31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
Size

1.2MB
MD5

80e88344e5750abf0dde4d1ef90b519c
SHA1

c1957cd08bc6b082e00f847329aca9a3dcb85005
SHA256

31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044
SHA512

a08ae9448ae36ddc3a702effcb1310cb9504ca7f24556fff3a5ea70f732c929868190c281251ee4989af74f5cd5f9492fcb2a83e46f6714c6194f090c3562c30
SSDEEP

24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8aLN2Sbly7TWEPje:hTvC/MTQYxsWR7aLN2dW

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	116	firefox.exe
Token: SeDebugPrivilege	116	firefox.exe
Token: SeDebugPrivilege	116	firefox.exe
Token: SeDebugPrivilege	116	firefox.exe
Token: SeDebugPrivilege	116	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
116	firefox.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
116	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 1224	4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe	88
PID 4392 wrote to memory of 1224	4392	31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe	88
PID 1224 wrote to memory of 116	1224	firefox.exe	90
PID 1224 wrote to memory of 116	1224	firefox.exe	90
PID 1224 wrote to memory of 116	1224	firefox.exe	90
PID 1224 wrote to memory of 116	1224	firefox.exe	90
PID 1224 wrote to memory of 116	1224	firefox.exe	90
PID 1224 wrote to memory of 116	1224	firefox.exe	90
PID 1224 wrote to memory of 116	1224	firefox.exe	90
PID 1224 wrote to memory of 116	1224	firefox.exe	90
PID 1224 wrote to memory of 116	1224	firefox.exe	90
PID 1224 wrote to memory of 116	1224	firefox.exe	90
PID 1224 wrote to memory of 116	1224	firefox.exe	90
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 2192	116	firefox.exe	93
PID 116 wrote to memory of 4536	116	firefox.exe	94
PID 116 wrote to memory of 4536	116	firefox.exe	94
PID 116 wrote to memory of 4536	116	firefox.exe	94
PID 116 wrote to memory of 4536	116	firefox.exe	94
PID 116 wrote to memory of 4536	116	firefox.exe	94
PID 116 wrote to memory of 4536	116	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe
"C:\Users\Admin\AppData\Local\Temp\31786d1c51167a88bdc4fc2a9b62ae91211e18d70c533156de691ef74f297044.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:116
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1876 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55ce88c8-452c-42c5-921a-83e4b4300ebc} 116 "\\.\pipe\gecko-crash-server-pipe.116" gpu
      4⤵
      PID:2192
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 26675 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a5a9729-78a5-4fdd-9373-b940d58e1c22} 116 "\\.\pipe\gecko-crash-server-pipe.116" socket
      4⤵
      PID:4536
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3020 -childID 1 -isForBrowser -prefsHandle 3012 -prefMapHandle 3008 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9519220-3d5b-470a-bd50-e7fe25b3d2c4} 116 "\\.\pipe\gecko-crash-server-pipe.116" tab
      4⤵
      PID:684
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 3352 -prefMapHandle 3348 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {118295b3-b283-4e00-9ebb-08874ce8ef59} 116 "\\.\pipe\gecko-crash-server-pipe.116" tab
      4⤵
      PID:3704
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4684 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4676 -prefMapHandle 4672 -prefsLen 31165 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63082deb-efc5-4f3f-a38e-da41095873a4} 116 "\\.\pipe\gecko-crash-server-pipe.116" utility
      4⤵
      Checks processor information in registry
      PID:5160
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 3 -isForBrowser -prefsHandle 5432 -prefMapHandle 5424 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ec51907-d807-4d0f-b2a3-d05df8b24e4e} 116 "\\.\pipe\gecko-crash-server-pipe.116" tab
      4⤵
      PID:6092
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -childID 4 -isForBrowser -prefsHandle 5580 -prefMapHandle 5584 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {272de032-9fe0-46a1-8db4-fc3a8793dc2d} 116 "\\.\pipe\gecko-crash-server-pipe.116" tab
      4⤵
      PID:6116
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 5 -isForBrowser -prefsHandle 5868 -prefMapHandle 5864 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b417852d-b386-457f-8b25-01d3bce483cb} 116 "\\.\pipe\gecko-crash-server-pipe.116" tab
      4⤵
      PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
92bfb834f19fa49bde0d1edcfc66bdc6

SHA1
a6f37b5d05c91f235ecb35dcf28d716d29c771ab

SHA256
184fdcc20a90148bba131ad6ce502c38a3873bae66a2cb77a20bffb68247c9ad

SHA512
bf5ef0a271427c29b8111ee8926b087818edf8db94cf13dad95a24d3eed4673449bc7f5405ba78eb9811cbeb46ff4c087dc04d171941040f4bb2339139b32585

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

Filesize
10KB

MD5
296d2e16ecf1a18b20ce0282e216a406

SHA1
f299b6e0029325fccf327f145f013c2cfe1dc416

SHA256
6d891892c6a42eaaf364d6c4fa4901c583cb1132fd7d3f460711f4e4ffe05108

SHA512
3909d478ad1bf64528f9dd80294f91c6deadfd35439496f065df380784074f6865e67611aa7acfe388a1c0b5579d5f92dba5473405e80cd29ce1e0bf31a0dc4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
07cef1cb7922a916a25c1c7aefae108c

SHA1
b5afde48f7b2478d4e466544ca12e6a299d5b122

SHA256
f57615e18101c6b24cb168cbfed849b13691bedbc6191c46b9bdc89db1eb675b

SHA512
3c8b3f2071d236e84e08ed779aaf70ae0aeced6888a89f953b812a085437c3172c0a49e4ca406cc2d76b5806d09f385131722eb053d0b3d77744f639e5113b8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
bc23ff13873915cf6e05b8255a411b28

SHA1
41fe7d7d99003d90bce4e8cbab96dff1f735d6ba

SHA256
c2b464d91b6474eeb449e6ccc3c3ed68d742989a8c19ade0d34e70698ca8bf80

SHA512
ee3ea48e0f00893ad83ced9bea5fea5e4193cb8ebf6a6af0f43fd85f68c5fb18319b31d84074450b9e3749b16e9ff9b104499a672a820459e402f528204bdd4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
77a23750a3a87c418811a6fede76c746

SHA1
31f9390aa218ffe9642ec05f81bc9210326c8bb1

SHA256
46068acb3d9fea346efa781dcc12b90d200bb5e59801e8081269e250b45d276d

SHA512
cc7598c9c460b2aebeb2833b1b35fc44f397a405f338ed443b5d95931ceb1b86f859c6379f4c76d806805f686fb166278db0db4324b1d4332bc08379c96d1762

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\64407d14-170b-4294-8fbc-f0f89cded06d

Filesize
27KB

MD5
8a6248aa31ef983c0abfe5c183932662

SHA1
17ee2b592927c460ccbf94161b9db1a762ecff02

SHA256
44f3702dd63b24216ff2dce7ec4078dff8be3571ff0b6551656028ce35504712

SHA512
e5fcbec47e0724fddedf7cd73aa610b80aff07f26c0f847b3d157362fb86ab46fdcaee06269c83b02551628605f010116627166488a251c51d246a824eb1e5d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\65ca5696-a07c-4545-8ae2-8f5c02a17518

Filesize
671B

MD5
f7096468030cea43feb31920ecf949a7

SHA1
65a2477b5e9ccd07383eb6f1e8832ae798fad447

SHA256
dadf198262d665641b43ef5739d5f6f20093c802324f1ef84f1a5334a4cd4da7

SHA512
f3bb47227a8d5d9af7a963155cf38c86b64769bfa3f936d83d173cb5c1eac4be9aa49da77b4501b51d8a7d68814e8d9d44a74ac4151e6a49186e161058c3f247

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\e214383a-3cc0-4d54-832b-607fc4f2cd0a

Filesize
982B

MD5
8a95ee7eec6d9ababbd9eb5467d3c783

SHA1
00bf4db762fd6f9ea8a78c1f852f4df79fb5c023

SHA256
ec71431864c9f926b460d24b097d531e136579f669f8112af8f69d19d4a417a4

SHA512
e62429aeb56ba02dfbbd5e13bafcdd127e151288973ddec41d744c5a053a5e8730917134fec143c0d56cf41f66a61daee10ed2ad5a0a5dfe903ab0720aec300c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
12KB

MD5
39b572ee6d84fe7f8f6e449a8ff1a1b6

SHA1
8f2854e3baa247a5440d6cb404d5023c524d844f

SHA256
ff20d589c4627199a12acba5467beee9ca655445650382fb415c23eb505e41d4

SHA512
3aa63a7c53095f962786ce20024274c1506236cf704c5d3800bb2078cadba8bc29c1c29f5cf3f641c123dfe15d5978cbcd5a0b0e8118978e2be2d10107d9f3cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

Filesize
15KB

MD5
77c439f7bfeff585e1c365abd1bf804a

SHA1
ade0662daa88431464b34791c5cbf45450641cd8

SHA256
9b2e58f90c93f9be83420cccde241b534ea2dc19d916ddc33e86bfc1b58c931e

SHA512
01c7b7c77d8b36d04621cc09307a8886e8a8f7f5c68a45d8ed001b4917b672c83ce08c1850cb12e695281875b915bbbf6c38e68b18e7da9188ae2610cee7cf36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
8KB

MD5
813ceef970f9409baf8a9223d34d88e9

SHA1
f2567d9c869a0a6819d918170eb7b863db571d45

SHA256
6dfbee1470e21c2bf6ea5aa96264c199ad4770a7a0037751dd31fd1660048649

SHA512
7ed3f7c26d1ea54147cd38fa5b1b628efba07fbc86f6a2b85ac8021bebfa6d7f0578069eed428558e1fb2b9a72ba5dfbd0a69baa7632d1fa980a75e35ac0604d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
11KB

MD5
29733fe5c4a1d43a94aa032b9b87a01b

SHA1
dca6a35f7a05feb76d992f237fc2c8143a747a5b

SHA256
20ec286abf01be2b42e93ae4dbe093de24caeea12f942c73a40c48637d781808

SHA512
b6123095cc27fbd59dfcdd2b6038a6704277efa9000ad8c511f1a5174d08a3014fb7b912fc19c09548d5be304efb96202b6a0b5548cea0daad4e73e718dc73e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

Filesize
11KB

MD5
7aa8865e66cf194dbe17900bf842371f

SHA1
f9ebb08aa2b98f6fac31ac13429de14bf6a4f6f0

SHA256
39040001a64b53480db8fb2788f3568a36c35d87a5747b793642294e7e23f81b

SHA512
2c4eb870a854922b01187d3b4109431852cebeba8899b86f667ddfdd2c50a54a4afe6ae467398b4da844872f53e1cbd312c56230533308e09b56e9594b7b1422

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.5MB

MD5
9cadb1ae476346234c3d941f143e5769

SHA1
93b30ee20f03bb03f20a608cef2173aa3f3b0444

SHA256
9d5c16d8e14ba6f93d8cf26ecebfe5d4353fea910214873818eb26f650e50d6e

SHA512
9efc0470950f137d7da50258441530d6f1c6317be8278f72c76c24994a994de632fac4dc135ee2ab7de17e955758cb467c8626a6b858a757793659ad08e64737

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads