3123af93014a5a5c49aa6fd2118f6805041af178c222be27e30b2fd477085c19

Resubmissions

11-12-2024 15:32

241211-sy44nssrdm 10

09-08-2024 21:57

06-08-2024 13:01

06-08-2024 12:52

06-08-2024 12:29

06-08-2024 12:26

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2024 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1/4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
Size

1.2MB
MD5

dd831eb4a822421a497990d84a0fd578
SHA1

aa7ee9cd7fcdb6e0f15c57f6f99c83c320480f3b
SHA256

4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95
SHA512

5a894b58d5d6b3a6abedb687caa16c06344d87b6d8e5bfb39d5b9806a7b51f3003e3ae83871683d086a760ea987a42bff511d4cb4d723a9e52744ea8aaf9b73e
SSDEEP

24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8aLY2Sbly7TWEPje:4TvC/MTQYxsWR7aLY2dW

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2248	firefox.exe
Token: SeDebugPrivilege	2248	firefox.exe
Token: SeDebugPrivilege	2248	firefox.exe
Token: SeDebugPrivilege	2248	firefox.exe
Token: SeDebugPrivilege	2248	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
2248	firefox.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2248	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 4144	4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe	89
PID 4252 wrote to memory of 4144	4252	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe	89
PID 4144 wrote to memory of 2248	4144	firefox.exe	91
PID 4144 wrote to memory of 2248	4144	firefox.exe	91
PID 4144 wrote to memory of 2248	4144	firefox.exe	91
PID 4144 wrote to memory of 2248	4144	firefox.exe	91
PID 4144 wrote to memory of 2248	4144	firefox.exe	91
PID 4144 wrote to memory of 2248	4144	firefox.exe	91
PID 4144 wrote to memory of 2248	4144	firefox.exe	91
PID 4144 wrote to memory of 2248	4144	firefox.exe	91
PID 4144 wrote to memory of 2248	4144	firefox.exe	91
PID 4144 wrote to memory of 2248	4144	firefox.exe	91
PID 4144 wrote to memory of 2248	4144	firefox.exe	91
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 2964	2248	firefox.exe	93
PID 2248 wrote to memory of 920	2248	firefox.exe	95
PID 2248 wrote to memory of 920	2248	firefox.exe	95
PID 2248 wrote to memory of 920	2248	firefox.exe	95
PID 2248 wrote to memory of 920	2248	firefox.exe	95
PID 2248 wrote to memory of 920	2248	firefox.exe	95
PID 2248 wrote to memory of 920	2248	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
"C:\Users\Admin\AppData\Local\Temp\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2248
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1286de5-da6a-4a6f-b384-50f7043eca36} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" gpu
      4⤵
      PID:2964
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24522 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba383dd3-8a65-473d-8cb7-324f34670c9c} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" socket
      4⤵
      PID:920
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3052 -childID 1 -isForBrowser -prefsHandle 3064 -prefMapHandle 3060 -prefsLen 22590 -prefMapSize 244628 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15bcee82-ad6c-4bdb-917c-10567241ec65} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" tab
      4⤵
      PID:4060
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4016 -childID 2 -isForBrowser -prefsHandle 4008 -prefMapHandle 4004 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9acfc119-b977-48dc-bb50-c3f17ad3ccfb} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" tab
      4⤵
      PID:3860
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4628 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4860 -prefMapHandle 4856 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7f60da0-8228-49a1-aa14-f0cf86f59de3} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" utility
      4⤵
      Checks processor information in registry
      PID:1396
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -childID 3 -isForBrowser -prefsHandle 5436 -prefMapHandle 4972 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f785e032-1d6b-4e90-8e6c-4766250eab03} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" tab
      4⤵
      PID:3116
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 4 -isForBrowser -prefsHandle 5660 -prefMapHandle 5656 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45720d82-8cb0-4e55-8313-ec89386fff6f} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" tab
      4⤵
      PID:440
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 5 -isForBrowser -prefsHandle 5844 -prefMapHandle 5840 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ab2d3dd-85ff-4fcf-8d44-ec680478d107} 2248 "\\.\pipe\gecko-crash-server-pipe.2248" tab
      4⤵
      PID:5276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
12KB

MD5
2c8e874b6c1722e7db609bb4f2e57a7f

SHA1
81742f3b6547d4dfe97985c1e638d333c4259124

SHA256
c18d6154a99d67681fca68dd8c62b92e0bd7397e17e7d37c2061823e5ef5a350

SHA512
cb430ebe9fe3a80252e976cc05b7cd2fddf1ee613d0b6a84d1a19c4898411acd5f78197d522630b3febee5d5ec1707381579c5aeeeda50612032ec1732ff67a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
189bcdd777b945d5be428cebf33f43e6

SHA1
485a3ff7a3db09138f5085c1843adcc5c595535e

SHA256
bab3b176435a13c3ae424b794a28131b3849f86cff63100818a5170dee96a869

SHA512
0c407e21fc0b1a40f63d3074ac14ed0d42f7487653828590b62a7ee2d958b5807b213794efa83d116c7ba3d367cc9c8e103ea763bda2279935265642685dfa2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
11ba5ab15e0311c7b41dfba7fce8d64d

SHA1
59020a9db7d386c47edbc539cea342e48fa05ba3

SHA256
98bafa081832127f84151a16b00166018ff5915cd8a87e729d8d1848997b8e6b

SHA512
cbd16b47f421b200a178f8a042ee3eec24bfd3fc5c8b03f6aece650c78f415db19d803b6df3a411fd073046efc80254402cea28e0f8b30fdcb664aefa40b7d8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
13fe2065519698508611b257a1b46e95

SHA1
d33f2e4122a63c0b4599c171dc8b5a7112ffda31

SHA256
570410f199beaf5733bfa2ec34edb3aff7683018f8c312826bcb093b1b8993ab

SHA512
66174791364769be2c2cae0059f05f3260fe5d81689ed595bc7b60cf2205c0a0bcdd9ac01122432125bdf42bbb9aea06f85d884846e4d50a8c6995c03ed46312

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a024d2df6fb6281cca6505e53268c2fa

SHA1
744bd45250b36dc5a6ebfc267fa77417724c0f21

SHA256
ab5c5690f50439998eef0da7eafb871fa7777b987a2929ffae0ea1474b013daf

SHA512
e0f69fce77b102f3fcd6d2865ef300581aa0bd52993317ecef63f8e813c9b25ca9ceb6cb4c7edda6c41c25e962d947314501663b5a11cf849b7dbdf54584c99c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\0c8aef7e-0e73-46ac-9063-0c1dd39a342a

Filesize
671B

MD5
72da1d9bca649eee0e0df572e1aade32

SHA1
030d6fb9a7e0f43a4055bcf31f18e43b6c725121

SHA256
67411274345820c009c7ab05e5710010cca2a099879de2c4032232830d00bd24

SHA512
b2154de4ac0cb4f42592df96ad950c99c967af3dd6dbba573f51467b3cfe34d72226ba6e246ff182d5dfc056d86ff94200569cf617226491f9cee846826d2ae4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\4e75e140-092f-4ebc-9eb2-39e5150c26cf

Filesize
905B

MD5
eb882dc32836eda78b40ca58d97bff67

SHA1
46027485847a13f5a6486ebec568ab1da99ff76b

SHA256
91819047ceaade79cd24f32d95672a82888f6b5a61f1ecf522d72423d92b8bd0

SHA512
2b38a9fb468b1fd3f48a572c4dc8257c9e75a208ad2a8eaa01f7fbc12045f66747152a545c4dc358e660cc3c2c444978696bbd0bb66e901c9e6c61fe3d739279

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\fc4e0ced-2cb2-4fc9-9fb7-6d90ac88729c

Filesize
27KB

MD5
c823a7f4ddd2f1d4ca282f30b50b90bf

SHA1
8b0e2e339d4345d48d82bbadb56bbc25786cff1c

SHA256
14eec735e1ad38a5fa4aed281a9703d4539846b9427e1a49d5af318300b3f6e3

SHA512
2434c5bca8eda40461853686b2b68ee05762192892ba43da303d10e1d62b6577885934688a477b06736a689a628d6b850b644597b51714dad21cc371452b1c9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
10KB

MD5
6272107ff9a78d1d5de12535b35984b3

SHA1
03a44e8558b98cf40ab0c2f10b4c711d719384d8

SHA256
cd2201785b9deeb830fda8d86cb5a02ee4affa3e9ab41256277d4b5d1395e429

SHA512
f1feb3d79d4465088cfe09c439d007ea749b0c4e162840a83fe7210219eb7d6c5ce40cb16de4ad00f963142dab285fc3e618c8654c7f86ffd6e5b325bb4b218d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
11KB

MD5
949d1a313eda71ce77d45f8ce9696a07

SHA1
cd3cabb1e7f9819b8852dcc8020ad377c14d03b5

SHA256
bc0e5b0e32a982d1d86fdc5150b272e013618393401ed190d1e9d1378f728629

SHA512
664db9a2616ce8001f92e7ff84c19c84828a6379a3d3ebf69ee0d681fad09e65859401073721e930b334d010499f23a11c9e7c1b6a2515774a166ef41bdbee61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
12KB

MD5
3f0a831b4bcd3929ccc044ca8fa673b9

SHA1
0277c82f049514673853c1816cbc1a42f101b3c2

SHA256
67d94035e5fc5e8194a301fe4b9278d5fb557d0c0aac2e4982b24744fcee9320

SHA512
26a5a3ff443786f8d2d04f042549278e67b3c41a1707dcd22fc34e7f90b13bc6dace81df93eadaa91f777ab0b66844a664c93ed2d6a0905b206d2e12a02457b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs.js

Filesize
11KB

MD5
149fe048959fdcc98c1ea7256d45e93d

SHA1
08fb1c8fe44d89edc6f96c4bfd2a900a2f5896a4

SHA256
7dfda64c0a359a24ebed21cb92fab459bd144789fffd6b617b3fffebe3d120ae

SHA512
b44788cb74f90cb411e6b3ccf8bda1223e648752b2712f570566115ff69c4e2c422a6683794d2c0423d9a9a5448f4c9d64f0085e82edf71223e1fdfbf9d238f8

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads