17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 15:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
Size

1.2MB
MD5

76167934679612c410831731739b8a28
SHA1

71a4bae97c430d700f1e957d903cb85c95c4285d
SHA256

17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b
SHA512

c8ed892b2320c08129e939a03aac1222c61f90b2a825bd357e18271cc5cc47b268b93155ac0162ff8a77187265344393a64be9eff074027251476353b7e5dac4
SSDEEP

24576:YqDEvCTbMWu7rQYlBQcBiT6rprG8aLB2Sbly7TWEPje:YTvC/MTQYxsWR7aLB2dW

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1552	firefox.exe
Token: SeDebugPrivilege	1552	firefox.exe
Token: SeDebugPrivilege	1552	firefox.exe
Token: SeDebugPrivilege	1552	firefox.exe
Token: SeDebugPrivilege	1552	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
1552	firefox.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1552	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 444 wrote to memory of 4284	444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe	86
PID 444 wrote to memory of 4284	444	17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe	86
PID 4284 wrote to memory of 1552	4284	firefox.exe	88
PID 4284 wrote to memory of 1552	4284	firefox.exe	88
PID 4284 wrote to memory of 1552	4284	firefox.exe	88
PID 4284 wrote to memory of 1552	4284	firefox.exe	88
PID 4284 wrote to memory of 1552	4284	firefox.exe	88
PID 4284 wrote to memory of 1552	4284	firefox.exe	88
PID 4284 wrote to memory of 1552	4284	firefox.exe	88
PID 4284 wrote to memory of 1552	4284	firefox.exe	88
PID 4284 wrote to memory of 1552	4284	firefox.exe	88
PID 4284 wrote to memory of 1552	4284	firefox.exe	88
PID 4284 wrote to memory of 1552	4284	firefox.exe	88
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 1780	1552	firefox.exe	89
PID 1552 wrote to memory of 3248	1552	firefox.exe	90
PID 1552 wrote to memory of 3248	1552	firefox.exe	90
PID 1552 wrote to memory of 3248	1552	firefox.exe	90
PID 1552 wrote to memory of 3248	1552	firefox.exe	90
PID 1552 wrote to memory of 3248	1552	firefox.exe	90
PID 1552 wrote to memory of 3248	1552	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe
"C:\Users\Admin\AppData\Local\Temp\17d227e00d00cc84fccfa4109db73a2c10507ada1913087b73e1d1ae065e4f7b.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:444
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1552
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ad5bc65-c823-4572-9f6c-b19448404f0b} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" gpu
      4⤵
      PID:1780
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 26675 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ec1d8eb-d575-471c-8eff-c035c73a1c60} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" socket
      4⤵
      PID:3248
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3060 -childID 1 -isForBrowser -prefsHandle 3012 -prefMapHandle 3136 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d65c9451-681b-47e4-bf0e-9363c89ced26} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" tab
      4⤵
      PID:5012
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4104 -childID 2 -isForBrowser -prefsHandle 4092 -prefMapHandle 4088 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0c9db8d-5823-4087-8276-81f2b3913360} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" tab
      4⤵
      PID:3272
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4660 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4648 -prefMapHandle 4784 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cf345d9-4143-47e0-b713-aa14150d3e29} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" utility
      4⤵
      Checks processor information in registry
      PID:1172
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 3 -isForBrowser -prefsHandle 5424 -prefMapHandle 5420 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f66dbab-3d4c-4919-ace7-fd6a2089f9ab} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" tab
      4⤵
      PID:4340
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 4 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b729ec3-75be-409b-b131-2bcd7637a66c} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" tab
      4⤵
      PID:2980
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5712 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fec957bd-bf93-45bd-80e8-5456f8a01ddc} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" tab
      4⤵
      PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
160024c4d50e009d2e0c1cc3508f9015

SHA1
b1de2928b257bfd926e351f0a79a4594b7e2fe4c

SHA256
6a560a8f67c71bcfc14f9b180fa1d8358645545058520960e1e377b17034902d

SHA512
cc355d1862a166e7ae7e57b3cc4b49f6cbf0b3bccca85cf88156f54de20c4b5a9301bcd77da1b7679d9f7d19286aea58a3199919fee558c16b32376be5f9bf86

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
bf47cc43c4b37f13b743f102906a4df0

SHA1
f8a6304f6417aea8f103cabfd07bf1da8d9aec83

SHA256
8111d459502e3db7fbb7467ee5b909540ac3848fcaf5b83c6dd7a6fec8f4cd6f

SHA512
97453e6317f6a2733746575f2eef20e069b18834be7301fbf7a6ddb756df3733b7407ec852cc7cdc1e76cfa1a8ae6918c6ed26e248d67cb759612b5e43a11e29

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\AlternateServices.bin

Filesize
10KB

MD5
5efab25736ac81eb9db781376b26bb70

SHA1
fc0a6567b8d30e576a566b3b5e316ff550efb6cb

SHA256
2df593d339e97648126769c7502c903d33f8660aa05571d6166c978b51e97a8f

SHA512
37212d79aa3ec5f96a11cec146d6c7041c02251f7a8aa0a027353c0ea8f9e6c030e06628d0ff7b45a2dec36bbabc37aaa35f31b531ce6ec408b1789a40edb66a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
7b0c71b2818569f376ba567f6527339b

SHA1
5d3b88379ad5d53cd9a2f77abea054801e0576f2

SHA256
803b99b81ebe34006e16db6319e1b37eb09a16e38ecea549635a41ff8f442b1a

SHA512
25268e8cf27c8c10a8d3485080fce420161ecea75ff8c4678d605ccd18f18cf0e7d44ee0579df2d9817eff0e9be95c9fe862409845a9a8baab7de7d95244b033

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
33KB

MD5
c4520bfcd3b66a9da8b113d79e931b21

SHA1
65a83748084c5351c3bafbd44977235350920dc9

SHA256
9330a62882080d135b8456e0f22ded8684a2cd7e2b46eacb19f94265a326fcb7

SHA512
889ae5e68fa5bffa1846875f8c54c7c8a4f28e6a12b5683f7e22c1785afec72471745816919a1ff87e6914b26b5b201127201580f757e8fc3ecdf95b6e311220

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
a0af5611fabfaee486abb91b82fa2d06

SHA1
f9d5d52418c44df3efcaf6c98a66fd9db5417d3b

SHA256
5d8a2e24ff1caea0e5d8fbaedb73d0e44d6b2a56292ac95d05153bb052867eed

SHA512
81023db099c38c6092fa1cb76453c4a6a3ea1a1c97ad5374a270af6d0cc62dd5faa80c0362994fbc56b0df056f78d3d105cc77e45ef5daf11d6c31eb480f83f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\315c32f8-8167-445d-9db5-86196294170c

Filesize
671B

MD5
e84eae631934c134d2ff8ad3357ea6bd

SHA1
91e494a95b3ff9aa4037b2ae842639fb80d148c0

SHA256
167f82f5ba26565d39a0f0c95ee9277239d67d42ec6578f07ca56657050c06ce

SHA512
2f2563c4698f8e9cff98da28ac8a6f2c481054d4154b385e4136346a66979fa061f2a6e8d1f0fb3e47c755335a96cd3efb2dc206f1eba1f196dce7692aacc091

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\90f4214a-c1c4-404d-a912-af83af0a92f4

Filesize
982B

MD5
1a681fd40f5e0fe64f813474f64eac03

SHA1
0cbf7329b9bd2cb1da9c82880a6ee973a0200826

SHA256
a9d9c44e5816245036dbb954dd3b11e23d747e09bddd3701bba30b98e5229dd5

SHA512
4a2ac55df8ebc0c50582b91721beebf300f182005d278ae911a0bd28769c319a433025a37768d32d470abf407a2bf82d96d6d7587edbabe11c84e3aa8b537ea9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\d89ac61d-7d09-4abe-9ff5-47eb615e237d

Filesize
27KB

MD5
41c3d945daad07ef707f7211fd3dfc99

SHA1
aca8ae9fb2d7e66b245ab2967c97a19a8a4c8471

SHA256
63eee2f182a6af2422ff6f99a494ffbaeea1931254acdcca2c9e0b305b38aabf

SHA512
9e5e2420f2944d094dccc76d7eab53c6ebd1a870f2b03599ab711ce9a6ba60f4b55001c2d7f7da69fa4640f8645edc7c6feb304d0ac98c61d33e0d60dc11c736

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
13KB

MD5
cd13263b0073d2d4426d50a795aff05d

SHA1
96d01edad74e414b370e9c3a23dfac437c68d33c

SHA256
4a1ab91b2d95c3b4da7f26a59ce7d21a59156ad272510ae6f9a97d7126ec32de

SHA512
92bf4fc5865f8c2b5d8bed56949588f146d861ba4d848da421063ab3a1a738bb29c3887a3985d9922dc393e82a1be0bc64ec51f1e85f3b993807ba0fdb828612

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
16KB

MD5
6188caf6c3fd5623fec4badd7b134111

SHA1
08094fc5e7d021cffc0c97da712cf37a689aa7b4

SHA256
7f38cd9c57a315bb60321a6504175e5cf6fc4bbe4c2062d682b3b52cfb113d5c

SHA512
198591678ed269806f4b9203fd74e4d80b850875d553c4137e7f66718ee7371e544616853ea13df6d5b4f9c97e6710e6b707c6c1dc6ea999fb8baea505ddeaff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs.js

Filesize
8KB

MD5
80dac293ce6a7b04b5719c070cf01b2f

SHA1
6170c199db82a9768a7baa9972512584b278eb38

SHA256
c3e1056640c5670f9d6dd8cb29ca01b6b4c35dca4c1de493c8c967a7bbe592e1

SHA512
a0cfb6b6832dc783878c1ff14e87e790c5eef0ce398f07a94282b26a32564e1c89106d69462b66602077e32b9b7ff309b7a8a2e1439b9a462456bd288649d443

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads