14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
Size

1.2MB
MD5

3594bfa1c6bcfd8eff4ee54745862e9d
SHA1

b6ea9df4ce15ab4a51a51aa370395edcc933e9e6
SHA256

14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad
SHA512

51cea9262de5ae9f93f1590ec00b00e88650b397dc53c8148d2dc3bc8d14797bb7f4278c65d0650459dde43d3bbbe3f23875d612987d43ffc424bb51eb8d1e6e
SSDEEP

24576:+qDEvCTbMWu7rQYlBQcBiT6rprG8aLR2Sbly7TWEPje:+TvC/MTQYxsWR7aLR2dW

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3524	firefox.exe
Token: SeDebugPrivilege	3524	firefox.exe
Token: SeDebugPrivilege	3524	firefox.exe
Token: SeDebugPrivilege	3524	firefox.exe
Token: SeDebugPrivilege	3524	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
3524	firefox.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3524	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 3196	1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe	90
PID 1608 wrote to memory of 3196	1608	14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe	90
PID 3196 wrote to memory of 3524	3196	firefox.exe	92
PID 3196 wrote to memory of 3524	3196	firefox.exe	92
PID 3196 wrote to memory of 3524	3196	firefox.exe	92
PID 3196 wrote to memory of 3524	3196	firefox.exe	92
PID 3196 wrote to memory of 3524	3196	firefox.exe	92
PID 3196 wrote to memory of 3524	3196	firefox.exe	92
PID 3196 wrote to memory of 3524	3196	firefox.exe	92
PID 3196 wrote to memory of 3524	3196	firefox.exe	92
PID 3196 wrote to memory of 3524	3196	firefox.exe	92
PID 3196 wrote to memory of 3524	3196	firefox.exe	92
PID 3196 wrote to memory of 3524	3196	firefox.exe	92
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 968	3524	firefox.exe	94
PID 3524 wrote to memory of 4424	3524	firefox.exe	95
PID 3524 wrote to memory of 4424	3524	firefox.exe	95
PID 3524 wrote to memory of 4424	3524	firefox.exe	95
PID 3524 wrote to memory of 4424	3524	firefox.exe	95
PID 3524 wrote to memory of 4424	3524	firefox.exe	95
PID 3524 wrote to memory of 4424	3524	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe
"C:\Users\Admin\AppData\Local\Temp\14f8e04ba398830da5c552a507e5d025090a64517e89900ef170bb145be38aad.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3524
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1924 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e803869-53d4-4bb1-a61b-271ebe44bdeb} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" gpu
      4⤵
      PID:968
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4df0cd83-ada0-49db-8e39-1b4e4ce7e998} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" socket
      4⤵
      PID:4424
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 3184 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f67e15d-fc74-424d-b033-3bee5e1ef189} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
      4⤵
      PID:2748
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3896 -childID 2 -isForBrowser -prefsHandle 3888 -prefMapHandle 3884 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99fd32d5-92fa-4ab3-a232-9bf7a76d5974} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
      4⤵
      PID:4988
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4800 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4792 -prefMapHandle 4788 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2585e49-7db5-415c-94be-0e876742c8d3} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" utility
      4⤵
      Checks processor information in registry
      PID:5268
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5124 -childID 3 -isForBrowser -prefsHandle 5316 -prefMapHandle 4588 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20b0a661-1b02-4c2f-9454-1074071deef1} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
      4⤵
      PID:6016
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 4 -isForBrowser -prefsHandle 5304 -prefMapHandle 5400 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3db19e5f-fdf0-4d06-a7f8-816cbab9eb03} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
      4⤵
      PID:6028
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5740 -childID 5 -isForBrowser -prefsHandle 5660 -prefMapHandle 5668 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1bc604d-a237-4490-99e9-faef1dc13bbf} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
      4⤵
      PID:6040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1l89xtkq.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
76cc86d51d90c1e35b2964849677bc2a

SHA1
c55efe38e9986bbb12b8c1baa2cd5fc8f9c52cbf

SHA256
b4ee9a114156ae5910a9b766e39f827ed07e64102fee14b7e466246f112cbd29

SHA512
3116d97487c4b441e1205d2f8613d61e323178180ca2f79403177a95a4fe373a71e36b6ef1f953b3852bf63cb914f4e3863baeb99ab6ee535c2dbeebadb4868c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1l89xtkq.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
a5d71d253235ed2bc99cc6dc37d7704a

SHA1
6fa578a0f2e538dde289b24c6136f8d9098b0aee

SHA256
a662413feaf979386ebb68fa1ea352d5468dd88b7af7dadd67758877cab9d790

SHA512
c3d396d8ef6c86200470df35fb1d10207759a73e1647d57e1cc9dac73ce852dd7539e5bc3a6db01b6b6b5eb3793db023f9a861b7e72f21b652b9ae53efdf13e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\AlternateServices.bin

Filesize
11KB

MD5
a97907eaf8caeaae1e57c2a2f8ac2694

SHA1
a6818238ce09723a73e2e99f98032edcd3ae0364

SHA256
7853ac3b0682d227b5b8b63f7fafcf4f28998a3e7da4b1fa5f2445f29ae7c88a

SHA512
a7d4e2747b5a43f12ac69adffea80a31c6fcecc94ea612f9c5d228c14cf00e14b2ee375955eb45f016df4c5c1626bb27789e725a93385f713202548b78ce1a85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
2ee463b66d9f9d02dd5136a8bdabfedd

SHA1
76c1f0180b124f40c71a0088d57dc8e9bfe08c4b

SHA256
861d447d975298444a8b172d5af333e04ea7ae5f2bd98f7ac64e80df80499249

SHA512
74aabb5830f1158f02135066634f41b66d30fc4efbef696421ff257d91f101900ee459c168507bf74a4cc70ac0c6bfcadbb59361037cb5768f693ca023e0ff5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
2af5e3bff2fa4c066f4a7fc84fe98966

SHA1
9fd071898fb75ef00911a5b815336425418e3e03

SHA256
87424c91e4855cb107ba76c2e223a409fd9130e70dce252175fb354712fe2161

SHA512
07da0616c8a96af963a864a9d7e8544da626ca3da0dbf3e1dac5940a4b757f6c94ea2508db92c594a3d8d46e2eda8c5ba2a7e87047cebb0fdb17fa04d2681959

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e5b153ebedfc5a60ae34ed8274616eaa

SHA1
e08fb28241ad205bf4fe6e6fffb03b7b55fa3ad4

SHA256
89e4bbab06ad6ed18699c3c9b661a8026e9729822c0bd5581d48178f1824686d

SHA512
afa9d954e42d9eef5c56cd7156db14936b3cf58734798bb67252961bce7f6858e63b61043116a5b6e649e02df7ec087377ed67568a09dd02fc22869bf3c377b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\pending_pings\1cf6bb0b-efd4-47cf-bc09-9dfe2e748109

Filesize
26KB

MD5
88cb45bf17eea4bebcba600371a34abd

SHA1
7383be753d3f9122bb877ef64b0e93552c03837f

SHA256
b3ff3a84356c552c8e89fd4d0768b8ddb5bf5de7f67e2574a9198010bfebe0df

SHA512
ca9954745129ee2f38b6993f3941d96b99231002901500b542cb29d2bf188ec223e209f829f874f7c5f0b616686c1c4073e32fb62d76374d4af7f72328fb3e43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\pending_pings\78c4ee11-6895-4eb7-ad29-689e756831bf

Filesize
671B

MD5
1750d37918c6d0bd3b61c8eef48ac3a6

SHA1
e3edd9a26175c399d64247e775115374d0f0e1c5

SHA256
9ecbc9a07c6b88c470f9ceb1a5800d415b62e82432f8a8ba5fe6e02c67097227

SHA512
df2f068e0f07ab8cf09863629c32ad972d8a1f9609e5f6dde321b7a6ea3614649168e2e409772e6402d05b46fb9e930346a1ca008195f576ca10131588e27b01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\pending_pings\e72cfb04-0e91-4049-9aaa-40a7a0caed8c

Filesize
982B

MD5
13f9b77b81ed765d48af37da175d932e

SHA1
9ee5e15a1227f372e6aa936d52038efbf3c05907

SHA256
6a4e7d4ea40509ffea4db973a5f82b8d232ee7a4a94690fbd54d93a293b97e47

SHA512
d564b4b9bc5f529af4b62146bc7715b7bd4de74d022205b35bca9bf650c630d5254158e9c4fe2ceaed934e9428e9211f0ec58468adccf613cae9be06f0c1b97e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\prefs-1.js

Filesize
15KB

MD5
f9bc834b1a12edd61cdd6843defcf0ef

SHA1
54da0e683f2f659a277a01f1e268b5519e90cbb6

SHA256
8198e34ae15e522e9bffe41644d08b9a2e2aabf80b59c469d8960ebd2a400741

SHA512
d9ef0fe1a9a6479a4ba0109be2128bca441c7fcd9ed5dcff25f4e3e670c64cccc9063f32eccbe73bb3e1d6562a37c866d5200a12a148f7dab650e814a984289c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\prefs-1.js

Filesize
12KB

MD5
ca81ee4860a6002592b7f6ec303bd173

SHA1
75dbc942de54c58c6d89582b6cf448d3b75e380c

SHA256
d12b491774cac8fbc0c7c17f456ed9aceafe5cc0cf9fa16ccb173c55f1c86926

SHA512
fde01d9f2e737e104df10caf27e5f02d4d41ffc5cab8b4f4d111eb150cb6fc3c8cd0c47e56b21aa9f2e4613d7b7f852371f709a8d0ae375768278c82cfef277f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\prefs.js

Filesize
11KB

MD5
6cbae583b7fe4d5d87801b8359782b7e

SHA1
96cdc892f7862dc4ebbe8a012b27aa8304d763d1

SHA256
479f0dbe1111555e7fd5811069d968ec4e7c2d5015311f9aaa0ba15a53158471

SHA512
9f93dc1045111b1b09bfd5cf0175eb1c045985b3c015c12ed2589865aaa11b80c1d1f3f6d43fd870a1d80029c7df1d5348cb33b40805addb064406a9270f6967

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\prefs.js

Filesize
8KB

MD5
afd7bd1113ed1431e38161a5e5f33a9e

SHA1
e7095af6ee4ba7bff7ed6b42d618ccd2e2dbe16f

SHA256
adc86f0c9242f7e2de6140daa0e4d9319458b873b8a439055b6643fc6ce5db64

SHA512
1b00fad233dd52d6ec19bcfb629517e978bbc915418ca01f4bd350399a42156ccc809ad07ca3a92ab1fc7e7ae2ea769e0a225a94f94d18559d8005eeda803918

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads