77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
Size

1.2MB
MD5

ddc058ab3ae200bb8f574902e467fea5
SHA1

83a4a62bf41c8c0cf6730c2fdc8059ce333865f5
SHA256

77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871
SHA512

be6bb8a7fc2f55f3cba624816ac1a8d7c1f3fb374bfe93b047ba780c7698f819e2402a6e090cfc811e0f756476cbed2b4e0cbe35a77b541a2d6c89057e4ee143
SSDEEP

24576:KqDEvCTbMWu7rQYlBQcBiT6rprG8aLK2Sbly7TWEPje:KTvC/MTQYxsWR7aLK2dW

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1156	firefox.exe
Token: SeDebugPrivilege	1156	firefox.exe
Token: SeDebugPrivilege	1156	firefox.exe
Token: SeDebugPrivilege	1156	firefox.exe
Token: SeDebugPrivilege	1156	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1156	firefox.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1156	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 3024	1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe	89
PID 1076 wrote to memory of 3024	1076	77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe	89
PID 3024 wrote to memory of 1156	3024	firefox.exe	92
PID 3024 wrote to memory of 1156	3024	firefox.exe	92
PID 3024 wrote to memory of 1156	3024	firefox.exe	92
PID 3024 wrote to memory of 1156	3024	firefox.exe	92
PID 3024 wrote to memory of 1156	3024	firefox.exe	92
PID 3024 wrote to memory of 1156	3024	firefox.exe	92
PID 3024 wrote to memory of 1156	3024	firefox.exe	92
PID 3024 wrote to memory of 1156	3024	firefox.exe	92
PID 3024 wrote to memory of 1156	3024	firefox.exe	92
PID 3024 wrote to memory of 1156	3024	firefox.exe	92
PID 3024 wrote to memory of 1156	3024	firefox.exe	92
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 1116	1156	firefox.exe	93
PID 1156 wrote to memory of 2952	1156	firefox.exe	94
PID 1156 wrote to memory of 2952	1156	firefox.exe	94
PID 1156 wrote to memory of 2952	1156	firefox.exe	94
PID 1156 wrote to memory of 2952	1156	firefox.exe	94
PID 1156 wrote to memory of 2952	1156	firefox.exe	94
PID 1156 wrote to memory of 2952	1156	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe
"C:\Users\Admin\AppData\Local\Temp\77daa23e6f3530f15712c0de18bf159d69ba6e3605d82d2d5ba872c9a8dca871.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1156
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {75b67c74-3727-48f2-975d-f058bc6acc31} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" gpu
      4⤵
      PID:1116
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 26677 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e393cfe5-e42c-42f1-be83-9a2e28a84605} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" socket
      4⤵
      PID:2952
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3108 -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3192 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1000 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09d24301-f88d-4698-a2f5-74d94f4d135e} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" tab
      4⤵
      PID:2432
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3884 -childID 2 -isForBrowser -prefsHandle 3876 -prefMapHandle 2752 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 1000 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c1122d5-ad24-4758-b877-d6e96b2d038c} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" tab
      4⤵
      PID:1584
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4748 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4740 -prefMapHandle 4736 -prefsLen 31167 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55f2ce74-1838-454b-b25b-d5a9a96faf0a} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" utility
      4⤵
      Checks processor information in registry
      PID:5048
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1568 -childID 3 -isForBrowser -prefsHandle 4728 -prefMapHandle 4724 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1000 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c5db784-aa0b-4626-8a97-30e68fb7af29} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" tab
      4⤵
      PID:4328
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5484 -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5424 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1000 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2daf56cc-5bfc-4107-b168-095804dafeb5} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" tab
      4⤵
      PID:2348
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 5 -isForBrowser -prefsHandle 5480 -prefMapHandle 4728 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1000 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f45e193-14a1-4741-a41b-d2885dce378f} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" tab
      4⤵
      PID:748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
424bd4b4c3e72246358582f75a26d573

SHA1
5d2a11660e74c0923459b9fff64556ab7aa12c81

SHA256
f6855a3c13c91fc2aad46a2c828e96493c248f9a0137c4b99bfd499cdac00a8d

SHA512
b6aca9e90071d25706a60be64a43e14d672fa79e8b87040090069f94a5096d1a41429fa452ae63dd786ddb7e5815624f913c0042ab6e110e80b8b18b2faf4ae8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
e179d797a94bd8b3cdc078543af35ff9

SHA1
3248030e8cd0c2677a7710e5b34722e5ee0d4f43

SHA256
5182c2e8e9bbea4c1125e6fa7fc53485ce326cc66c9bcd8b93f4950bb433f455

SHA512
9005ac6b043317a0317329a507bf34205457c647fd4a4c1870cbaa3367f8dae3c4d574550807e5483be4cc32d787615205c312a1ca70242b59c13a8f23a1f038

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\AlternateServices.bin

Filesize
10KB

MD5
d69d970805ee5dea0dfbc7ab1944d6e2

SHA1
b8ccbbfeb8ac39a0684a64e90fea254fbf020432

SHA256
60163e0f650eb000dabead4d683689df24f7cb2ef4febba16e281bb7efd9246f

SHA512
5bff98a09180f1f272cb07511d339769c8b1c21d6e32c690e821a18555e12653c27f2db4809b0da16e3bbe57729087dcc7dc83e768706fe20d20eb9190fa207d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
7bdef846414b937bad12ab3fffe4880a

SHA1
d44f3bffde09d2eb472e1f50e4fbf2ff62b5f56d

SHA256
dc0b3e096b3ed7f6ad26da8de729a2df101abe71447f4f44e4354be9b36129b6

SHA512
251ce5c4b7cba487134994daf9e16473c1cb07ebda3131807e947dcdb676da7b1f78034da1fbdd1b7e8fea149fa3b4655dd571f91fce517bc228d0dc431d5216

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
fe49e5e1935c1e334a8f2e2c80acd10e

SHA1
809b5b9335561eae208614faedbb560655617d3b

SHA256
887fe0a8dbac6a1368bcaaf013b2a3e9301bef85cd18e606d162832a8b6202c6

SHA512
2dcec73eeea9b54033f03ff5187d4129bf9609eb00b1d66c52f437e5159dab18ae69a4f068d4d2eac35c9175a76bacb79d5aa2efae87f6712378e5d5695b6b4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
fc075d1f391139080a6ad7ff2f3b4232

SHA1
1b31c5559e837d1a425f340edf124c012605d0af

SHA256
6beda1e564933fbe7f047cecce58d355cb6216b1f1c3a3ab3c511eea36a53c73

SHA512
af8433f9689c6f1b5e851cb5b2f33a01acab6ca5d4934e798003b500bc03aea5d125207c46a86efb6e560182dd7fd392e68e0b5cb6e314d8c31fbb1ef64247f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
6cccb42e05d46d076e528e49047ab078

SHA1
86de71c29cfa8e4783a67584cea4fd0fd3247419

SHA256
d94a97c532104be383ca8e9b5d4e18f7cd6645553e817eb35bb9bfe34aefeb1a

SHA512
bac87bd7a98d407fbf852b0cc61a6f5aa86ed9c423e22b0d72929f0fcf5733b06b1b74bd34e1e0545851ca2b7b72b6009b8d7a50fc31487f3f680aab63d1e5cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
497e4392da6bbc72c913e37b5de4ecd7

SHA1
0cbf53003db05509c263084ce876712b281eeb86

SHA256
c4c4b884b06d5d5f3f9c62dd358373c70bb0f742ceb783b247c46c5799ce6e9b

SHA512
4cb116013d8965df10c3f3ef4f66e1e36e3c1472a290c1fdf1fea86f9b0bc89dca001eb2c3f11a9060790a6d3967159809038fb3bdb327199ad3055b7418f7a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\38e3bbe0-aeb2-434d-9bfe-a99f9f209ba3

Filesize
28KB

MD5
569757619fda6fbe7324b6bc5dc9f67f

SHA1
3954cb96c6f6ec40c024ee60e117efb4b0634578

SHA256
c3cd9691952b3fd2f048fef00043a6f2bb28373711db14f09a7c7bbb6b1135db

SHA512
29887197626ed4174a668839329889e3a30b013fcf756b3f0a9bdf623466311f86ab4cd1498fdd6cb6a4205f3164b407e8bcdb90c45b3333f35dba2dafbb0a73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\9b0aa1db-2097-4ff4-87cb-10b03164f164

Filesize
671B

MD5
679ee9dca7d57148de63ed492cc4b6ca

SHA1
4f28316b894060372bf95d2feb8438117280839d

SHA256
00de5ad8668041ee80dd185a109567f2706edee8cb4f7c540aed8f114c3d57d0

SHA512
82bd48d364d6c24e25d55ab2ac0079d10b95d649d520d4cd95e35aeb88c6b3e3453e16f94e306984c1d8998fca018f24f62a96c350e06dcd3e64a65c66dc99e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\b36460b8-8793-4ca3-9131-c8ec3f1c2a31

Filesize
982B

MD5
f85daa49363a3e6a1c283682e4ca6ce0

SHA1
733531586d5c69e1f9837ffdbe2166519bb164c0

SHA256
a448ae83ffbe1d12da1c7a8bc1dc914b6e9bb66ac9d2bd1bd1d75e630608e40f

SHA512
983a72641895bfa61c874884a19ee28a6c125e7f0718e7a4fd547787874b175a46f12404207ad63396494790009b28cec321161b8a6b762a0a96561b81596982

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
11KB

MD5
2e29972ba86b77fef6cb6de83803fdb8

SHA1
6a799473f03d0526097bf16f796b6b228a39f984

SHA256
60cc40ea3afef4fe9238a15901b87667974808950621625f5324afddb848073d

SHA512
d71494309dfb7b08674128e0efb2dd842d7fc1d3ae1bc6ea108602177f5b0f2f4bba74c2a15df0d7e5abb63ae26f9d4cdfc3c35a9fea5ca61a6eb807ee75d7e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
15KB

MD5
83f1ed4e87a20ae776b9dde6b66d61d6

SHA1
e69fa7f0b1facaa58de38be280aa565bf6050a71

SHA256
7cfeb7fee615ec1478a44cde206dcdba18c5de51406e2990313a4a9c2f207497

SHA512
7e3283fd2e92ba2f6f57a02620605a07405140659c9b2e45c3c1e287d3379ac464da9b1999af230c1e122829163b26294696256ca2f333713982f0b15e68ec57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
11KB

MD5
e9ed96af8bdf6cedb9eeef97e630c7f9

SHA1
2fecdd56db0328dd47364f9b165cefcf34262527

SHA256
f441970495a7ca8648a45830628fd74e54c475e40026cc842f0e2b6a7214cc04

SHA512
c513da8adec52ba234375dfe06e18f86f930c2d7e44736208c291c4e3a75b654c5c1728ac6d799e5242c071af3a62f7686e07732d06d4f74f580506374b0a09b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs.js

Filesize
8KB

MD5
795809edb42fd53abdb72d489feeebe2

SHA1
ec3f89ccd2999aab649152e8268a750d7a5226c2

SHA256
5bd6fffcf834a976f7e99a047d3c7a255c00af009a147673dd4824bcd11bb708

SHA512
33b01d0fea75ab51ecc398192eb94d1871a3a2437cfc01834444f710c985064366bfd3d8d820e1653ceddf07e49d483459a884ba74faebf207607755606d3e9d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads