180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 08:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
Size

1.2MB
MD5

a73378024e79f58b4cad0999872c5f98
SHA1

a7953b9edf8a1e86e0cc4ffd0c33890533016f7b
SHA256

180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd
SHA512

e71a23df64091805a30cee6e3da6727df26e91d8a82ffe931021799ca099269203835ff1f6940e05fd17e621a43b5fdddd4827949bbe8f82176f631bd6db48f0
SSDEEP

24576:mqDEvCTbMWu7rQYlBQcBiT6rprG8aLk2Sbly7TWEPje:mTvC/MTQYxsWR7aLk2dW

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	5100	firefox.exe
Token: SeDebugPrivilege	5100	firefox.exe
Token: SeDebugPrivilege	5100	firefox.exe
Token: SeDebugPrivilege	5100	firefox.exe
Token: SeDebugPrivilege	5100	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
5100	firefox.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5100	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 4552	3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe	88
PID 3244 wrote to memory of 4552	3244	180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe	88
PID 4552 wrote to memory of 5100	4552	firefox.exe	90
PID 4552 wrote to memory of 5100	4552	firefox.exe	90
PID 4552 wrote to memory of 5100	4552	firefox.exe	90
PID 4552 wrote to memory of 5100	4552	firefox.exe	90
PID 4552 wrote to memory of 5100	4552	firefox.exe	90
PID 4552 wrote to memory of 5100	4552	firefox.exe	90
PID 4552 wrote to memory of 5100	4552	firefox.exe	90
PID 4552 wrote to memory of 5100	4552	firefox.exe	90
PID 4552 wrote to memory of 5100	4552	firefox.exe	90
PID 4552 wrote to memory of 5100	4552	firefox.exe	90
PID 4552 wrote to memory of 5100	4552	firefox.exe	90
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 2408	5100	firefox.exe	91
PID 5100 wrote to memory of 3780	5100	firefox.exe	92
PID 5100 wrote to memory of 3780	5100	firefox.exe	92
PID 5100 wrote to memory of 3780	5100	firefox.exe	92
PID 5100 wrote to memory of 3780	5100	firefox.exe	92
PID 5100 wrote to memory of 3780	5100	firefox.exe	92
PID 5100 wrote to memory of 3780	5100	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe
"C:\Users\Admin\AppData\Local\Temp\180ed671c4d965ec7240ad7ff811eeead49a7f8c0b5353fc715ffebc0ccd46fd.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5100
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65ee7d56-11d9-4a07-bcaf-3b536836316f} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" gpu
      4⤵
      PID:2408
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 26677 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64b0254d-3ef3-467a-9cf0-55c34fafef58} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" socket
      4⤵
      PID:3780
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3252 -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0401458-2b6e-42a4-b1e7-03dbbee95ee3} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" tab
      4⤵
      PID:4008
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 2920 -prefMapHandle 3096 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebf1f2ec-f0ce-4721-a944-571831b94630} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" tab
      4⤵
      PID:3432
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4488 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4480 -prefMapHandle 4312 -prefsLen 31167 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0b33c7a-7c72-40d5-b2a4-b92d962ffbee} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" utility
      4⤵
      Checks processor information in registry
      PID:2556
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5560 -childID 3 -isForBrowser -prefsHandle 5556 -prefMapHandle 5536 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {842ae999-6b65-4dcc-b12d-a499f3f0648c} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" tab
      4⤵
      PID:6120
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5560 -childID 4 -isForBrowser -prefsHandle 5664 -prefMapHandle 5668 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63916373-b181-4a9a-b054-657cae495875} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" tab
      4⤵
      PID:2568
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 5 -isForBrowser -prefsHandle 5744 -prefMapHandle 5652 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e0bad86-ea56-4c38-953c-d5fb0d06c4b5} 5100 "\\.\pipe\gecko-crash-server-pipe.5100" tab
      4⤵
      PID:5144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
e5e7fda8ec72118a43229de4c2e58dfd

SHA1
a4439a5b6b4d3bedc2b4191bb0ac83d23eef7a49

SHA256
f5b2c6d4d066c26baa8d4dd500ee28e829312d96d10eac4b8a21625270b3e517

SHA512
496c9f4bd9ee17d96feaea13589599cfc4f57d46e34dd42a5ab337b528b266f37f4d7e22bf6ee1cd168bdf24efd2e5679cada72b734db1233be8d0c73b7a0149

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
d6d794f34e8bcc469e931f715f85cc34

SHA1
c963e186f60049eab4889c6c92419a228dd57a79

SHA256
43b78742588dded8f458bb5e84dde0b654f2226d5bea673d528cfb98b953b137

SHA512
86f785975d49ce371c7df720b93a61073a1af46044ed005e76c20007bc235d0c407a6477010f255254b5ca6be7d40bf7793d6e078e7fe7e8b81123ad6a1df68c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\AlternateServices.bin

Filesize
7KB

MD5
6f73762e657fe0b6cb5ad0cd16063593

SHA1
8c32fca2c9f7dde8a68dfb687bd1dba5918a7ede

SHA256
1697e8bc13d0398b627ae3f2ee2882524ff0183d6ad97b14332b108194650c0e

SHA512
028d2418b98d75ef8844422bfb16026bc59d5e8271cb0882c1b91ce3287285911fb3fdeb76a762785a47570cd043cd25b6d57dccfeef007026db6452689271ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\AlternateServices.bin

Filesize
12KB

MD5
cc5429bf7b4a6172f7626b6740b63492

SHA1
8043be5aac48a55aef3aaffc01e39bf88f7c4eff

SHA256
5ae2a7dc5dbc902fe2d73aba2814cafb85db67161f837ecc32a0f2b43939d90f

SHA512
2430a4745ae2dcf0aedf8434a0d3e57381affef7eb6bfd3bfab5eb515d8f45edeb61e7e69e9ee99f9c616c20c44f86f2c3147a1bb036f6b706b29084de7fd6fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\AlternateServices.bin

Filesize
16KB

MD5
42bb946f96903b70384feab2d7ef9451

SHA1
8aee63a9b77bbed6df41464136e06b51a8c7a0f5

SHA256
0ec7072c31d4935a5ae9a33f55500af0a0de8adc2dc263432be5e5cbfe577277

SHA512
d954e417bcfd51177a1aa9afe0882f88c47e7531de7e213c429d74f4e26014a2a20332b5cc87a2089537f271cf0fff7d8eb764aaae98aa49a43c3a7f3a533f14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1879a23bddf7e091583a3ec761680f2c

SHA1
94fa822fd3d62f6f4dd7afadf04405a9d31cd56e

SHA256
f2c0c385b542d36f648fc18652f7de673c85fc21508ba3561a5a131c89b6b23e

SHA512
87493f90c83bfd639ed249fbaf56ec371831c2862da66b5c4b780b6dc7598b7de8c6ed7ffcdb63e993783d03e2f35e2821d03de103aa29831a54c16664838b29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
fd1b90e447321187fba03ef209b9163b

SHA1
e00f6fa593a095caa46f8bb74a77460c80523d07

SHA256
7b265187608b023d3eb126ba423ddddc95d4e74a37d635a836e448175e787f9d

SHA512
b0783f55b5e0a058188bac94e5efbaeb7a6bc15a5e4c5dc95f54a8a19b61164922e27ec9cf2b6aff7bd1834947ccd46bd20f5bf991913eeed822effc19b228bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
1c00a1a9225c15b0842a0a281b28dc9b

SHA1
dab0eebb9b77032466834034ce8ac144e81c3b91

SHA256
95c6f24685cd9e402c11431037062213c3f848c98c75936ca4f415873ea862e4

SHA512
98ef814645dcd00466e649dd115b8d274657ddf16191d040e7d32a9bcdbf3d9c15c02296a95281786109bbe909a9fa30948496656caaa63e8a721a613a921e40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\pending_pings\18d0e109-9710-4b2d-a7b0-c3535371f517

Filesize
982B

MD5
ead9e183c8c7d94b27f71e761f7a7730

SHA1
f51ef719955230c0b268716bd09ea84badc161f6

SHA256
14eff0c4936f70f88bb9280bc21f5362e654ee823643c719460acee2b8cbf7cf

SHA512
d910d3b3199f294847d1cf7ac36e7e98434dd4d0442e6fe564cc23917a2228de780fb4e93166ca5da44bda4eb2a72ff14e688834e00f997e28c4a627f1c3dd47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\pending_pings\5e744da3-9564-441b-b131-415b9aeca882

Filesize
25KB

MD5
715bb12dff4eabaebf62cef29d953064

SHA1
c78b91bf5445909d42ea35877946eba0c45846ae

SHA256
9f79493911ff75352314763d8aed4a7100e34c3d2187635a44e67fdc51d3ea2b

SHA512
46d4b907a006b6354bc0fc3ec9da11aee6e9f0c30cabb74b798a2c48dd620802142431fe069c4b985dcae75ca48f26151da805979fdbfd660c3128828e17f0cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\pending_pings\bdd5243e-a5e4-4741-89ea-baf91324644b

Filesize
671B

MD5
dbac1c3571facc95abac8a5383525b65

SHA1
9ca98539b5a0ccc223c82c069bd0c0b0c723ae9a

SHA256
f5773f49bd3446e845b2ae604c02fa360e8a15d8fb0c6fe666950e06711f2007

SHA512
1f6a5f52bee11e09462f9f8a9a2cafc71b9a087851e28b5ffa0076b2a47f5c6beffe2dc7ba31804123368360ed144ecd024c99e4c111ae33290390cad8421e5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs-1.js

Filesize
11KB

MD5
eebd259c1cf9cb9cebe8783c2a14fffb

SHA1
58cf9634c7f38f4d98104b4dfe69d67d3459bda6

SHA256
18259b8539d11478a39bebbbd273180d31cbc6ed8b8f93a528b43da89fdbf2ca

SHA512
c1e95023e353c8dff9c20aee2aa29d39a52fb2b89b34411bdb67ffd1fbf39bad0f8fb1a08b8e420e3595fd9a0213df2fbca0e67e8a2dbf15494d3a3d9e3cf4bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs-1.js

Filesize
14KB

MD5
9be135997bc6d54cf7cd0a9d8d2524cc

SHA1
1728c2121be7c319631a3ad0fd07d7098b975104

SHA256
9beaabf5a967b1d0a011d3880ed38427a90d6507c25e97fbe6ad69c754e9c24a

SHA512
1e1a445f5f0a8bfbb09b479ce09c0a49ddaf7191596508edb65b148f7abbbfb59045860a395db1f6fb381652fb6cd836f710deb02eb1dc2a4e9c5f37c742a2b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs-1.js

Filesize
14KB

MD5
41f019f066ca5c7735480edd5eb9092b

SHA1
fd6f2f8c89671906a87450ddc16e33671ed3b1fe

SHA256
8ee739c5e3a8634fef415f99b48e65efdb5ec6e4093ac6b24455735a98358775

SHA512
4fcb3eac5f6fd6ec212c5a855db24bf09461aac19007216fced9132110844a67e51b86bcf29e80f1c88ba38574948d0d420a0ecd4163efd134046acf35514dd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs.js

Filesize
11KB

MD5
c2fa763ac6005adb9ac6a3c120147542

SHA1
5d5fe92af10eb44c2583d57bb4268d8d1b428de9

SHA256
6ca2059fca61d0085662dc9ea894dea9824c1ca4db4f887715171bf8b2cc1ca9

SHA512
c45f96948f182be9d692b0f1d63f95ab1a0cf59c7677362ea849aac7cd7ded8b6d92a587b5f3ebff0fd28fbe3039c6c695334686b40cb1686b3aab89903b3e62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs.js

Filesize
11KB

MD5
9c7a59d7af776cf4ca49f9d447f13203

SHA1
5abd5f655984e271c1bc97efafd11a395033ed62

SHA256
99b1a6dfffb2fec346fc9c54f295811ab46a0f6b6f34b17d61c9ca8c01192168

SHA512
c5b47e739cae096374b82fc466ba3ff00bccc412205a61d488c600ff66d4b8647331cd411d73b1f5cf5bd0f2be13d91dfca300524681e24f240dcbd6491ef439

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.1MB

MD5
776a1d65636eaedc54d43e901c2d31c9

SHA1
af0181c46c3e0b639fa3a1c7c41a9a563ca010e2

SHA256
a85ba939e96de71f3d3519855509e88af4de5ad9b23ce05458f2921b124cb9cc

SHA512
709f905de9f119fd50dea545b89ed8d1ba41f7a75df5666882917cda9155966d633a8552fe2f9a2410a2b0acd1ce10a34af0d2a0be3f4feb4a8aa668634b7ab3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.9MB

MD5
6c79f99cfb28d5bbf6133c923af16690

SHA1
fd003cfc48793f4c78a76b8c7c2f6659f4551515

SHA256
c5e971696938342f3a7b136f160bc06542ce13e734ae624f3484645bb8ad5c64

SHA512
5a2858ff55375916652d5492a56a86c06e2ea4abde3ed66e9eb51daeb6a542dc2646e389a93dd22b6c01e184c341cda47f375e683f8d755125d821efb4e57352

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads