8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
Size

3.1MB
MD5

581075f5480dcc0b526c7d2657dbdbfe
SHA1

7b1b9b9e4eb77420284a2e4dca25e868ace1d563
SHA256

8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e
SHA512

c46dca2aaa534bec81e9ae7bee5a5c969da10608d7d973e128874c6228a9ca6ddb0e1ac1b4b6c326b688ed8bf701925fa02ad2f91d8dd8dfbcc08ec575be1665
SSDEEP

98304:rVIqrj5r24Ig10gD0IknxR4eaMBXgLdkOlmx:rVIO5i4IUwIknxR45kSfmx

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe

AutoIT Executable 15 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2148-359-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe
behavioral1/memory/2148-374-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe
behavioral1/memory/2148-379-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe
behavioral1/memory/2148-380-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe
behavioral1/memory/2148-657-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe
behavioral1/memory/2148-1227-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe
behavioral1/memory/2148-1861-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe
behavioral1/memory/2148-2619-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe
behavioral1/memory/2148-2621-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe
behavioral1/memory/2148-2624-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe
behavioral1/memory/2148-2625-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe
behavioral1/memory/2148-2626-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe
behavioral1/memory/2148-2627-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe
behavioral1/memory/2148-2633-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe
behavioral1/memory/2148-2634-0x0000000000080000-0x0000000000B6B000-memory.dmp	autoit_exe

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4300	firefox.exe
Token: SeDebugPrivilege	4300	firefox.exe
Token: SeDebugPrivilege	4300	firefox.exe
Token: SeDebugPrivilege	4300	firefox.exe
Token: SeDebugPrivilege	4300	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
4300	firefox.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
4300	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 4956	2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe	88
PID 2148 wrote to memory of 4956	2148	8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe	88
PID 4956 wrote to memory of 4300	4956	firefox.exe	90
PID 4956 wrote to memory of 4300	4956	firefox.exe	90
PID 4956 wrote to memory of 4300	4956	firefox.exe	90
PID 4956 wrote to memory of 4300	4956	firefox.exe	90
PID 4956 wrote to memory of 4300	4956	firefox.exe	90
PID 4956 wrote to memory of 4300	4956	firefox.exe	90
PID 4956 wrote to memory of 4300	4956	firefox.exe	90
PID 4956 wrote to memory of 4300	4956	firefox.exe	90
PID 4956 wrote to memory of 4300	4956	firefox.exe	90
PID 4956 wrote to memory of 4300	4956	firefox.exe	90
PID 4956 wrote to memory of 4300	4956	firefox.exe	90
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 756	4300	firefox.exe	91
PID 4300 wrote to memory of 640	4300	firefox.exe	94
PID 4300 wrote to memory of 640	4300	firefox.exe	94
PID 4300 wrote to memory of 640	4300	firefox.exe	94
PID 4300 wrote to memory of 640	4300	firefox.exe	94
PID 4300 wrote to memory of 640	4300	firefox.exe	94
PID 4300 wrote to memory of 640	4300	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe
"C:\Users\Admin\AppData\Local\Temp\8e237e1819a862b869b00c7976f87bf35b5e8cf3a124a4e2940d5baf29e4bf5e.exe"
1⤵
- Checks computer location settings
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4300
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6401837-d235-459d-8388-6fc1de02d3ab} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" gpu
      4⤵
      PID:756
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 26677 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43eab26b-181a-4012-87b0-ba98956e806b} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" socket
      4⤵
      PID:640
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3220 -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 3244 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1072 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {389cf458-2675-43c9-851a-e21f2620c513} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" tab
      4⤵
      PID:1604
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4092 -childID 2 -isForBrowser -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 1072 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {370e0ff5-fe36-4739-a0e1-1df4565b1910} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" tab
      4⤵
      PID:4852
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4876 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4788 -prefMapHandle 4784 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05f1c13c-2567-4a3b-8763-cfa4308d02e0} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" utility
      4⤵
      Checks processor information in registry
      PID:5444
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5168 -childID 3 -isForBrowser -prefsHandle 3984 -prefMapHandle 4060 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1072 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a57e4e2b-71d8-441e-b6f1-1e467cf687c5} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" tab
      4⤵
      PID:3768
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 4 -isForBrowser -prefsHandle 5528 -prefMapHandle 5524 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1072 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d65a633-da83-4a68-a1b6-65fc9b0f1bb7} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" tab
      4⤵
      PID:1520
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4060 -childID 5 -isForBrowser -prefsHandle 5660 -prefMapHandle 5664 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1072 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78403abc-2da4-46fb-bd5e-dfddc613335f} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" tab
      4⤵
      PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
a01ab697e8265c4a9970a27aa7e64ac0

SHA1
55d885c0db54c54b00af433673c49578dc7d6a42

SHA256
53455d785130502e9dca6d7eff87268e2e6a1dbe14ffec705292d8194c59e307

SHA512
7e59a3ac9bd509cf7c3f797d460c8a134fe761afbfc0c2ef7d8d951c7cb7434d4f8fbe6f3f90162ae30d1e2a27820d6e930565e34e20d24a848253fd92a555d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\AlternateServices.bin

Filesize
7KB

MD5
4fb9c982c22fcb2e89b6f656fea2b249

SHA1
9b414ed35077d8bca8126e78f1ff1599ba776756

SHA256
69aea80d96a143e486b9f852758bb702cd677865b9365366ee9c60f880d70617

SHA512
35ae0535473fdd70ef2aed60231bb2fead0ce229aa46f5f4b83c265580fc0653ae19f6223077440541b37069910b270407ebc05d74af22c252fe2ecbb54f2c4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\AlternateServices.bin

Filesize
12KB

MD5
eb0360e887e5da68b1a5836324835494

SHA1
17820e9d92c328370f8c747575701c9166fbcef2

SHA256
5c5793e266351d7ccea27009f96342065e50429ca4eda670ac15856409796e31

SHA512
9597c11e59edfaf1a79ca8e9e2653cef2839d3aa0813d379325481bee4da1b48f243ee2ce0dfa4f8ad0e1dbf6e2e3b9666a7eedf7fe28a79bf5bb921ca6d33dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1516a5e57592d426e6deb98cccff8ca4

SHA1
aa7ff053262a20033a5a33d7850d76d3f70bd40c

SHA256
afa8157d465780388662f229ea676c9264b781071e63966f87d025c3b51a210a

SHA512
b9840f412bf3b5f19619ac10a38534fb1f223c65ca559c0f8cd9d5ec53ade0639cce1dd77a94d18d7e68e2de5fe525991853c06bf604ab7134fb10a57e1f83b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
7ae45ed695980d8d36d5430619a8cf3b

SHA1
edd9c648cf82a3e3743c0c936f3ac5cca7a7a20b

SHA256
e13e8efbc19086e19398729e6e68ada04f7b47713079057e48183c466f317216

SHA512
1306cd3f875df3acd515b08b25e9450fc8704585f91c9bb49180cd6f421506d0afccb423f67a466b7c2acdbc12d08bcff2213c148b40abbe6b06c656dd0fd8a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
30089b535763601e7d9f062c3bc9b951

SHA1
7575b2035cc1e0290c0659d05c3eb73684338bd0

SHA256
844f26c94c38533432cd2fa307699f5c68590ebbad760533b1b3a5af0db306cf

SHA512
eea7a182ab11b247debc0977ede9472da2297c1bda8133d6374a3adc23136a294b0da987d8fb42ed04871de6a47a8aa0007fe20afaf1f3837a6df0584c64ae3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\pending_pings\165c43ae-b55f-4f55-926d-c61a8802db14

Filesize
671B

MD5
009aa95385078dbbdfb0ad2f74ac7111

SHA1
c88b17d2f2083d33d7cd786be7edfd00705b6177

SHA256
178461023120d79be6ee0920a8b785598b51286320d8b4615a4fd747bf25054c

SHA512
9e4395031f0b2ab9aa77b31977fe0a9dc328fd5dbcf759d4980656b6fe341977529dc5a284b4e5ec2a375568e16e8ce07a153546015fab12cdc995e3901e59ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\pending_pings\2ab78cda-5135-46d5-832a-d93f2da8fbcf

Filesize
982B

MD5
60020c4d3faffe581c8799e55e170136

SHA1
3028161c736a0e279d62922bc8fe4d008a5dd26e

SHA256
9ea3f0df2459dfe4db184ad487701d5e90c8bc7db9c373ff7023194b0696cb0b

SHA512
146979071a72a20858573334fbabe0027f28f87a17c37462fbfc3ea426f193b98bbcd89925abe412b080b3a47ba44ec787304e2ed7df3e0f6b9c3db060dccb93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\pending_pings\ddb3df10-2a6e-4b39-b120-e2c13844fc2d

Filesize
25KB

MD5
1afeaf1105b4edd5c5f19d465ad7e61e

SHA1
38f620e9dda03bded6b2e002b824afa25220b3e7

SHA256
35c060568211078c042eb8873cfb6e475fa77d22182786cc7b43ec772c5a895e

SHA512
afa8f311e77b53444ca4209b6bdc33fbde648e47ce2b407e3c3ebc52175d8e917f9ee04b39f72c8890a46caf3b07ca916ba9268e00b243bcdaddccb889da7ec2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs-1.js

Filesize
11KB

MD5
0cf3ede74552d57b5ffecd5fbcb787f9

SHA1
dc429c60239cbfa2122c2ec8639a70828f792e89

SHA256
c3e33a7ede2e3156a2144a6c0e39163fa202a65b1fb73c4ed38d409876e0c798

SHA512
e825ad27517ab4d781db777cae70b0bf567740865fdedeaa7a6a4ca0d64e7ee741889875d1efac77b7a040c627927b8ddd78c70b91fa9af0fc3ad4361d120abf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs-1.js

Filesize
12KB

MD5
381ffb3e39202a6f20b38c91bfc8ad80

SHA1
7d62cbe461148924d253da97e3cca89eba31a062

SHA256
1a458695d96383b373f6e143ceaf5c15cbd41301a99def33ef311f366c3bf5e2

SHA512
af9b36672386390f858ea53eaf62736dea7f3475c062025099bbc4d4cb68ca09c86932d3fadad4f2b0ce2f0bdadba8d7cd1edefa9d10cb7984807a9729b1995c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs-1.js

Filesize
11KB

MD5
a1f4cce28a4f809e9847aafab1562648

SHA1
476f7664c4acec19bd7d57c2e2d634967b2c32da

SHA256
585391f09b0e2594d9fa13c468420bde21e9f8f63cf01209fc2370b4296c7cf1

SHA512
f3418d0e67865fdaebd3986c2a952b41b06b13634f1e7f2ccdf0c9d778a1f84636575e66c1f4f3ce8d464ecd7fe68ca7ebcab37da4c59eac07fa8b97ec0dbbfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs.js

Filesize
8KB

MD5
663b1fa80b49869a2d394ce88baae016

SHA1
2f006f8c6efafea908047a3ec5355df1a1ff3524

SHA256
e5411dcb3c5e9e113f320c35dd9b59c353b55a837ddd9a1a3e5a85a42b3f9c17

SHA512
04dd1213608d65030cea381799fdf83a43b2ebeb74a74acb0bfc87de4e250124c2d66b52a1fe37cd5770b64a2d44c3541dcb651e5443cd8ca21231277393658b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs.js

Filesize
14KB

MD5
21f3ef9a4fc8a3e3791f233ca25a918c

SHA1
98daa5368953bc558e81f90a84de9b12526ff046

SHA256
06257a9af336e8d56803ca642ff1576eaa798873a12d54e3d9efa9692c2bd113

SHA512
e5572bb202641c804999f0d912fb57f21150e472333e7fb0f16f506d3d2a9b17fcfdd1b228448d2c5541cc3199db605eec8e119546127a779cc404997d46439c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.3MB

MD5
580af6361c4e6f950ed8fda10a8f048f

SHA1
90d5059ba8a50d76f8288753c81f885a7d934cb9

SHA256
a1c1c119137e093421f7464a13949d53e8cb023b0c732bd13407f13982b75a21

SHA512
26bd000240311252a63572ed7d9cf86143836e11165f72681c198b1068a89a37149cac916ef8de5c24e0ccf7ca672b83f541cf86f9607c9df6b4b17b386632f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
2ee5291302e050ff84b4bdaf754c6f0c

SHA1
570efe72340908606df895059c9a9bc1f332ead7

SHA256
4d3d23c5893a0a31053a7bacf00d8ce3142bfa1383e25fb668eee4b1454d028c

SHA512
8687e8f604b21ade1789e9a7b7a7efdc82c2be982a5f12b201962ee857972a45807bc3b0e3bdcd8532d89792ff4914f9c8895236800a6d83915c520102486f04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
f75cb06f5702746eaaba9f9e90bf730c

SHA1
2eb78eb5448412665679d619161438695f8897ff

SHA256
15f55384f13af3537fd2d29cd2a4885d526deea8ecd640c18cca50528806d70d

SHA512
08721250dad9a2b767a82a87ec310019e84da7273e4c0913afb23c6ab5df4e3fb90111b3dace3253dc29ffb8b29b88a01b480afdd94d562e7f268d4fc95c0683

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
49196a1ea68717a15530d2dcd6271fcc

SHA1
b9ff7ed74bd4a2ac943f27233df185389edbb75b

SHA256
6f4a9b1fa05d4f50fc570d3a7e3f64d1592d46e309cab83da60102d3fe8e2d03

SHA512
e8eac9384d47b7b56d13b9bf52a2179e9388484a84a5b7f6b97e88f882fc7540b148917b1a35b348cb8baa31e049c365469b265a36fedf6c8e38a63a381675ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.6MB

MD5
6d5ba7a8dd664485261e327bf440b151

SHA1
e3d5508819ab9fd7f2fa88e68507cb07126c0fa4

SHA256
b39304c3774c7de043b07811881ef07141d42f8a79709f775a078854ed460140

SHA512
f241052ca8a5d8f5cdd4a4d9053a8ddba99f222522a8bc200932fe384c8f11655ee3d297cc7a5c59a4137359a01982e4a3cd85f7bd68f63627726a6e81f7b04a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.2MB

MD5
a560e7d6002ed123c0e64ba32b434211

SHA1
3388db13eb4cd5c81d824561afc45bf901be8fbe

SHA256
51976930db25a005cbb070b7159a38366302d615645d839b0aaf77a1a53d63e2

SHA512
a23c67f4c4b0cd9bc3a4edca5891a0d142da2eafa517e10b8e377b01c27b4347c26ed24b8e9b2fe1416f7a46326290dcffb6de78e56bca8f75686adb206fbb8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.9MB

MD5
8d3767ba6b5654c985ad72b1e23f9937

SHA1
a93582944a1c86330c146232080c754bcb4fe0de

SHA256
b596df932a1dba179c0e0b97a201b4d8f86c26747bdd4fbb125d82e9c2bc2212

SHA512
e7cbdfa7fac8b1a8303ead899bda8dcdfadfb2c42e27d47e71cc1334958a284185ac2512a96199197b1fad3204f698ada201264bcb151ebebba45b4c681a2de6

Download Submit
memory/2148-0-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-1227-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-2-0x0000000077A12000-0x0000000077A13000-memory.dmp

Filesize
4KB

Download
memory/2148-380-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-359-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-374-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-657-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-393-0x00000000FF550000-0x00000000FF921000-memory.dmp

Filesize
3.8MB

Download
memory/2148-379-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-1-0x00000000FF550000-0x00000000FF921000-memory.dmp

Filesize
3.8MB

Download
memory/2148-1861-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-2619-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-2621-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-2624-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-2625-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-2626-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-2627-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-2633-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download
memory/2148-2634-0x0000000000080000-0x0000000000B6B000-memory.dmp

Filesize
10.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads