bfc092b384976e97153bae0e29359461bfd65fce5ad8188d6460de57bc680eaf

Resubmissions

02-08-2024 12:16

240802-pfv69s1drg 10

02-08-2024 12:15

02-08-2024 12:14

02-08-2024 12:06

01-08-2024 01:57

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1/4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
Size

1.2MB
MD5

dd831eb4a822421a497990d84a0fd578
SHA1

aa7ee9cd7fcdb6e0f15c57f6f99c83c320480f3b
SHA256

4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95
SHA512

5a894b58d5d6b3a6abedb687caa16c06344d87b6d8e5bfb39d5b9806a7b51f3003e3ae83871683d086a760ea987a42bff511d4cb4d723a9e52744ea8aaf9b73e
SSDEEP

24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8aLY2Sbly7TWEPje:4TvC/MTQYxsWR7aLY2dW

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3089151618-2647890268-2710988337-1000\Control Panel\International\Geo\Nation	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3089151618-2647890268-2710988337-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3064	firefox.exe
Token: SeDebugPrivilege	3064	firefox.exe
Token: SeDebugPrivilege	3064	firefox.exe
Token: SeDebugPrivilege	3064	firefox.exe
Token: SeDebugPrivilege	3064	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3064	firefox.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3064	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 516	3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe	86
PID 3176 wrote to memory of 516	3176	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe	86
PID 516 wrote to memory of 3064	516	firefox.exe	88
PID 516 wrote to memory of 3064	516	firefox.exe	88
PID 516 wrote to memory of 3064	516	firefox.exe	88
PID 516 wrote to memory of 3064	516	firefox.exe	88
PID 516 wrote to memory of 3064	516	firefox.exe	88
PID 516 wrote to memory of 3064	516	firefox.exe	88
PID 516 wrote to memory of 3064	516	firefox.exe	88
PID 516 wrote to memory of 3064	516	firefox.exe	88
PID 516 wrote to memory of 3064	516	firefox.exe	88
PID 516 wrote to memory of 3064	516	firefox.exe	88
PID 516 wrote to memory of 3064	516	firefox.exe	88
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 316	3064	firefox.exe	89
PID 3064 wrote to memory of 1964	3064	firefox.exe	90
PID 3064 wrote to memory of 1964	3064	firefox.exe	90
PID 3064 wrote to memory of 1964	3064	firefox.exe	90
PID 3064 wrote to memory of 1964	3064	firefox.exe	90
PID 3064 wrote to memory of 1964	3064	firefox.exe	90
PID 3064 wrote to memory of 1964	3064	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
"C:\Users\Admin\AppData\Local\Temp\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2036 -parentBuildID 20240401114208 -prefsHandle 1952 -prefMapHandle 1944 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0588a38-293c-4119-b5f8-b4d1790d008d} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" gpu
      4⤵
      PID:316
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ac21d87-0b54-4818-be29-eb76cb0459b4} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" socket
      4⤵
      PID:1964
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2968 -childID 1 -isForBrowser -prefsHandle 3160 -prefMapHandle 2676 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6141ab9-c39a-4c54-ba70-f2dd35904523} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" tab
      4⤵
      PID:4008
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2924 -childID 2 -isForBrowser -prefsHandle 3724 -prefMapHandle 3720 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2d88bb3-c2ef-4255-82af-9a7911c9b82f} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" tab
      4⤵
      PID:2408
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4916 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4908 -prefMapHandle 4904 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c67912c2-591c-41e0-8639-b3989cd17362} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" utility
      4⤵
      Checks processor information in registry
      PID:3620
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 3 -isForBrowser -prefsHandle 5508 -prefMapHandle 5548 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73536f31-1a6b-49ec-9283-5c01d59f70d8} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" tab
      4⤵
      PID:4776
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5724 -childID 4 -isForBrowser -prefsHandle 4732 -prefMapHandle 5448 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c22a9650-c01b-476a-8454-72ab387c8060} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" tab
      4⤵
      PID:3464
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5832 -childID 5 -isForBrowser -prefsHandle 5468 -prefMapHandle 5436 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dd4c097-fc25-4f6d-85af-e90a43bafea0} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" tab
      4⤵
      PID:1776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
2d520b7ee1133e48ff3590b69a94b53f

SHA1
e99d17583fac2652f900f885ca4983e58d076c35

SHA256
95f0c546a4bc4db97af3eaa6ad5d90c3c4d61b16a09ee0b96698d2268b291e2c

SHA512
f495150e66a9e613eec34142a64deae74a61e12fe562f0dff73ef4b8625d374ccbdbec3f1624265999d6ac53b13f8789ac0a0c32b7157bc3418f006d6fc420f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\activity-stream.discovery_stream.json.tmp

Filesize
19KB

MD5
a117c8037c4f2b3b1ede4bfe2f055a1b

SHA1
115deb9e58210b8434a1b266e3bcad62ce0b15fe

SHA256
861b5ce4fced76a8736dc40ce59a45da776f147e602e6ebb2464041863e9e218

SHA512
59cd05a0c111a530078fec8dca902e34f8c16e0014ed836cf9f0ed556f90057422faec750b0a090129b47d93ceda6858a3e7f3a54bfa631c61e69d6101dd83b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
3aadd476623923eb0fc5e051528c4a67

SHA1
7b19108056755ef4a0dc97c5abf2f4f04b78a924

SHA256
ef89426467b763490c8ad935f2d9efc6a36c8d81becda787907e8bc59a40d878

SHA512
9f5af590072666f60904f1c723c489c29149b7089a4b46c5e3ae90b2c17fc66607e41f250a3f2f2b06a614e5ddb3370509cde6c62e1a2b6772d75e9e55ce3666

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\AlternateServices.bin

Filesize
11KB

MD5
71612347fd78e58c0597cd2e85ecb660

SHA1
4e8d64802a6ede5e6357812f8b7b767a3004b19f

SHA256
41e674a293810b9965711c823fb3b1d4e96b066ce82948f1ddd3860589855a64

SHA512
adc68cdf0ce095e2e2f97c2a9c73d25f93cbe148d5e3407be14748f244d9b4b4b0705bdaf228d26f7c7d6085a474e7f6e7d84126a451196a9a0325ff4721a358

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
e9bba7a2bfe9db79f379327ead48223a

SHA1
13a82d7ad45cb0012a611aab64383a45774ef051

SHA256
9cc9cce3521fe12f05a3085d801c20c8d7c994abb701afd8ef18b9f167aad805

SHA512
05b7cf49469759c2f95776b48a8d55af2216eff4ee744367fa84987365a730412485b10500bae352c4fbaa8a7947a87f7986f0ad2eea603ddc34fd3062013dda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
01c508815de6f02b6c2066286a253ea7

SHA1
c4f9b77a94a52b659ed4bd70ea23e6690f1f74ef

SHA256
2fbcb07c8abbf11a4803022f0c687650b23b8375a6e9210cca40e48ffe635b28

SHA512
b39459821e275220dff095e087e96950e8aa83f7ec65748cd7f1869da0ae2ed0c4894ce00b88206cf3f96f0317cb66254040fead49a03024ceb136840577f3a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
ba1e8e39f95f63d50851f4c0aed27abd

SHA1
12084fc8c9fbb7b1e53f74144a55318d686e53f5

SHA256
434a2710c8f7340738b666776f1d933b81ed58212ff63e41b05c49280c64f4df

SHA512
b48670f4a9dfb0729e8e88b98d0b6a0d01e005c46ff09721707976b250d2f3f1812bdd658701a405b55472ddc57dece5c41f0d8740191d1b914caf33a342dcce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
8e198435b50c7f1ce488ceae4cd33379

SHA1
8fe7fa2631067b6de731d399125bf41fc43e1043

SHA256
b5eff8df9966853bb555e274903695df25d737e8d931fd06042f59c8d35cb88d

SHA512
0dc919681c7c17e73d5af3dceb3d9b788d485b411960f5b1b7b7adc2b37880e0c7de33218802dc5fa9f324740daf7481b572ad4132df228d9a8d0694d9c205b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
d5ae9c01a48dea6df8e641e45826c5dd

SHA1
aacd3cf102ebc3d43b1ed4c2f33afa2bc062ccb9

SHA256
af6e0c69c2d99a74d5d7b9523b86cebd540f619b9ad04fcaa5558ef700c11347

SHA512
dc80b703abc4e8d5b0955b2de60a1272d4e18f524e56a577b72c5e827ab7ee6156b5b8978b56ee9557d8b3239fb654f06b7a1d1ed71cc14f2f4afd5019fa2e5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\datareporting\glean\pending_pings\71d63007-ba94-44aa-af02-59f10ebd7d72

Filesize
982B

MD5
f56cd0c0c280ad57da6fd6f63b5e22b5

SHA1
a4c4778954f31b251f8985d167c9afed14e12efb

SHA256
bc891f8c32c8cccbe5d8c9cd100276ae24db6a88e0557682e2f6ff6ed1cd8987

SHA512
10e1f58e9ca4757eea60e17e5f81edb00f199ebbc8ac18b56c1d124c7b887599dd50ec2ed98a22ec0691bd396595de5c67e5830485c7b211619b9bc1b74f33bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\datareporting\glean\pending_pings\ea0ad5fb-3669-4964-8e2b-6fb5df65e8ff

Filesize
659B

MD5
0cd470299cc657ff0c4730f44c349f54

SHA1
f35897f009187fd46673810bc9a9c0ca9e933d73

SHA256
6cbcccd38f8f640506279a23d75963c2b374256cdb4e05af1292bd56ba5db7ff

SHA512
396c0d33b20b687c2fd1eefc6ea696c6aad8a2a4600273aece62bf6aa18dab9ff319948329e02a1df7a8798d62c4356a81f01b51f2f78aca518685fc3111f346

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\prefs-1.js

Filesize
12KB

MD5
5cb8fa653c4139bda2807f505b9531ca

SHA1
74a3dbf2c50b0114c1715b4c83df5d46cc64c4a6

SHA256
146462864236d9af5dd0c1ba1eb585b059f59e9dd0b9d66bba934acb6746910e

SHA512
05cc7a56089dba46945ff93df337dce08a05cce5d0168d47b9fc0d5a44a2578aec750c1fc12239c60fca5643feb3e0c640903158ec39a22e00be14d403c2cecc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\prefs-1.js

Filesize
15KB

MD5
98b994944b0959908e9e21c5729a65a9

SHA1
7dce4a896c63b31fd5b4f5ee5051b16a06e79496

SHA256
64cd4b521573c4ed9590af728366903bafe564966cf47a5eadeb8d62e7207a49

SHA512
acc55d52bd73fa4296974ef5bf2e81da4a7b689e64353103c92fd4547b05ffd01bea8f97e7ad1b1218f6cdff41ba5dcb720c5a9030d98b76de57d2a1d55c97c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\prefs.js

Filesize
10KB

MD5
170b6bdaef431f64e1bf04503e14087d

SHA1
16d3e7e4b84632fd1a1ead67efc5592121f97d05

SHA256
2e3d7ea20943881a7c8722a5683400caa24deff60beb0a065d9b9d296bff11bd

SHA512
51dcc2bbbca3809ffde76682c83a0b5b619dcd7407b999c0870512462990e387d182783d88e672f33275f95ffff893a7effee5def18b71433d92e786e2cc6eb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hdqbpzf1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.2MB

MD5
e7361bd8b8f8ad3a2dc23b56326e2f99

SHA1
814c86f530a99f7cd92749c91b777cc4f23eb3e7

SHA256
a92927b5df1cb33e729f487d8516dfe8f253b76f36595d9706bd05053cdd6ce0

SHA512
64507cf161987b1e6b8cee341f26f39f85bcce05fb8072275794dae5ff30b8ec62dab14cce2aa1cb8c127bd671bdd0c33fe20480da61600e754e0fbf609a9824

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads