bfc092b384976e97153bae0e29359461bfd65fce5ad8188d6460de57bc680eaf

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1/a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
Size

1.2MB
MD5

81d3df03a7bfb9112626bdcedae6df90
SHA1

ba206887aa11de8e1b405e5a18bd04568e2b5693
SHA256

a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03
SHA512

7580b5dd5452afba147417685bf9d42816c7f32af9496e4f8dec519c0abbb9578206a5e432c1b884abaa0b9870c198b8d0c7d109b43590d95ea855bff6a59a13
SSDEEP

24576:EqDEvCTbMWu7rQYlBQcBiT6rprG8aLS2Sbly7TWEPje:ETvC/MTQYxsWR7aLS2dW

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2524	firefox.exe
Token: SeDebugPrivilege	2524	firefox.exe
Token: SeDebugPrivilege	2524	firefox.exe
Token: SeDebugPrivilege	2524	firefox.exe
Token: SeDebugPrivilege	2524	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
2524	firefox.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2524	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 3636	1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe	85
PID 1184 wrote to memory of 3636	1184	a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe	85
PID 3636 wrote to memory of 2524	3636	firefox.exe	87
PID 3636 wrote to memory of 2524	3636	firefox.exe	87
PID 3636 wrote to memory of 2524	3636	firefox.exe	87
PID 3636 wrote to memory of 2524	3636	firefox.exe	87
PID 3636 wrote to memory of 2524	3636	firefox.exe	87
PID 3636 wrote to memory of 2524	3636	firefox.exe	87
PID 3636 wrote to memory of 2524	3636	firefox.exe	87
PID 3636 wrote to memory of 2524	3636	firefox.exe	87
PID 3636 wrote to memory of 2524	3636	firefox.exe	87
PID 3636 wrote to memory of 2524	3636	firefox.exe	87
PID 3636 wrote to memory of 2524	3636	firefox.exe	87
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3656	2524	firefox.exe	88
PID 2524 wrote to memory of 3576	2524	firefox.exe	89
PID 2524 wrote to memory of 3576	2524	firefox.exe	89
PID 2524 wrote to memory of 3576	2524	firefox.exe	89
PID 2524 wrote to memory of 3576	2524	firefox.exe	89
PID 2524 wrote to memory of 3576	2524	firefox.exe	89
PID 2524 wrote to memory of 3576	2524	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\1\a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
"C:\Users\Admin\AppData\Local\Temp\1\a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1872 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb95c401-04e2-4c35-9e11-722a4cc0ab16} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" gpu
      4⤵
      PID:3656
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fbc3a5e-2179-4ae2-8631-2ef6300a54ad} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" socket
      4⤵
      PID:3576
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 3144 -prefMapHandle 3332 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea813a5f-a107-4f0c-a486-9b76a96ec084} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab
      4⤵
      PID:648
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3880 -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcd2d5c5-b980-4911-bb02-ccf52ac48990} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab
      4⤵
      PID:4188
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4688 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4640 -prefMapHandle 4668 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ae9b53c-0b65-4c3e-abd1-775b5bb20ffe} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" utility
      4⤵
      Checks processor information in registry
      PID:3196
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5360 -childID 3 -isForBrowser -prefsHandle 5408 -prefMapHandle 5400 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e9121ed-02e1-4d77-979c-db93afc95444} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab
      4⤵
      PID:4752
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 4 -isForBrowser -prefsHandle 5644 -prefMapHandle 5648 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c33ade65-3c4d-4ba6-bcb2-d023539cbcac} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab
      4⤵
      PID:4152
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5816 -childID 5 -isForBrowser -prefsHandle 5736 -prefMapHandle 5740 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {707033f5-f897-44a5-be7f-bdaf7c8ae8cd} 2524 "\\.\pipe\gecko-crash-server-pipe.2524" tab
      4⤵
      PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
e85a3b34fd321a3fe98723a2b4c46efc

SHA1
d58f6a87b9a3ce2d14815fddbcc86821b4926d84

SHA256
1d6c4c4a8469a5c23b80672e9c7a2057a9a56fb04a373fe8539590fc2b44af5e

SHA512
997a4eaf8ecde0196d571fc053181a59c54a5c9e2f60254244c86e623f9c24f3b4cc39491dcc78126f3e619330b0b0c6f7cdd9bd3b8d8f6f18d89f07076934e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
0491fb6dabf4e8c84274cf6f6c21fed4

SHA1
eefb1d83fd70abd63123a8b0cf78a83d36047739

SHA256
7aaf7945aded040e92c384e6795591642b40d4b0febc499b3e6e603a3a8a0bc9

SHA512
6c57c3a643530971fef9cfd7352e241b5cab9d46a2a75e6c710c8028a578e5886d48ce58d5fc76f8637352732b81ff936ca2fc32a88473d9ef236d49974dc667

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

Filesize
12KB

MD5
13ee55a2d3ebdd0f1de8c3500b7693db

SHA1
49e4b69ed00f4f35831abc2f99f8a6337ea254cb

SHA256
03ed2f63c239f5595c72de3dfff18dfee77273bb9fe5d81eb8028d220c6a7bdb

SHA512
c0ccfe4273ea225cdf8a79b9b8a36de083665f6f2d895cb163da848a39633d547967c380a8ecbb550d76e0ec499c1a307300f88d5ac668cca447a6152dc24b01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

Filesize
17KB

MD5
c42ed36491231f04d422515ed953a7c9

SHA1
4e446519f1d1b9c49f5591010a6780e2149374fe

SHA256
8748d935fd7b3cbe04efe3b4d763238cd08022b94e1393dd20b4f4f8c4150a43

SHA512
f6f4c8458839af94704b49d12b7c935dddc6751e484c9c42133fbd8d4807855f0dbc2cda3f65240abb8f6d13811b35f0b7559a0d068d6338eccf36aa066c9c62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
352a547f9420b611a6555d6b8933bdde

SHA1
c3cd62e17a5bd74acca068466f1bcc945c47581d

SHA256
a4a92fbce0ada3857b342d52e040795aa5d97bf327469bf8ff0deeb5ef6f1f84

SHA512
d8d333d8479de207b205c49017ed42c9f61ea821cea7c8f266addb74470006aa66901985f372e92c1755edc6a0afaeaf55a4856708f656448b9e14a1cd5de926

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
32KB

MD5
b9da68e1ea72a15711cfe0c5d494ecfd

SHA1
c0fe85a19e9d63c064b9c560c5d3d2ddf780994b

SHA256
103c718c4c9b5fbf0e9ed27a6bff3211813b813ac4a566e7f2dc4902a48e849e

SHA512
edebe243135934c97c94e448226dc12d88a79b5b1358fc901793b1cf61b183468de6c4527eaaaa19b07a7b94cd81b033630a8de78cfaee91de89ff38f670cced

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
dc55ffc252b705e66d2ae8559ea3e158

SHA1
85f08b2cbd0a39b94913a4981729aa80dda158ae

SHA256
d5b2d78fa483aea5cb90ca6a5cc87b99d1b97dc62545fab6c444228cb89f015b

SHA512
7d53536fbd51c37baef7551e63428487e05273e7b97edcf7adbcc52706dcc30143d92cedd85d1a00bc7344de08ac6b2945c9fc84de8f289ec540fb01885ffc9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\868a8277-c148-4d5e-81b8-50b67cdb4954

Filesize
671B

MD5
75804368171136ee3c14859a73ddba5e

SHA1
396083981c0bea391aab835ae57b871bb57568b4

SHA256
0e85fe9314e279738e4f0d0ad2396a9a14793b4f427e33978b7fbd0208f66a84

SHA512
df48679894f70ebd69f40fc7fbb7344b2d79961bf0673e6ce577afebc96cec8c16137225adc0678926d25a68a3c0778c74a4da5986e33999d2374f0feaf36cd9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\dc88a6a4-4ad2-4994-ac10-e4496af48c93

Filesize
26KB

MD5
22919fe3d9c25b8930434677eae44b01

SHA1
58a0f7e9df67900d22cefc857d746aa3d53ba437

SHA256
cc237bf0e31a6ba109b51e34bd26da5ba1c984224c239f1fcfbaec628cbee769

SHA512
749789cf3c0e3cccbc6f1c99230e8f7a4c70ee2b92c35f1401b863d7983a23f28864b9cdd4a955b280aa2a2ead604086723d33f30aa14590c3f71e7f0d8e8dc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\f398c30b-7a3f-4d3e-833c-f388b345dba6

Filesize
982B

MD5
494bee0b406c9441eae0d6d0fa4456a4

SHA1
b717fcc82eda802073dba6f49381bfde84b7dccd

SHA256
af2ad581bb9b630340cc8a77a70e5c1b5ecec2dfdd3dcf1f600ffd94f43cc2b8

SHA512
e2309504b1130444b92d300bf08a11ab6b231eb91a8d61f7185d6dd8823ffb1ec3adf903eac47876ec4736c17bc0093c9a507e578ed5d99d8f5eb5b289b27bb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
13KB

MD5
e07289ab36cb0aa27597d1f9209930d5

SHA1
ddc35e9e67f410dc065fda46aa17b026ff40cd79

SHA256
6c333d0e9dd8f09021524ac65dbf0efb891b9ae27a9705e3d1a8ea83226f3d60

SHA512
638fe922ed052239c14eae3b9ad01393e7b77061b6671099b00d6e09d17a619ada990b6efb363904ebf95f30157868f9c752dc781d9549930f774a9490f2e331

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

Filesize
11KB

MD5
7d91ee6098635cd137d66a6baf4b1e7b

SHA1
f0b77ddd47b8982a27a3a7e1163a0fd9d0262cf7

SHA256
e5d813898b491e94ff99b2051d85397c774f2d810fc6af527e7a9b92e0d9949a

SHA512
0ff469be28eb4b0c09b2a087791bcab1da4f4c5c79dca373b5a06c80b548b1e8a999458bd261c40d94c1d5f28d83d9d73795faa632df3538e15e52d5b45d7161

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs.js

Filesize
8KB

MD5
b07ebdde336863d81b3ce4e1ee0a8941

SHA1
4bda1b07eb3c06475251c9e3f5dd3e21ccebcedc

SHA256
9d512b629ef3bfc5a8ebc66d04597a82f8279b9ae6b8e86b290b4c25289f9c1c

SHA512
39287ecb8b5f3b2e2d7f5706f585ea7db4909a9a3927e7851d810dec3b1492131edf02a701a5853df36c4ca0b0cde3157e2fb0434e89ea931e2796140efef831

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs.js

Filesize
15KB

MD5
467f762bbb00d372898b4d19ca24a7ff

SHA1
a19677505351d81209b8d1170c89f55b0dbd6fef

SHA256
5ee4a3570db28f2b0949b4af2015822d7ad3325a8f1ffbb94b4f9d6d9a7963d1

SHA512
8bc0fec41b5b0c5be65b824b4227aeeca0eee0746123fba60f7308b2533069f5760a3f3b850d666620746b0a6ff15fec942b8b26b848b425a4f83564aeec3bee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
968KB

MD5
03d41e419d7312737faf315e4e318d2a

SHA1
ea9223bb85563edca0f7c201d3ab309c17716022

SHA256
1459b401d8221523f0745ce7cbd4e23bed84a2f1aa0f6a0096a2a55504dc3057

SHA512
86a54021e9389fc10aad588ea17892354a79f82d90dfacb6b0687d622e40ba27f4c50a65d882c4df13844ca245b9a2eaae4f6cbadf79cc897a51dd446a4d8a28

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads