f92610fc87b9a187fd4aa81a3e0e921fc5e327ba5b999ed1ee393212b853029b423aa25b61dce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
b61bb7a7f19a8a11a5db2f3e9606b28b

SHA1
20556477f876d82f34e40fae6c47799e63121186

SHA256
8de618795c3e19c2c3503f1776d9f4413a18f83a0cac6981de84a8661ef0b8bc

SHA512
9b0dd61748b15a6b71cb7087687ad3c7472d95f3e952f89a4e53ed222fa04f65325cb4075eb3097da85ab7078d33b115c0cb49b919d82091138b1f17586e4fdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
752b64959e7f60d42a061dbeabb80fca

SHA1
af18e02da82a488ac1761886cba420f5541f4e2c

SHA256
3619d6c8c407b7c3a9ccafeb27cdc39d2de6542434e6101ff0c2d2a141711980

SHA512
e927405c2df92a040de95189e8ff70dbdfc39b7bd2c6464e605307eb0ddd26bfa2a680f90aa4fd5ad37a5221de685c38d2b6d5474e5b32ba0851c70c4f6ac33d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\AlternateServices.bin

Filesize
17KB

MD5
7f30ee4f64f8ac2d7fceb0a1e13fd304

SHA1
6605d528e8ebdc55c830d59c499c505d9002eb7c

SHA256
bb43799d19e7f4302d89f3a42a7b2ed6ba8e95a086bc6e6d0ac70358da91abab

SHA512
a77d229634053ee1721fa0b60bd22fc2d7be616907fcade1283b3e6e700179000662b86a1f91751669440ebc1678f137a79658d97e78c993a8d5a2b84a8c1048

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\AlternateServices.bin

Filesize
8KB

MD5
c03b4573e75a87dcb083459aaf7cb2d6

SHA1
ee54c85ec51f72f36994451fec87168ad0d03c1c

SHA256
39c284388beb1ac589614376f7c1d0b148dda5139002605672505bbd6d47109d

SHA512
f29493c528f54cec29b9590b2e1a8690915067929a2f10bb44a7fc2f482816aac2420fe8384f01cd67c793df04d7945d1762735ea79de02dec0c0f1974a51bce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\AlternateServices.bin

Filesize
12KB

MD5
7d1a6899dc03fd397639b3d3b0111984

SHA1
53844f32c655ddd8d1138b23b1a79cefbff65168

SHA256
eb43a2f951d457742cd698b45c1c9a75caa0d3ba1fad1a4fd3a2a09c72048450

SHA512
1815c579509ee1d05216c5b1bc5c84faf82f6ece980b42a6b19af6f8a6b107efbc77288727813e8341b7ead95ad940eb5aececbff370a93b9c3c4f3e9634f230

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
a570ddd3c7b8dbdac12a2a57e4e64db9

SHA1
a753c637995bcf3ccc613fa5308fd4abd4567083

SHA256
bbf8d72a9423851fbc4cb69acadf92412e86edb7451d148429fb2de01d21c467

SHA512
c8bc76c1f742f5aab0b12191cd492fdeab5b6bc79199bdba26fb4105ab98e8d664f6c4b4146f874d1d1996c200702314ae704ab5fef338eebc14491a604b5068

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
aa554e4a6b3769ad05215c7309aba77c

SHA1
0c8a7d5c79b8f267cd3bd2f4fe9d0e7f14875719

SHA256
e0234d31fd982b765477271544f04c7e085fc56123982305d545a4a7c093ef72

SHA512
538c415a8312614d8def28e7112f3c9064684ac3fa4736f38934a013b503ef3a084a16c58ac7c89bcb2b30130b44ebbe9b2f5776571af898b5629262b53b9acd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\datareporting\glean\pending_pings\3424f836-cd05-4e02-9cb3-e30fc33e1288

Filesize
671B

MD5
83f5931119cb72388f7c294ce9a29de0

SHA1
1b3905118d1609d93f7694c4a627cf482c4f2001

SHA256
60ea624265d6205b673f53d923085a7ff45897732c9906ff2e2ae72b2cab887d

SHA512
1735baf01fda04967d5b9d4c80de9ed50e633ce501175677cf986f76455fbc11ec8128bc38905bc40cb88442863c07507acbf99faada21ed8e5086bb1c410240

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\datareporting\glean\pending_pings\5318db5f-c180-47f8-a40a-1da4b5552b04

Filesize
26KB

MD5
2980699dedc3df908c1e722bfb024aee

SHA1
1e94af860d98d2acd6779da7c017476842a2a056

SHA256
a8ae6d6160710c1252efd21be7789337e8a78cb0c4c99fe37d1e12e3b240e839

SHA512
dd0c0e7dde620d367ea761e4edc81664addfd62e41a98f39d10c845ccb0e167879a723d82d9abe5042605a514872acca9ca27f533e5f0ae115bf29b4f71a24cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\datareporting\glean\pending_pings\7c8bedfa-4c71-4588-8c13-ab4f30ee90b4

Filesize
982B

MD5
9710f1d296f75415bb9788ee4d8d543d

SHA1
ebafaba48e498fa3d770cf684ab73733794b662c

SHA256
0617ed860b3c1c8f775e0658ce9e81dadfd3038956a8ac6f5bd20b9b183f9cd9

SHA512
e773b2c69b3f5cae9712e142f7eb8329ac508c1e7d9dc88cf4aa7621031d30edcb0c86794b3c06f4f472651852c24f24636fbb727f9d693c9906d017cd8ce894

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\prefs-1.js

Filesize
16KB

MD5
567ebf40939de1265fe82391fdcd69b4

SHA1
5f9f0b2792ad6a7c7c02711d6ce1385148b953ca

SHA256
ec46a6b28bc3ba809afe09932fddfdc71baf929815dc62edb246aaec3bd84d06

SHA512
6182a923592655b76efae773bea12525e13082478c285105f0ea4f2277c525bcdf3a2a69e6a79baacab6a6ae52f19f417b32fb52e0c15cd953d53ee44dd6298d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\prefs.js

Filesize
8KB

MD5
eef48ff24594219b1e886776023cdae7

SHA1
c9a3cc168e4214c2a38824d9242af5bcd4b45900

SHA256
81bb9e2133a99fb26da6dc30de358e233a8184c53d57502d24ecd06d3ef6473a

SHA512
ba2bfe08fa35aae586aff696edddf162bae1609d521ecab49de9177c547d7953a6ab010b6930a3c3ce36b4e2997fec794bbdd75f9573a11d439bd28be3a10340

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\prefs.js

Filesize
11KB

MD5
2fe77a17a76fbe1787696155d66dce60

SHA1
ade507180381747a0ae415f623f4c096ee59faaf

SHA256
a60482f8129f37956354eaba235620172ce50e844f6bdfb522077133c250f285

SHA512
ebae48776a69e1ed9b094cfdaa0d722de99aa31ebab7872c6fe4b1aaf9745186e1cc4f18bce5eb46ad1bfba9145d0ebd6e3e806bf5e501a65b1f1d512da40c59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5n0dnl6r.default-release\prefs.js

Filesize
12KB

MD5
fa35d82fa295d85fdc925f438c03ad43

SHA1
10254f94666faba94b77fbe4a1d88724a9bb9f94

SHA256
ec7556ef79983ee580e5756bb723cd2dcf6e731d9a0dba477abb26febb075c10

SHA512
e1676c1c064ca58204b84aa55b34aab848f0b95ea1550cf5c5f377f065aba69c156b2509a077065c934bc2eed492a2203d2ea94945d37301f884a5d594e06c56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads