8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 17:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
Size

1.2MB
MD5

48fa5095677ff648963744841e7be2a6
SHA1

81c1f09032e8224dcf343a3cf1019f8ac4844884
SHA256

8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64
SHA512

63ec28b0e6aab4bde7513181ef3cc29aadef18fccd9d2a2c22ee7b794f76e7df34ab1ba7081cbde64d7431a0aa0a7974a8d705164462b7ab5dacd656e397ba3e
SSDEEP

24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8aL72Sbly7TWEPje:ZTvC/MTQYxsWR7aL72dW

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2300	firefox.exe
Token: SeDebugPrivilege	2300	firefox.exe
Token: SeDebugPrivilege	2300	firefox.exe
Token: SeDebugPrivilege	2300	firefox.exe
Token: SeDebugPrivilege	2300	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
2300	firefox.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2300	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 5064	912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe	90
PID 912 wrote to memory of 5064	912	8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe	90
PID 5064 wrote to memory of 2300	5064	firefox.exe	92
PID 5064 wrote to memory of 2300	5064	firefox.exe	92
PID 5064 wrote to memory of 2300	5064	firefox.exe	92
PID 5064 wrote to memory of 2300	5064	firefox.exe	92
PID 5064 wrote to memory of 2300	5064	firefox.exe	92
PID 5064 wrote to memory of 2300	5064	firefox.exe	92
PID 5064 wrote to memory of 2300	5064	firefox.exe	92
PID 5064 wrote to memory of 2300	5064	firefox.exe	92
PID 5064 wrote to memory of 2300	5064	firefox.exe	92
PID 5064 wrote to memory of 2300	5064	firefox.exe	92
PID 5064 wrote to memory of 2300	5064	firefox.exe	92
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 2396	2300	firefox.exe	93
PID 2300 wrote to memory of 1440	2300	firefox.exe	94
PID 2300 wrote to memory of 1440	2300	firefox.exe	94
PID 2300 wrote to memory of 1440	2300	firefox.exe	94
PID 2300 wrote to memory of 1440	2300	firefox.exe	94
PID 2300 wrote to memory of 1440	2300	firefox.exe	94
PID 2300 wrote to memory of 1440	2300	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe
"C:\Users\Admin\AppData\Local\Temp\8c64cc4aeada51e72d11574b72d712155cd223803ba6ee4c658e383bd6a2eb64.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:912
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2300
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cffc0a3d-f2ea-4e2c-a6e0-4920e99e159e} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" gpu
      4⤵
      PID:2396
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2396 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0380f62f-8f40-4007-a199-f26699a2afd7} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" socket
      4⤵
      PID:1440
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3060 -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 3064 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ec06178-0448-4a3a-a568-b92a16b38468} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" tab
      4⤵
      PID:3628
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3156 -childID 2 -isForBrowser -prefsHandle 4036 -prefMapHandle 4032 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59b39e0e-5422-4ae7-8f13-855e556b5ed2} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" tab
      4⤵
      PID:2292
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4792 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4772 -prefMapHandle 4764 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39920464-2cc5-475b-926f-83e88ceb05a0} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" utility
      4⤵
      Checks processor information in registry
      PID:4672
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 3 -isForBrowser -prefsHandle 5396 -prefMapHandle 5072 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17e2b9f7-734f-458e-8753-1b75fc3b51be} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" tab
      4⤵
      PID:3260
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 4 -isForBrowser -prefsHandle 5540 -prefMapHandle 5544 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d31148c-2979-468c-9111-70c638060f17} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" tab
      4⤵
      PID:3988
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5732 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a751c470-a52d-424a-9e8b-824cbe099784} 2300 "\\.\pipe\gecko-crash-server-pipe.2300" tab
      4⤵
      PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4cs2motb.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
9f9d0425190750f5a3ad34a1cd014868

SHA1
7493418480782c8ee48ea218adcb52d045c08bd2

SHA256
66e9ce6bbc95ad43640fd42feab1bfb985256888e2238dc50ba0ea013f9683e7

SHA512
f0a29c77150297fa922dcf6538a5a41cd44e3e27872e28fb7dfab8d171ca10c28b3e672d1ddbd930df05e3c7789ec69428f48de877eec141fb12da794c117c3e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4cs2motb.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
155cd861caa5de6379a9d970c1111ae4

SHA1
e0fe330e53f1681caf04feb692dd2a4bd5a95fe7

SHA256
35e9ea54394eff5e65c95bbd48e239d3ec42a261d238168c57a447565bfb74f9

SHA512
ba0ea6d3ef88772904a1c76842a3e46d5258cd64e7e39ade1d05db02601fc02db889a60a44247fd3ef455f342b5d2da2639a39104fa878fdfb5781fb576b2ad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\AlternateServices.bin

Filesize
8KB

MD5
2dd2866fdf9895471e5c663827cef0a2

SHA1
e786ae1124eda252ad9dfecd9d852a9bd0ff2595

SHA256
653654834708a0fbe57a134bdeacfdae9b58aeed450543a4e46f0e974e5daa7c

SHA512
597ca938228a84f276a52ed61f6cbeeb3906cc2f21d616a734988ac4aa91f971217c03d42f477dc87f13a917a19437458ab0d33f3ccbf15cb55204c876a9427a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a5a51d27e19e4ff5abcdf154a8d6622f

SHA1
a512f035452cc3936a1c88519078a1c3dbda1506

SHA256
56f325239ce81d1773384e698dadc9db19f1c5b33acc56763aabbd4a039704e8

SHA512
6c69af6f09c688b813d6447c84cbd7cec0985c46a17e829fdd8344edf497589e957a52b40ce6c6ebe63bc5dd2e6e20d0d4c71087c4bf186062b37ef8dfcce763

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c551bf2bfdc439bbeb4f04bd5d42ac61

SHA1
7626e1889c0c3bf1b0c9cdfc09cdacee18e929d0

SHA256
bc690367744fa4d316736aedd1c14e98468f080a149f5806f84803fe7b80ffdf

SHA512
774e18f9ca114e663085dd61b3e3a32cf0fcaf83dccaf2993607b9a35edb85c7aac41d6673b64020a4a3958fbd08bac022b77a74fdb558f42369c2c464298ee3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a1918f27a87d046ae73bf3861cc25f21

SHA1
9ba713a56ec761f5b3a53b56d3ec0d3c7ce0763f

SHA256
ee6d092a9f851f7982d44d55b261932744ae2f7dcad2f7e23494c05adbc76b56

SHA512
bc2f3dfd7a3f07eabef2669870596e3fd5e9e28059e41e725d89501810230daa9718dca3f1ca46473e4b6f2d9f2db4f4f0c817157df10ffe00f9a00058b7dfa0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
f0a74aa03ff6852afc7e0b2b10844b76

SHA1
fa0cc03b8a874d0fdf90a26deabe09455068ee01

SHA256
bfd51fac58f442fbe30bd6574a6c613bd4409819434433072eebadecf292d811

SHA512
5c37cda09d7b727c9291472b07fe4649f40c49ca74970b7041b66f203faa1de13f244e9c49394a8039b72e960e69dc6e5166e80270672772e5205b33d64d3beb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
452693c41ecd5ed98c98b0b7d45a4818

SHA1
0f07a33a1beb4fb0392181e7bc58f40ca4f4e4ce

SHA256
6c38f1c89b12cf82d1caa1a00d646d63b0a4a23ddb4d8e52285a9d36a47e3fcd

SHA512
229cf2fa62203825b3e58bb1923d6068badebfd44bae7461f918ebb0e1ab234c019e6583aca3886d60a6e87aa2442477d2faa3e7e68cd4dca80d4952a56dfd64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\pending_pings\275ca855-5417-4a96-a22f-40bd85d6eb18

Filesize
26KB

MD5
c528f1a9e6f413eae8fb0b5818796725

SHA1
6911115ebe01e4926f5ec9a8f60e6a7b67c13f70

SHA256
83876a123993ecdf07d7af6b7565d735cfbb8e4871ffb6f74e99ba805fcf3bbd

SHA512
f7ac9f8b38ae90566e2f26aaaaac9b28980e4bb51f07a2553b7787ca97653034da8046474898f5644c02f0b03fc3e4892c33c7e4be914480065f334722eaf10a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\pending_pings\77c4a967-d2cb-45c5-a4f4-088ee702d3ca

Filesize
671B

MD5
ed917ae859cab2b127763a03698e9b39

SHA1
b3637d52f743a02d2d9d194cd3472d0d94c8b11e

SHA256
224fc9d21e609893832f5fdcc4ca1e72cbe1d9a5c99f6f3fb5cfde56bf843ed7

SHA512
2e33541cac9b52e17f81fc2bf856249ec1ff9d68ad418314366cd124e3634579ceaec44833d69d226ee80afc92fc59cf9a20abbd9f94d99e078e837281537167

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\datareporting\glean\pending_pings\a16aa5d1-900e-46c6-9fb8-c8240acf04f6

Filesize
982B

MD5
6d2ea96f42d9f537e3a54c78f2850285

SHA1
846d3f89d0e80b592c0ddbcb0603249c465bbd8e

SHA256
862dda6a54fbddfe839c0cd31fa2832e10339e556dddab414389cf463ec5d068

SHA512
4c1f3e40148c8ab48939eb7b16cdbcfe88efcaf7fa03ce8286b1ca7ff090eb3b2545cbb043aa8f6932dbaf086fefba95790538eae02d8d5de434fc896a42afff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs-1.js

Filesize
13KB

MD5
4149a6ae416ba79b0679293fdba94df0

SHA1
47be2ed96183ed23b8bb1ff38354715948e60563

SHA256
6dccec1199983936d145d1be96d73fe74099c3c563a15f796f4d1d10b1f99529

SHA512
05f5c3e4414e8bc5f2c3c17c97fe80bc37496829881a41cf2727c8f5ad886b42a6d8fc2c052f384a761e5e800b5442ff7824419e126b1cff2ee540e4106afc9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cs2motb.default-release\prefs.js

Filesize
8KB

MD5
ac6e4c459fb32c9507fa7bfcfc4bfa01

SHA1
d0e0c0e5ca247c1859dc56b5358adc1bfc19b50f

SHA256
fe40b584501915429da42e9e1fa6d56bfab95f058410777f87f005ec7d0f9e82

SHA512
357e5be327a0689dad3446822f0802d1ffaba258fea53e0e7dad5e2a99aad283dcd0e19ea020ed64d96998d9f2039efe6dded7e92018f7e836d194af942494b2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads