bfc092b384976e97153bae0e29359461bfd65fce5ad8188d6460de57bc680eaf

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2024 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1/4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
Size

1.2MB
MD5

dd831eb4a822421a497990d84a0fd578
SHA1

aa7ee9cd7fcdb6e0f15c57f6f99c83c320480f3b
SHA256

4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95
SHA512

5a894b58d5d6b3a6abedb687caa16c06344d87b6d8e5bfb39d5b9806a7b51f3003e3ae83871683d086a760ea987a42bff511d4cb4d723a9e52744ea8aaf9b73e
SSDEEP

24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8aLY2Sbly7TWEPje:4TvC/MTQYxsWR7aLY2dW

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2951562807-3718269429-4208157415-1000\Control Panel\International\Geo\Nation	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2951562807-3718269429-4208157415-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2224	firefox.exe
Token: SeDebugPrivilege	2224	firefox.exe
Token: SeDebugPrivilege	2224	firefox.exe
Token: SeDebugPrivilege	2224	firefox.exe
Token: SeDebugPrivilege	2224	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
2224	firefox.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2224	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 1048	3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe	84
PID 3112 wrote to memory of 1048	3112	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe	84
PID 1048 wrote to memory of 2224	1048	firefox.exe	86
PID 1048 wrote to memory of 2224	1048	firefox.exe	86
PID 1048 wrote to memory of 2224	1048	firefox.exe	86
PID 1048 wrote to memory of 2224	1048	firefox.exe	86
PID 1048 wrote to memory of 2224	1048	firefox.exe	86
PID 1048 wrote to memory of 2224	1048	firefox.exe	86
PID 1048 wrote to memory of 2224	1048	firefox.exe	86
PID 1048 wrote to memory of 2224	1048	firefox.exe	86
PID 1048 wrote to memory of 2224	1048	firefox.exe	86
PID 1048 wrote to memory of 2224	1048	firefox.exe	86
PID 1048 wrote to memory of 2224	1048	firefox.exe	86
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1340	2224	firefox.exe	87
PID 2224 wrote to memory of 1140	2224	firefox.exe	88
PID 2224 wrote to memory of 1140	2224	firefox.exe	88
PID 2224 wrote to memory of 1140	2224	firefox.exe	88
PID 2224 wrote to memory of 1140	2224	firefox.exe	88
PID 2224 wrote to memory of 1140	2224	firefox.exe	88
PID 2224 wrote to memory of 1140	2224	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
"C:\Users\Admin\AppData\Local\Temp\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2224
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1924 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b42ba23e-8dc7-4322-b3fe-0d2d1c156c1c} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" gpu
      4⤵
      PID:1340
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2432 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bc29ade-69a9-4d25-9a1c-e92873685bfd} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" socket
      4⤵
      PID:1140
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3232 -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 3212 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c29ec81f-168d-41ac-a422-d9164532304d} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" tab
      4⤵
      PID:220
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3852 -childID 2 -isForBrowser -prefsHandle 3956 -prefMapHandle 3952 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {628067cd-6d38-43c7-b601-431c31b9f83e} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" tab
      4⤵
      PID:3328
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4512 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4592 -prefMapHandle 4676 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb6d41f0-9038-4c12-8f0f-37b9f2500927} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" utility
      4⤵
      Checks processor information in registry
      PID:4604
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 3 -isForBrowser -prefsHandle 5448 -prefMapHandle 5444 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d96eda83-0bc6-4de0-aa70-fb3648f69e49} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" tab
      4⤵
      PID:724
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5636 -childID 4 -isForBrowser -prefsHandle 5556 -prefMapHandle 5560 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcc53e22-f35d-4736-89ba-7fbb2bff4c5c} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" tab
      4⤵
      PID:5064
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5836 -childID 5 -isForBrowser -prefsHandle 5760 -prefMapHandle 5764 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {973d836b-34ed-47f4-9b1c-0ebd35fc2a34} 2224 "\\.\pipe\gecko-crash-server-pipe.2224" tab
      4⤵
      PID:3392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\erhtqml9.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
e03f1644f9edda68140044ea7954f32b

SHA1
776a2b173216c0aaf361ae01282412a8b498736b

SHA256
aaa459ea520bc61998699e13c0b44b6e0e0eabfbff68e3719f76de508eb5f128

SHA512
31a4d8f55faaa838f59f293f77f34e0173d2e13893aad077072e42e4ed25c8c78b50ed2a9c156a5581b880ca63db720016296dd50af9065a77ed21b0fc01754d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\erhtqml9.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
7717f6d3a99a8227c3f962c9639546da

SHA1
bcd29485518ad495782e7f4fb660421e4848a61c

SHA256
2c92eb02ebc6f9b9d89f7d9aef79f300b5686ab29b30b08fbe9cbde0020b5afd

SHA512
8271030b6e27701bd98a45367af974150e35ac8930c92a69224f9a1339aef5010e4e7f4fe57b7db7b0a6f747e7a14fbf74c8258432107c64e59f638949ba22e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\AlternateServices.bin

Filesize
8KB

MD5
f0ea3761f5bc5538386a3906c11303a2

SHA1
f1c13f767de9805eb3502a652a73d21122eaefd5

SHA256
22d98a1371d8e70309269dc7450abefd236b28a4d99e22c0309baf997a7b4f18

SHA512
b28ce86c5992b8ac386ee7221594fcc176f082f3e31c7ae3c690d8a5a3b87414c1104ebd7e507aa0f1e11cd71482c8a45a3c9fd57520c7de215adb0d5e524273

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\AlternateServices.bin

Filesize
13KB

MD5
8417a290320fe15f831250da8b174abb

SHA1
0300338c0a6f5d7881a88c5708d0f1e5cad63385

SHA256
e18411e225fecc3c2266f44cfc11b00dfd1dd3b0a90368499e28b14238fcb848

SHA512
f888df57369452b5adfb0e0d5389a74bb1741971eae60de248de2e2654c72ef98517fdaedac0e6dcf683da222c908713fc4f925148784664862e5e2fec5d88d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
2b72895b3fa8c0ecb1c9919f070015a3

SHA1
fd682434f768a0b3bf8ac3070133482198cb16e1

SHA256
875ad0a90c8bf62720491bf0f2d42e4df94faf13232711339b2ad1325c393e77

SHA512
5fc7ecdf0cf3f2ef8e0bba3b43dfd9d7369c14f581f902427994889c95801cb3f063ea758edfecca5ee2d442c4efe85580fb6a4297125ec0a556b6ff8df2cbe6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
f7ff5e030a27bcd100d1dd7515edf29f

SHA1
cc619e9fff3354118e0de6ee497b24c3ecbb8653

SHA256
51804dd4ec87ae8ee94bb174950d705528af35f101f36fc9df7391b2ace89eb3

SHA512
6129d108d0b6f03ec8466cf665c3d8950505442f41ae672071d2c91fa7b205e34061ee47a5b35de4aa759762623b5f23558fe51d3fcec127413caf2a0069ce48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5989ca1daa2167244adf4ef920df4319

SHA1
0b410cf4559c830db668bf012283e9625d383af6

SHA256
59e9d26d8e439acd05d59873838760ae37f6d1e3a41ae82aea6932c2305d91c4

SHA512
9326455758751307d470476c0ada5bf3e6b9e1210e2f17bb7628fcb141b6f2f5dd6d23f531d565f8a6e9811b9b09c50155ea01d31d33f9901d4153b3d8524e8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
7591d1f9cfed258030fc11bc25d2c096

SHA1
7744cea8c41614c19da228e32888e47f356f61f6

SHA256
a81a8adcce24c415708b1c593463a6159351f19041e8e06b1e74eb982e04b6cf

SHA512
17201464b4e6a20e9476e5e56f75f741333e3f95bee862a1a372b54357701612a81e3b982c694b5427e1746488b188f5e5e2136fd299220d9beeaa55fee0ce54

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\datareporting\glean\pending_pings\0985bbfa-7431-43b6-9036-c7e909c8d068

Filesize
671B

MD5
f67c240649ead2ab0fe0151a37beec37

SHA1
d92e01140157703b01bfea99d814eb038ed2f03b

SHA256
00efcad1fb88883e0818f6fc22dffedcb0ad8079560c41ab936099f44bfe1889

SHA512
e8a0d6978f70234afcbdbb1b7f31057b360f9d7ce22873fb722daffada2757baa3e1dd6ff03772771a44eda2173cca5e21607734cb4a42fba31f5a0286783205

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\datareporting\glean\pending_pings\19cadfb8-9c80-4a80-8c3e-12d40539d3f7

Filesize
982B

MD5
c17a42487501e5dbf3f1cbaa31e2df19

SHA1
27afd5e9115fa92546a15a525422184d74cf5d1f

SHA256
ffb3cab7ec67c74c7334c19bdc6b6a9c52e8135eb452176ad9c5bd7236f4f148

SHA512
dcbb56d476384f0f4b790403ac8c8879a635d8c8b7743dc6d3023f4ba8e15a1039205fb72e69eeaa4a40a4309871070e0b814a72893022f16668bc71bfa19165

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\datareporting\glean\pending_pings\b08e0aaa-0628-4772-b69b-7ecbaf66e243

Filesize
25KB

MD5
0a004c51bdcc9e078bedf914d7a95c88

SHA1
298223337a3c11a50a59e0aa3c8fd327431370f6

SHA256
071fa0c4dafe76d4a7f1d084b25f0b5a084a2ab7a4e1b5282289fce838d23ebf

SHA512
311879dc8019e84ac4c2fb1ea9704e272f2c2772a2e1bbd962df1a9c39fae1ee48899b218fed3cd903bc252d189b55b7a43fe6d9278eb3b2e0d2bb660ab078e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\prefs-1.js

Filesize
10KB

MD5
a2088b35d49ee722fb42322cb62bfa38

SHA1
c474b61d0050f68963fd57e073ee122e69d64738

SHA256
d4545d87329701af8e4b26dce04c377ee96e002f1912c758cbebb683a92cda51

SHA512
abc44cf32a6cff9e98eb06b183f3a0e41f8e4723ec81940744e4e1ff9237a06df19d1c51e66aed4b34d3a907d95c5aa1ccc0a917c20327817f1135548a4a9754

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\prefs-1.js

Filesize
12KB

MD5
c7ff68c7a720f8650b077de3b5212424

SHA1
dd0177d5fb75280547a396a4fd20cf3930f1ff59

SHA256
4aa3ef57496324ca5a807b260a14da0c4abf21d35baaa9bd502995a26ddbfa71

SHA512
7a212db25938736176ae9a7a60cc70d8ee24bf035a4cf79a4175057997a08f820ec3b347ac3e0e64154160aa7a141005edbe18bed9ab7d4f43ecedb519820e72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\prefs-1.js

Filesize
15KB

MD5
b13521ab718da3ce01a04fafad199948

SHA1
07668ede30ed99b3a98f5f8ad5bbdb3972d165e0

SHA256
79afaa7b6196d65328f6be49e52e79689a051267f264f316a6110e4deeac116b

SHA512
b8b86fa081af8cc294769e9398d78778ca04701456be34bd3514a2554a359506e2af9354e0a47d9d2768d5f4312933279dc4d157640c93f8dbd9e849a368b439

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\erhtqml9.default-release\prefs.js

Filesize
10KB

MD5
43b1ff2c4adc4626f916af77bb091d2b

SHA1
012d3b8c5c93562890948bb1228f9de630c9fbd2

SHA256
26be2313c0d431afe89df8b0ef1c3738baeea753444582c29077974e45794c99

SHA512
11af455af03e893735d336dfca96d3035c37ac18c9963e98e5989f4bc325d93038a3fd9006d8b27959607738504f09c265e90b23ae524ea30d7b65c6ced1de2e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads