0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
Size

1.2MB
MD5

3bd07da4263220ce8651d4d9117b6bf1
SHA1

aa56a30f15b09e5644e0d8df0305d05e0275a634
SHA256

0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766
SHA512

238c6854f52b25d730c1565ba11d326ec218d02621dd73cac0d9eb69b23aa13ec9c3f7707c8809433f492744e3817bb53ac6d7dd49b2ad4ffdc64c0edc548345
SSDEEP

24576:gqDEvCTbMWu7rQYlBQcBiT6rprG8aLq2Sbly7TWEPje:gTvC/MTQYxsWR7aLq2dW

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1424	firefox.exe
Token: SeDebugPrivilege	1424	firefox.exe
Token: SeDebugPrivilege	1424	firefox.exe
Token: SeDebugPrivilege	1424	firefox.exe
Token: SeDebugPrivilege	1424	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1424	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 3780	452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe	89
PID 452 wrote to memory of 3780	452	0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe	89
PID 3780 wrote to memory of 1424	3780	firefox.exe	91
PID 3780 wrote to memory of 1424	3780	firefox.exe	91
PID 3780 wrote to memory of 1424	3780	firefox.exe	91
PID 3780 wrote to memory of 1424	3780	firefox.exe	91
PID 3780 wrote to memory of 1424	3780	firefox.exe	91
PID 3780 wrote to memory of 1424	3780	firefox.exe	91
PID 3780 wrote to memory of 1424	3780	firefox.exe	91
PID 3780 wrote to memory of 1424	3780	firefox.exe	91
PID 3780 wrote to memory of 1424	3780	firefox.exe	91
PID 3780 wrote to memory of 1424	3780	firefox.exe	91
PID 3780 wrote to memory of 1424	3780	firefox.exe	91
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1900	1424	firefox.exe	93
PID 1424 wrote to memory of 1572	1424	firefox.exe	95
PID 1424 wrote to memory of 1572	1424	firefox.exe	95
PID 1424 wrote to memory of 1572	1424	firefox.exe	95
PID 1424 wrote to memory of 1572	1424	firefox.exe	95
PID 1424 wrote to memory of 1572	1424	firefox.exe	95
PID 1424 wrote to memory of 1572	1424	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe
"C:\Users\Admin\AppData\Local\Temp\0688a52cb953bc90f87f39cc91c0f586700934930df9d35d61524f51040e8766.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1424
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {752ed177-e7d4-4a70-96f7-8e224a130faa} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" gpu
      4⤵
      PID:1900
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0bfdad2-b19c-4964-a808-0258781aa0b3} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" socket
      4⤵
      PID:1572
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3100 -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 3124 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1a9ec84-905b-48ff-ade1-5caad09cf6b1} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" tab
      4⤵
      PID:4492
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4020 -childID 2 -isForBrowser -prefsHandle 4012 -prefMapHandle 4008 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07ed08d0-9ccd-4c8c-a69a-a6b225d9afdb} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" tab
      4⤵
      PID:4776
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4916 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4908 -prefMapHandle 4880 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01b89dc3-34c7-4c2a-acfb-473c702b7284} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" utility
      4⤵
      Checks processor information in registry
      PID:5408
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5168 -childID 3 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a5ecd4f-1e16-43cc-bff8-f487d4fda1cc} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" tab
      4⤵
      PID:5536
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 4 -isForBrowser -prefsHandle 5144 -prefMapHandle 5140 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d55c0c49-cc66-4dd0-ad3d-e6826d8ac3bb} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" tab
      4⤵
      PID:5548
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 5 -isForBrowser -prefsHandle 5152 -prefMapHandle 5148 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36dcb37b-fa76-4b6c-b95a-cb86ff0bce68} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" tab
      4⤵
      PID:5656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\activity-stream.discovery_stream.json

Filesize
23KB

MD5
e7261e31aedadcda182d8176d1fa0317

SHA1
a44da292fc7393cba41c0d0574f861df69791f7c

SHA256
c4614439f483b2d9a2ed0591978a8300adeba33476fc7807e3be1c2087839479

SHA512
55c12849040b56dc66261ea5777df08e3f25c33b16318ee385ae8d2d3116f4c2828a752f7b403fb4ac7b40f7232722d2ecac79ca6f8e5f9f9cd75337684959c3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
b1e0d9886bcb75e17b183a015f9dee17

SHA1
4e4062e12128ba33ac967cc71ed52a9577b358f1

SHA256
7a9aadc93ea50a323a539b97052c415eb2e4785b94e8c7affc710e511e312a71

SHA512
e30981787814ad480da2bc593e89b1c10615098a5bbb611d862fed7613b3cb611946003ed0d5cbce7fe43621b466b8c2ca0490367080ad0b3c156e28230735d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
12KB

MD5
31f71686af45ca6be01db25ed3732acd

SHA1
b0d946c930be1dd6ac0187e5fce588157001eb4f

SHA256
ff8239f97636027fa0161e47e9603a911bd9ec2b66c862c41fae05984ffd44d7

SHA512
03579d32ef3ea92b2e09223204383f0b2a1be4bba0e4c7d735c14f69d625ca04273ae42652e9530cf9d36720c26b7dec275c7235bb3b8ec09d1219c33c7dba51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
9d411218cfabb03d1929bb4902ece449

SHA1
302459e74053bf36be1c71440d16d26b4722618c

SHA256
356f63bd3c3ed44507be7ff1b5d668430e31be5938ef7f39118042ad934f27f1

SHA512
6338c6d9a3bded37e11f56ab69352fc7c3265e21b4a1db5eda1e0a7aac5ebe98a12d752086eba0b6922ddeed711953395bdd77188a2676acb0fb9001035459be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
760537032c4056bade98947c302fc6ff

SHA1
f07ae9c85055cc769f703a27773b9eaf518e8ca3

SHA256
4d28042d63921d9a1f7d07cdc2a97575b371ed41a874d0b7b2e2e8aac21b3963

SHA512
ea9d2be03d47c9ad984e84845acbb6dc1c3612e2a0b871d7d8e2887759230921b669a246408c820d7a4d4bad12ab49e517e9589980f828e634f5034d53076230

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
a450adcea1055977d4e9ea8021cf8713

SHA1
e73c345b26835526cb78ff79d4ae3a0369d5090d

SHA256
e196fed36c77416875d2eb0c757ed723bfa6ce8a5606cda616866e4cbe54442a

SHA512
6314e9ab36ff90e7794563fa2a200e388298ff71b4f6297566847dd0a32c6cfb72c8e24d0dee715932f8855889aeefe955168c72c8ad1d4a7ffbcce10382b598

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\5574b29d-f385-473e-90cd-31334e5e86f6

Filesize
982B

MD5
d34f82197fc37614bce4d8a2ab9585d8

SHA1
2f65fd48cd5530a094c40c631466989087056da5

SHA256
9d0ef547c728ccb46e31bc36c0f6bb7f2ea0a57ba1e47f0fbfdb702a1bcbb5f7

SHA512
fa692de00a4b328e75165e0e10d0a72aae9ac14aa374a666a2ba8d15da447b6d6d008ada80f85dea2f35300fa1498c371dd22681eae2ce8ca9c8266f8733cf78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\d415a828-3667-4bcb-97bd-fc242c2d4309

Filesize
671B

MD5
89a13d76b4da52e4ae95e178e7788967

SHA1
1622b83b73c517feda7c02b2528e5ab6ebea2a86

SHA256
c9db005ff661fd456bfecd4653b7c18d8987805cf34d669da5b8079da3460726

SHA512
c597f717e58b3f631b342c9d1726fdfb384ae1774a1b5885b2b52be5d3852c959b1b874277415e79b92408bcd9e274a99b65217b8a5b72e0f8d2aa976d883dec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\e4361001-0704-4c7a-8c60-8990f507f58b

Filesize
27KB

MD5
cef91feecafd29b92fd4e31e3ca862bf

SHA1
785137f295a6e69ff1ddd887970fba9f718f20cb

SHA256
bac220a996825a5996a5373353fd4ae5d43917cb8d2044c29e2a2f92f1c9624c

SHA512
7602c041b5e0170859262dcac7530194975765657b021e6a2ac92b8554f9cf11274ee50737a786e6f630dde2cbd2b5d7451b2d3e3875008345c6680994d0e2c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
16KB

MD5
480cc43937b2e4d907242cc3bc012548

SHA1
b15644409f1f1b2d20144e5d1cfca4ee2a667d7b

SHA256
b40c9437ba422ef335ca2b6be0386e4a84a326a7c0ea688a95489615a4ba8093

SHA512
aae8cd69863150735bdc857b2d9997b22b7aa01d5e7071c0282f8979f9c78279dd5710e70d1b4da544b49ad8081a15f885bb349ed70f19cd322d01b1c283bd16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
8KB

MD5
8b2154de31b0c5284be4a9908a09d130

SHA1
9b34489dc46f8fa5223717841730d96dd024f8da

SHA256
6117a372b77867acb5a1e54cbd8cb204dd05927fc2bfad0d29296dd9ad497e37

SHA512
213acff4c7ca86e687ab5aa6933197860fc1537f7e885dbccd11172a46db84468cff8d6abeb640b2b6cafb49a8a3291ac0fb896999f5584f12cae2443dbfd0f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
11KB

MD5
75f82db1f7460bca69578f535af55246

SHA1
f9c9a706ec3608b1ed88e58aad51f2f44f12a951

SHA256
7bf32f529c85efb2241f553e5f2e1a63c74ce023c0765d9dcb3d36b2afbd9268

SHA512
420042e46d3c1460c5e9198d65beb26787716aa33ea98e3ea649873dcb4b7e80d7b1cedc9c457b9e6f36839d7ab49227227513df14fdae0e185d82c07ce47d37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
12KB

MD5
0447027631b110fa286399572e193d3b

SHA1
1ca4b5db907d3bde83fac78bd2f799ee8bbd73dd

SHA256
4f8317467e8a73b2c6ed7bfbbf70cf2f863a7bdf439fc50cd359cb39bef48a3a

SHA512
d05e518e900a94d77a9ba412c7b876240b277612bde70904c6e71179d15a8416e1f7ab7a43a0d2652737b1c4fe20b93a7ebf72accbae7ffd288d8e65ab9d8715

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads