bfc092b384976e97153bae0e29359461bfd65fce5ad8188d6460de57bc680eaf

Resubmissions

02-08-2024 12:16

240802-pfv69s1drg 10

02-08-2024 12:15

02-08-2024 12:14

02-08-2024 12:06

01-08-2024 01:57

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 12:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1/4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
Size

1.2MB
MD5

dd831eb4a822421a497990d84a0fd578
SHA1

aa7ee9cd7fcdb6e0f15c57f6f99c83c320480f3b
SHA256

4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95
SHA512

5a894b58d5d6b3a6abedb687caa16c06344d87b6d8e5bfb39d5b9806a7b51f3003e3ae83871683d086a760ea987a42bff511d4cb4d723a9e52744ea8aaf9b73e
SSDEEP

24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8aLY2Sbly7TWEPje:4TvC/MTQYxsWR7aLY2dW

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000\Control Panel\International\Geo\Nation	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	972	firefox.exe
Token: SeDebugPrivilege	972	firefox.exe
Token: SeDebugPrivilege	972	firefox.exe
Token: SeDebugPrivilege	972	firefox.exe
Token: SeDebugPrivilege	972	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
972	firefox.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
972	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 4960	3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe	86
PID 3368 wrote to memory of 4960	3368	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe	86
PID 4960 wrote to memory of 972	4960	firefox.exe	88
PID 4960 wrote to memory of 972	4960	firefox.exe	88
PID 4960 wrote to memory of 972	4960	firefox.exe	88
PID 4960 wrote to memory of 972	4960	firefox.exe	88
PID 4960 wrote to memory of 972	4960	firefox.exe	88
PID 4960 wrote to memory of 972	4960	firefox.exe	88
PID 4960 wrote to memory of 972	4960	firefox.exe	88
PID 4960 wrote to memory of 972	4960	firefox.exe	88
PID 4960 wrote to memory of 972	4960	firefox.exe	88
PID 4960 wrote to memory of 972	4960	firefox.exe	88
PID 4960 wrote to memory of 972	4960	firefox.exe	88
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1768	972	firefox.exe	89
PID 972 wrote to memory of 1732	972	firefox.exe	90
PID 972 wrote to memory of 1732	972	firefox.exe	90
PID 972 wrote to memory of 1732	972	firefox.exe	90
PID 972 wrote to memory of 1732	972	firefox.exe	90
PID 972 wrote to memory of 1732	972	firefox.exe	90
PID 972 wrote to memory of 1732	972	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
"C:\Users\Admin\AppData\Local\Temp\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:972
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65ac6529-a2ec-45a3-ba45-381211ab52b1} 972 "\\.\pipe\gecko-crash-server-pipe.972" gpu
      4⤵
      PID:1768
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2444 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {331b0be2-e08f-458b-9a3f-f5c83085212b} 972 "\\.\pipe\gecko-crash-server-pipe.972" socket
      4⤵
      PID:1732
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3196 -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 1428 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b96933b-ee99-45ff-94c3-658507aad83b} 972 "\\.\pipe\gecko-crash-server-pipe.972" tab
      4⤵
      PID:4460
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3260 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b257647-7667-45e1-95b4-4b260b2bc976} 972 "\\.\pipe\gecko-crash-server-pipe.972" tab
      4⤵
      PID:2816
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4548 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4540 -prefMapHandle 4536 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f03a2b2c-74a3-45cf-816a-03a2ad17be86} 972 "\\.\pipe\gecko-crash-server-pipe.972" utility
      4⤵
      Checks processor information in registry
      PID:1720
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 3 -isForBrowser -prefsHandle 5360 -prefMapHandle 5268 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eac83024-42ba-4b71-bee3-81848888a98a} 972 "\\.\pipe\gecko-crash-server-pipe.972" tab
      4⤵
      PID:1860
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 4 -isForBrowser -prefsHandle 5484 -prefMapHandle 5492 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de7f549a-ded1-4a5d-84d9-8a29f8654a3a} 972 "\\.\pipe\gecko-crash-server-pipe.972" tab
      4⤵
      PID:3428
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 5 -isForBrowser -prefsHandle 5760 -prefMapHandle 5756 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 976 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e23bdc97-1c19-4f87-8cb1-eac4b1054c95} 972 "\\.\pipe\gecko-crash-server-pipe.972" tab
      4⤵
      PID:220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\activity-stream.discovery_stream.json.tmp

Filesize
19KB

MD5
0a18b7c084a58c92992c9fcf95ec6176

SHA1
97e63f1d997502e2dbfed6dd7417652054d231c1

SHA256
1cef3b683372b4c4c87ed0f13a6b67d9001cf0c65e66fd97b8f6121712e3f438

SHA512
6c83340191fb6d04270924db7319c406a19dd31cfa0411d24c6e74db355adba6422559d372a085f2359e49fcb3e929d8aabe4960ddc53a2d28f9ce725d164164

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
de381b3e15d66749d7bf1cd2be19c7c3

SHA1
c4c56fd7855113f8c673c91712519a97d90a6e76

SHA256
e76329b5860b9e5a954a98f1853dad9a57abb3450b5fb48d9bdc306b897edf5d

SHA512
c0847c63c1997c60dec4871767a575909488d069657e28fbc62ad0b679b8486e3bc161ee5089a2c9a57d47723d722058afe1df7d39fd33f93bb198d3e45bd685

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\AlternateServices.bin

Filesize
10KB

MD5
0f311340630908d3a34eb80f8c9163c6

SHA1
ad2d125be3ccdfb418533750823ff722e180daee

SHA256
df348ad134073c3e78dd997905a8b91ef13b47a9664c967450e50e3a11aa8349

SHA512
95fd4817637e593092672ce78124ff050b527dd2669fa5ed4e0d32c5090505c607e7d9220bbea469b17a3da6d18148dd95628734b07702e0770a0b640834c391

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
747fcbf86c582e8f4688aa81fd41371f

SHA1
6e6ea04d2abb5ecf45e0c2faa378b09e17d48ec6

SHA256
dff1ac096b8e32440ab15cf6ae0daee457a8be46b9c4a552aa0b437b324832f9

SHA512
76a25349f144c53f37396d1e905984e56b3646c14ccdb60183037e4d7090b828fa0ca66fbcc5c364deae8a4f773df1d02a1fd4a869a0bca26d3d6883c1efa7b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
82c5b9bcc5e2af69d530a558def77649

SHA1
ca62fe40f7a4303f3f630b0a93c725b6bbe1484c

SHA256
31cfdad193153dbb0ed5297b5c333b1dcce99b7c2f80f4f4ba5d97f72b106684

SHA512
ace30afbd3356032fc504c1c7668bbbda1a4cfeb09de0b8c04394faa688296576ca0749536b23a73211b21ad9e3b9f9fc32f1d81c41f0101020a99c65f066f02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e35c2048bda7a5d28a55a1a864fc7c38

SHA1
6b22c645ee308520e285b4f7424f41583e296304

SHA256
d101a7cf849117ccc2e14c53fe42ca7c050c2f107705cedd53b90ec8f2963260

SHA512
d021f31d79066cea5061cfd0a5b425a06192ca9915d25ab20694525864801a4ed669c9d5de07f8fdb17490f6d2e85cb0f5c39dd95539987e82159c2a626f01fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\3b9f47c4-ef74-4388-ba8a-1a60bf75defc

Filesize
982B

MD5
cf3637a9ef50eebdc19c415f610f6305

SHA1
b8b1bdd9b61262d50aa9aafb14fde377712c40a0

SHA256
52e8b96103cb7f2c2c242d29fff24fc1a9f84bff6f884f3fb5bd5e8c37644d0a

SHA512
7754dc1fc2e7befb5cecb1eea43e2d04073f6c32e4e36d417051eae2013d5100310ceb991516e534f1d80507f980ae3eebc3555a9bb6ed4d25c5d751232d4a20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\81cad44c-5d1d-47ea-8953-059a18bd423b

Filesize
27KB

MD5
578a45507c6fcac15ab90c7f7693fda6

SHA1
3e79de9a3ba9e23eb42f38958b8bccede0cc0069

SHA256
8c733f94c276516fc0fd284e9f84cff2e12a9b8a6eeaa71af6469b9ffbad1176

SHA512
769b372b13c1fde498f6b9b3d33bd8c16bc3a4ea77652d8c474d8699558d966ef78fcbde1bde84288e771852f0741e0da4a230a74f3ad65fc5fbe8e4cb475e6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\b81f4df4-2446-4348-9018-d6103d366531

Filesize
671B

MD5
824b66b3be721e001ba5d1e9abdf0f20

SHA1
678fe2c8eee6ab177018755861404b971f9a0f33

SHA256
790bdf97bf14911c72bc59a667827bb2a13e6eb118a9214b1b9fc5e5bb6e0e87

SHA512
527b6e4aec6f85c0b01b9ced6d31757370789ab74942d70752d088982ae4a1e90a66d73e17ede9f24a9194cd60296b188c1d399bda6295fce3a1e548e6f3bbf2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\prefs-1.js

Filesize
12KB

MD5
16d143ff69ed7b252b6282bbc7de8a7a

SHA1
6ba3d6d355172a04a3814023c7982c7668c9302b

SHA256
334c03e236d1a0f3870fd6f1774852d967bd1114faf2463da9a79b3cb209d192

SHA512
0f7002babaea976de5b34ad7b04f13d258c2b22efdf6d7b69217207e94176e7ae0f45fc2d8b76f7d39b30dd8bb6ab6803c72e36369e66ecaac3908a10baafe09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\prefs.js

Filesize
10KB

MD5
d7378a3d0b55bc3c7841b4fdf6cb7782

SHA1
60ffeee87d3d0272591f0160e21f11917089a6cf

SHA256
dc5a3268a2a8f056ec53b05dad8ac084ae338eb2cdf2a87a5a2ed864c3b60976

SHA512
934d3afd26b2b7f84742b52e2060d1e1d2c0893956557d741431742b7fa8c992373774a8ce023adf10b3f610a6d39ffd225658cda41e5efb348d273dcf93164c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.2MB

MD5
014c1384574fe8fc5b7fe0c01cbc4a0c

SHA1
7189460d29f0084a0e581ee6b827c1363be060a5

SHA256
5592f7445bb53b59807467d7d7c547ac666717fb6cb9fde49e5c1f35823a9f1f

SHA512
94c757d4176881d1067744899bfc0957378f288f588760df71bf03d197bd2f67eb0400b99a304fde81257c7d0a1e16afd3d98de6065038662ae24fdf20c1f7f1

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads