3123af93014a5a5c49aa6fd2118f6805041af178c222be27e30b2fd477085c19

Resubmissions

11-12-2024 15:32

241211-sy44nssrdm 10

09-08-2024 21:57

06-08-2024 13:01

06-08-2024 12:52

06-08-2024 12:29

06-08-2024 12:26

Analysis

max time kernel
59s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 13:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1/4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
Size

1.2MB
MD5

dd831eb4a822421a497990d84a0fd578
SHA1

aa7ee9cd7fcdb6e0f15c57f6f99c83c320480f3b
SHA256

4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95
SHA512

5a894b58d5d6b3a6abedb687caa16c06344d87b6d8e5bfb39d5b9806a7b51f3003e3ae83871683d086a760ea987a42bff511d4cb4d723a9e52744ea8aaf9b73e
SSDEEP

24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8aLY2Sbly7TWEPje:4TvC/MTQYxsWR7aLY2dW

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2772	firefox.exe
Token: SeDebugPrivilege	2772	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
2772	firefox.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2772	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3632 wrote to memory of 4164	3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe	86
PID 3632 wrote to memory of 4164	3632	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe	86
PID 4164 wrote to memory of 2772	4164	firefox.exe	88
PID 4164 wrote to memory of 2772	4164	firefox.exe	88
PID 4164 wrote to memory of 2772	4164	firefox.exe	88
PID 4164 wrote to memory of 2772	4164	firefox.exe	88
PID 4164 wrote to memory of 2772	4164	firefox.exe	88
PID 4164 wrote to memory of 2772	4164	firefox.exe	88
PID 4164 wrote to memory of 2772	4164	firefox.exe	88
PID 4164 wrote to memory of 2772	4164	firefox.exe	88
PID 4164 wrote to memory of 2772	4164	firefox.exe	88
PID 4164 wrote to memory of 2772	4164	firefox.exe	88
PID 4164 wrote to memory of 2772	4164	firefox.exe	88
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 2208	2772	firefox.exe	89
PID 2772 wrote to memory of 3644	2772	firefox.exe	90
PID 2772 wrote to memory of 3644	2772	firefox.exe	90
PID 2772 wrote to memory of 3644	2772	firefox.exe	90
PID 2772 wrote to memory of 3644	2772	firefox.exe	90
PID 2772 wrote to memory of 3644	2772	firefox.exe	90
PID 2772 wrote to memory of 3644	2772	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
"C:\Users\Admin\AppData\Local\Temp\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3632
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d73fd3e-5727-471f-83dc-dc93d4b0582f} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" gpu
      4⤵
      PID:2208
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2432 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c85b60e-365b-4356-9bbb-5433edd982ed} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" socket
      4⤵
      PID:3644
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3164 -childID 1 -isForBrowser -prefsHandle 3084 -prefMapHandle 3008 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f08ecb0-09a6-453e-bb7b-bce6a79af867} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" tab
      4⤵
      PID:848
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3964 -childID 2 -isForBrowser -prefsHandle 3956 -prefMapHandle 3952 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {784dcec9-2100-4375-ac34-c1a159bbb5e3} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" tab
      4⤵
      PID:2920
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4760 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4752 -prefMapHandle 4712 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9aebac8-70f6-465c-ac9e-f0876d13caae} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" utility
      4⤵
      Checks processor information in registry
      PID:2540
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5080 -childID 3 -isForBrowser -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dcaca3f-8026-4efc-be60-d8463a8c5143} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" tab
      4⤵
      PID:1128
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5248 -childID 4 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ca12c49-2893-4c83-a362-316b24dc6039} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" tab
      4⤵
      PID:3592
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 5 -isForBrowser -prefsHandle 5476 -prefMapHandle 5480 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f3643b7-4675-4cba-bcfd-7d1cea8cd282} 2772 "\\.\pipe\gecko-crash-server-pipe.2772" tab
      4⤵
      PID:4192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
ccc15d174457b2776b1ec1c0973c03f4

SHA1
6e97a7e625f8ca07692065a3b99b584de82d0119

SHA256
bddf4140d6238eb4f1aeed96172eedb9a01f62f95ed18c925c09868ee56c20e1

SHA512
370b67491be3c233fbc773a35d31062c01efb22167095840b539a56993cc4614c0246184ea781a819d949dbd2efd7a88ae356c4940a481186775ef282bb112ae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
ce2837b745e6132c315cc94c863c8e24

SHA1
30f71151f08a550c3441e11c6b30d815856f546f

SHA256
de9ae0af7862451811b05bf56e9cc6938664c67ae53c9c6bcb76fc182a729a9b

SHA512
01f02e615846efaf4a1e0308404ab0ba23c54331e4d01593fd9325be55641271326dd17da8fd58982b8e3df327823bab12655abbc4d90d0f7a6bb223355b4ba3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
6b2cc8ae464d8601196bac41b40384ad

SHA1
256f7d115ba5c169cbeb97fc520a168b4bf2bcb6

SHA256
dc5c981442280189768a4aebe5ac50b5c87a9f5a812a36ffa5fe51ab1506dde6

SHA512
40538d4b6c6e34ca5d8bd92ba85e19273c8b4873f16e78748f3421a4b1dc36ac64b3efcaaa3281abce2c9658d30c36b18cacfc78fa13e417d2f17d008a737f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
10KB

MD5
44f98999a40360c75af229869ebe9558

SHA1
22e68bc25870a6167410ca45aab7925e620b4018

SHA256
b13f028314db3ce054a01df0edc8fbd732570ad8c48f6ec5a440e57e35e073f7

SHA512
9db287b98ea4b05bc429e8f135e7f9f8a81d5a9c33e7b3f90b904cf74cf591a7fd47cd7e237372cfb39c515255a8dadb313375ae072f93a96f34c3f77ef428d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
13KB

MD5
f8480ac7c6ab732f33ea23ae1e517b0a

SHA1
b888b87762e3417da0b7db8865b39807f8bbe1f8

SHA256
35233c84b2d908275833ff143b766613dec455c8011307999df4d0e1c33babcc

SHA512
1be3e7fa59478c6c049997ea1c406532ec5699e976693445ff25b9a62acbf0f01155dee9a96a6061f38c245101fef2eb4cd0b39175f364d8985d8762f2ac6fc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
10e9ff3259ef4a1b28fb8a2c0ecb9228

SHA1
b9326daba63cea42b794cbaf57f430541264892a

SHA256
afb1e8518fc9a557f4acbfd36901c30673ed1c5045c36323ac21b20360292725

SHA512
dacaf4b1999749249b9d4ff17ebc5ba1cfb1fca39e47afb6d1f8793918125403009af9ad949796a8e9e0d2866a3297e4e68997c99c342e2875c2d744250a00d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
b03046bd5b172002452f597e5e214775

SHA1
ac1086f2279950477040619caa66524e45f25e2b

SHA256
b3ba6d5d966128660a1b1814eff4f2259b84aacfe2360984afbff3dfbf078dad

SHA512
e50aea244b3e84ed02993eaf8dd98787d7387cdcbbb60fc66cf7236c61d2418f25d93bf124c71bad1291c8af178f6a4c4a2c4a15f3f9c78ea15aa6444e92dc3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\6407a8d3-bdd1-4136-a5f5-5b7599c3da87

Filesize
671B

MD5
389ef6304907f7da334761a65d8fd4ca

SHA1
40955a112668a1fb1ef427afdfac0f2266049f27

SHA256
85f7e4cecf47d7e5dc1f96aa38702b6a000b46e1cf7bf6d0ba286acf4d906428

SHA512
f5540b0f83c565bff3e2c44315f216b3bf6c92f19e10338bbfa869eaace57151108497482d2ac0c6d90ddc722920d1de7f77366b6615c70b659a131e36550881

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\b48cceaf-e03f-4ac6-b06c-843853ff9dd5

Filesize
982B

MD5
2477311ce52490243b2e6bf76e386221

SHA1
2f29650dbeb9276f6c540bfa2c43e351a33d7b76

SHA256
953e4676f14d873b68a451263af825807702527a0774afb1b0fb5d65c72e0df5

SHA512
bd71db0611d90eea053e3d39c7c2972ad7f0ea183aa738ff739f022c1be4a8637d3b6760f01e58efd42c683f50918b6adc8e5aa78153983d6986d19d83334f06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\d973fe8e-a259-45bd-baf0-3bbb590a57d1

Filesize
27KB

MD5
5a8750696ac4473ef2909b6657878889

SHA1
67739beb451c3a825b35e209ac3737c6cab1ca24

SHA256
1b95a8db14668cdd3716d2579b25f46719bef66d5a738d069b71384ade6ea211

SHA512
d3162e37f711f6c030acba8a218a988a5cfea8edbb8da502d9ad823e7abfb89a4a6555d6e110e0d8c02468bd7562efdf99bc32096e0c917b0e359a0f45e7cb08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js

Filesize
13KB

MD5
a56e0c2640fa1f6b7729561bb31e7f69

SHA1
8dd602343c0a18f3335be3b7e61caf57972b3392

SHA256
2d18875ac45e3b96a6312710bcbb7af7ac9fbf7d6098984a9ce7d29397d07600

SHA512
b56ff25567a7643148a347e70ccfe8e30ea710f19a6d0516b8f495bba6ae6ad6972d576d3a56cee72ac4513f4f2709549f17f8b2eb198117200e429cba481801

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js

Filesize
16KB

MD5
78dd12b6b4d4c867f9e9172ed1ae0bd2

SHA1
11b3b16f1055ba18263f28d48785b1e6e7c82f51

SHA256
62459636db9ea68a968c66367a9856fed47e7fb5fff7e09ed9869df179598c28

SHA512
225ae08f49656e4a0568c2d9a0d72541b25e1689a2430dc6744a1a344fef7c1df28af70790e9f84abe5cbd48d183fc7dc16b3840abe0b9a1556d9e0b3d93b6d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js

Filesize
11KB

MD5
2e4b8c3142b4fcdd7fad3a2e84d07f23

SHA1
44c31be13a9e3486ed7ed115b0707b5a910617d5

SHA256
436f11c9669acc6b32dd5473a389915c838e8507daaf145e98fe6f0175777597

SHA512
a6c9c2e9735104bc16526381de6a1fa51f49c196c34621ee9270bff381c78e5420dacade687bc466e0739844c9592b79a49dba2bab8a8ecc2901877055e04798

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.8MB

MD5
a844252b22c242556f72a4c17a4691b6

SHA1
747f48a6775f614a2eef29eec3e92dd7613abc63

SHA256
1949a01629765c202047953de48f2626cc51d065a49eb509ad8727b5516f69bc

SHA512
989b44ad651e6490c924a29d747e88c87e7eb37c0f4fa451307e19a584d69f0017452d638c600f8ba7354d873a61f4d8fe8d6e61827271b499a5b349e914057f

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads