76557b0f1da2b21272c8a141ead19e15851bc8ab104c59f50e6651ebebfcf379

Analysis

max time kernel
100s
max time network
19s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 14:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/firefox_plus.exe
Size

9.8MB
MD5

ba26cdeb3fd7f690ee82e9845c93fc40
SHA1

e68398de276f5e9af6df407c016a847543597405
SHA256

79d9047bb441a2880849d8e62410d463911dac4bad88393f004f2fa01715250d
SHA512

6041eb3576df60d633d91f4e10798cb4e96cb8a98172af52cdb32ab126f354a79414dfbe744102d948d467ce695eae5aeb84336ba562f66b5e62c1be94a0ec54
SSDEEP

196608:8vYPMj6hAXhmhSwkeUpuz3//Y1NvTdWBV36ZdtR6+fdnE7imhieS:iaMjmYmhSbetIjTOK91nE7RvS

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2164	firefox_plus.exe
2164	firefox_plus.exe
2164	firefox_plus.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	firefox_plus.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2164	firefox_plus.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2164	firefox_plus.exe

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\firefox_plus.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\firefox_plus.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst8788.tmp\ioSpecial.ini

Filesize
617B

MD5
6f0cfae6ff0d4255ce13fee657075c12

SHA1
a3f4f2cbd1b50a2071f63da633b0ddd1ec2f23bf

SHA256
07d145240fd4aae9df864ecbfb768f4cf7ec5c780aef17dc64d6fd16f549e65d

SHA512
9a0baed0c7f33dd38d26eb08fc46c39418bef45838f210b12911ce76d51ef214856646c275899415916d113788981a74b966cc61d62012cdfda9e0da72f888aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst8788.tmp\ioSpecial.ini

Filesize
656B

MD5
89361067f131dddd126a4b171d24c4b1

SHA1
b3909eb9688b1e8ab8757a3ebb7c528f4f148938

SHA256
69b70c35375906c564d551b79523fe0a5d7868af276f89d9848d0be8b2e82819

SHA512
359d67298c241bd010fa98c12bee723c290cc37a67c44a4aa31236d270d84e2d3986011618936ee3f68084595799d3cf8498f82487e62ffe1993fae214e33dff

Download Submit
\Users\Admin\AppData\Local\Temp\Firefox\firefox_inst.dll

Filesize
44KB

MD5
30c96ef06b2d89ce7f32a0ab7e85017c

SHA1
5736361779aee705764d1b0bb8eb8a2f4c45da33

SHA256
e8513c2d35e821298b91e3226089ac66ab75e44c4c5afd436bac6f290e3fe843

SHA512
188aab49635e99831a99933dd55654dde107d7751b5612f9e27e7f2246aeedd6de0d6d8b0968fabdb253d9fb2a1745858e796bf6ac2091a6b0fd4df0142cefe1

Download Submit
\Users\Admin\AppData\Local\Temp\nst8788.tmp\InstallOptions.dll

Filesize
12KB

MD5
08c82a46416a5e2b471d457968f53816

SHA1
3e3897c20b9e89b279b4764a633f67955bf8f09a

SHA256
435baf3b7282c9110697a4916834ef9371dd29fae6b4cb8e19c19eb126562dc9

SHA512
91e2055b91d04b2348a923cb298ac6ba3637de5038dc4f849c4d2f1665d17de9cd6eb6a97d42d0f894d65348c8fd8e79cd61b667ea5a78e8960347e8cc8db81d

Download Submit
\Users\Admin\AppData\Local\Temp\nst8788.tmp\System.dll

Filesize
10KB

MD5
61151aff8c92ca17b3fab51ce1ca7156

SHA1
68a02015863c2877a20c27da45704028dbaa7eff

SHA256
af15ef6479e5ac5752d139d1c477ec02def9077df897dadc8297005b3fc4999d

SHA512
4f5c943b7058910dc635bdcfadfea1d369c3d645239d1a52b030c21f43aac8e76549e52fd28e38ba5341d32aefe3c090dd8377d9e105ad77f71ab8870d8e326e

Download Submit
memory/2164-7-0x00000000003F0000-0x00000000003FC000-memory.dmp

Filesize
48KB

Download