c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 03:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
Size

1.2MB
MD5

2603006623e2d6eaa8ead913fafc8da3
SHA1

985ab26536dbdb2c3c664d0e75c5ff9fab303a09
SHA256

c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c
SHA512

b1bf1840381dfb51a43175208ad35b5163997caa3e16852f1aa519d91f5c1caa2fbe9de4a45a981047290de58b82cbf01235967c7a7ae31e1f0581993557bc16
SSDEEP

24576:aqDEvCTbMWu7rQYlBQcBiT6rprG8aLM2Sbly7TWEPje:aTvC/MTQYxsWR7aLM2dW

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1580	firefox.exe
Token: SeDebugPrivilege	1580	firefox.exe
Token: SeDebugPrivilege	1580	firefox.exe
Token: SeDebugPrivilege	1580	firefox.exe
Token: SeDebugPrivilege	1580	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
1580	firefox.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1580	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3560 wrote to memory of 4108	3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe	89
PID 3560 wrote to memory of 4108	3560	c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe	89
PID 4108 wrote to memory of 1580	4108	firefox.exe	91
PID 4108 wrote to memory of 1580	4108	firefox.exe	91
PID 4108 wrote to memory of 1580	4108	firefox.exe	91
PID 4108 wrote to memory of 1580	4108	firefox.exe	91
PID 4108 wrote to memory of 1580	4108	firefox.exe	91
PID 4108 wrote to memory of 1580	4108	firefox.exe	91
PID 4108 wrote to memory of 1580	4108	firefox.exe	91
PID 4108 wrote to memory of 1580	4108	firefox.exe	91
PID 4108 wrote to memory of 1580	4108	firefox.exe	91
PID 4108 wrote to memory of 1580	4108	firefox.exe	91
PID 4108 wrote to memory of 1580	4108	firefox.exe	91
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1916	1580	firefox.exe	92
PID 1580 wrote to memory of 1508	1580	firefox.exe	94
PID 1580 wrote to memory of 1508	1580	firefox.exe	94
PID 1580 wrote to memory of 1508	1580	firefox.exe	94
PID 1580 wrote to memory of 1508	1580	firefox.exe	94
PID 1580 wrote to memory of 1508	1580	firefox.exe	94
PID 1580 wrote to memory of 1508	1580	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe
"C:\Users\Admin\AppData\Local\Temp\c970bad066dfe3a3b9a49edfdca10c339233b85f1d2eec820a79700cc936665c.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3560
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1580
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52028df6-8537-4b63-9f7c-c6f41eedc833} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" gpu
      4⤵
      PID:1916
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2440 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d1e3e20-7305-4336-92ed-277aa2ce5d85} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" socket
      4⤵
      PID:1508
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3064 -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 2812 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e680bdf7-edc1-40d8-957e-979d50dbe190} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" tab
      4⤵
      PID:4424
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3696 -childID 2 -isForBrowser -prefsHandle 3688 -prefMapHandle 3684 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8ed9cde-ba9d-4edd-8c5c-17431da6e948} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" tab
      4⤵
      PID:4968
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4352 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4080 -prefMapHandle 3676 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42ec81f7-7a3a-43cd-97c0-45dddc343a77} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" utility
      4⤵
      Checks processor information in registry
      PID:3064
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 3 -isForBrowser -prefsHandle 5472 -prefMapHandle 4268 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39d1f956-8d76-44d0-8f10-e7479072f227} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" tab
      4⤵
      PID:5964
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 4 -isForBrowser -prefsHandle 5716 -prefMapHandle 5720 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3a2dd5b-3ed5-45f7-8c9e-ecb6bfe39be8} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" tab
      4⤵
      PID:5992
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5936 -childID 5 -isForBrowser -prefsHandle 4268 -prefMapHandle 5448 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {372b377d-8385-47d8-974d-71fbf9a9c089} 1580 "\\.\pipe\gecko-crash-server-pipe.1580" tab
      4⤵
      PID:6032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
7145f01c9c45ac9119551903599644fc

SHA1
29f3951ce006235c12de820662136e83ca93e5fd

SHA256
aa81d91d698104c8fd59a466d1483dad6891839d92ccb73314d30a98545f7a6c

SHA512
f49a207dde0c42222c09d9dc18456f11eb9c14572e019c14261af6af4f397f8c2457cbc424a2e309e8f79e7067c197599bbae0ee4347adfbdf7c4457e2c43741

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
785666063c4d7dbf17ea4187549f193e

SHA1
5b628407b49c326270acd242971cc930fa2a3671

SHA256
2e00274dd4b4a207b6cab1e28a79ecc340c8987cff2d77bce3ade449d5f8762b

SHA512
30606257dd5a6e1c97fa4e627e50478d6470b1e449bcb8c04d52e88b99c7fda14e6c022e2d6e2ca3666541e31036af4f079fb1037ec4d8863635cf35aee2398b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
12KB

MD5
26186e1eff7fa196329d0ff2c4028503

SHA1
6d979af6c4e0cf555b6ddbec2dd8de1f39f59df2

SHA256
c49d2c8f8a7ca080d09a480ad4471ae45813d00ad2a84353fb7bf1aa380e3943

SHA512
775959e85559f6c546f1309aa93e5940f8b427036d46a4225ed0768bda1feffcdd7c0c19b41ede2ccbfeefcd6eab319e401ee6c7da32bd41ae8158a5a0b833fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
17KB

MD5
b55f92009679ff93670641df996e2ec7

SHA1
e42ebffa90bd33b36484bdaa2858c2acef02c6c0

SHA256
7516339e172e694aa92e17ce7994d817509ba914b9070750391040cb9c5eee98

SHA512
e82fd8fa73df7b3170638941963d216b3b479938b681a0952716845088a1200dee4781e30256f93c2db0dc01a353181d2cfd41ddaf6ffbd7775d8c9890455878

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
f0ad0eaefb2af77d2c7e14bc24f28bcb

SHA1
79cde0c5c44527aef6700ba3623fcd245d709833

SHA256
f3ea93d5d66ad8d4a1d11989aaa2e30d4174ad0cbc37a831e9f6d847299296dd

SHA512
096ae012d02791c5eed066d6dda474ffe01c45b490d8b884129c4fbecaa295765905813fc11a9db50b2bab3fff8f5e9dee42da0680ff06c5f1271c0041b025a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
5ee1d091d89253dcf08b22a0c01fd998

SHA1
6cc4077732ca3e3e1c66258b33ecfcbfc11dcb63

SHA256
72c15719da5f018af574a9318736fe126a8507683a374f16eabf8142e9b6a720

SHA512
61360669218118ae89668fab7c8d6ab3dbeae6cbffaeb03c00723c0d3a32af22033d1a9a8a6c6da2168202f369a7d57facd9bca59b1efe8bcbf2696ea08ca451

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
34KB

MD5
b804a67d9b26de6100a456f30dec1efe

SHA1
6308240439e6ee11ff5e64d7a62acab9d909f3d7

SHA256
22345da5ee65285bb792e8d6ecc657aeb2cb225582ee82ab286f5c09ec6133c2

SHA512
d13200e18d85838a1dd1c7f0ced6357219e9b77aec14f41c7855f2345d07ae3b4aa7172da649e9bb7c31abe06cc64f0f8bca11658dd5e43c5ddff1000d3f43da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\084424ed-08e4-4156-b6af-6f92b0078e44

Filesize
982B

MD5
94d922a05da2f1af2b72cab80c8b1f30

SHA1
b58cd176a2b320709b1f27e1ff30c82f604b2722

SHA256
a00104705897471fcab7252d3fbe1d2906d22a4c04124add7478e9f10c417ff2

SHA512
d4cb083e1f1b481dd7ec86b29418a44d1f7f3a378d06b0ecd74a906d9d0b5724ef2e41a66d1e8324eaef20147516fe003e0c8ac8e14d483a7987cc18cba885d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\da507484-0347-43ad-a3ab-a35170bac7dd

Filesize
659B

MD5
02a5825e7af15b07eea9e3b4f641691b

SHA1
ef7f4fc47d502b9c939f9e5d36a6f7da44386133

SHA256
b6c65d725ca303bdd13d9616e43bc76f7f20f17025dab9f5879a47f0efbb4066

SHA512
f3b11fb16eeeaef68b15c6b0c476cffdd36f0de72b954ef6376169eebe667eb42bed77ea3cdead6bef60e448f79c2fa1d7b8e651259a64b6385416171fdd686e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
12KB

MD5
75776840839347771a408cb37a81de3f

SHA1
bcfe2c6223582b2706ae5afef1b15d312aa3a5a6

SHA256
21bdfc41ad812b8e9bfbccaff6cb018192a7a143d6c25e3e83cb5004f18fab9b

SHA512
ce1fa73c922ba84a22c0c694919fe6599509bf4d2d5ecc4cc7f0c4566462bbca6120ce7a841bc8fe865c4d04cc740d57e1c5edf3f3010d29e17fa28cdfd509cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
16KB

MD5
e690de21da33a34a3567c24d5a83dc96

SHA1
d0cb1c252a2cf58579bd093c1d07817ab1cc0190

SHA256
c26b73b740f38bf534abb6386d02697931a1f6a1645f7345147cc1fef480d0f5

SHA512
8fdd4ad51d0e61ffcf9e56d36687febdd4c17f0f05e9a0baff5fd456a39b66aff7691b77b290c77648bd01c2f8c94b2d23ffc8bd384bb158b550e7362216436b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
8KB

MD5
2bf16b4e388571f14f29c6f7becb7223

SHA1
00d5273628cd1679b77df8cf861acd2fcd1d6767

SHA256
073a688d19458f3536989c8c304f46d272e1d69742bd481aff759a04a860ee17

SHA512
2d9537bc6e60a19f5888f3442157415d8a2fc4c380f4e41693c80cfe163cca1abc92a89c49e25c9a65ea69133462439a8bf8a3fa18668c03c1ca6c84ec997487

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
11KB

MD5
ec3c10570214f2773ba35bd103f57693

SHA1
bbd1bc8f043bf0d7695a2a6640a14dfb3be89687

SHA256
8da600902d71a8782763674d23e772195851ef7539095e0331d81bcf6233e6d4

SHA512
91a0271771d02921f84adb7c4454f3cbb144d90d2fa8d125b76bf4b5b03122ce9d5500c25e42e6aa32063aa547369567bc998e1f734b1a3b5578dbe968124e87

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads