Overview

overview

7

Static

static

3

b3cc763a76...18.exe

windows7-x64

7

b3cc763a76...18.exe

windows10-2004-x64

7

$PLUGINSDI...us.exe

windows7-x64

7

$PLUGINSDI...us.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/Fire...st.dll

windows7-x64

3

$TEMP/Fire...st.dll

windows10-2004-x64

3

content/cck/cck.js

windows7-x64

3

content/cck/cck.js

windows10-2004-x64

3

App/Defaul...ice.js

windows7-x64

3

App/Defaul...ice.js

windows10-2004-x64

3

App/Defaul...cck.js

windows7-x64

3

App/Defaul...cck.js

windows10-2004-x64

3

App/Defaul...all.js

windows7-x64

3

App/Defaul...all.js

windows10-2004-x64

3

content/fl...DAP.js

windows7-x64

3

content/fl...DAP.js

windows10-2004-x64

3

content/fl...Got.js

windows7-x64

3

content/fl...Got.js

windows10-2004-x64

3

content/fl...ot.exe

windows7-x64

3

content/fl...ot.exe

windows10-2004-x64

3

content/fl...lay.js

windows7-x64

3

content/fl...lay.js

windows10-2004-x64

3

content/fl...mon.js

windows7-x64

3

content/fl...mon.js

windows10-2004-x64

3

content/fl...lay.js

windows7-x64

3

content/fl...lay.js

windows10-2004-x64

3

content/fl...der.js

windows7-x64

3

content/fl...der.js

windows10-2004-x64

3

Analysis

  • max time kernel
    138s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/firefox_plus.exe

  • Size

    9.8MB

  • MD5

    ba26cdeb3fd7f690ee82e9845c93fc40

  • SHA1

    e68398de276f5e9af6df407c016a847543597405

  • SHA256

    79d9047bb441a2880849d8e62410d463911dac4bad88393f004f2fa01715250d

  • SHA512

    6041eb3576df60d633d91f4e10798cb4e96cb8a98172af52cdb32ab126f354a79414dfbe744102d948d467ce695eae5aeb84336ba562f66b5e62c1be94a0ec54

  • SSDEEP

    196608:8vYPMj6hAXhmhSwkeUpuz3//Y1NvTdWBV36ZdtR6+fdnE7imhieS:iaMjmYmhSbetIjTOK91nE7RvS

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\firefox_plus.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\firefox_plus.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Firefox\firefox_inst.dll
    Filesize

    44KB

    MD5

    30c96ef06b2d89ce7f32a0ab7e85017c

    SHA1

    5736361779aee705764d1b0bb8eb8a2f4c45da33

    SHA256

    e8513c2d35e821298b91e3226089ac66ab75e44c4c5afd436bac6f290e3fe843

    SHA512

    188aab49635e99831a99933dd55654dde107d7751b5612f9e27e7f2246aeedd6de0d6d8b0968fabdb253d9fb2a1745858e796bf6ac2091a6b0fd4df0142cefe1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse83D7.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    08c82a46416a5e2b471d457968f53816

    SHA1

    3e3897c20b9e89b279b4764a633f67955bf8f09a

    SHA256

    435baf3b7282c9110697a4916834ef9371dd29fae6b4cb8e19c19eb126562dc9

    SHA512

    91e2055b91d04b2348a923cb298ac6ba3637de5038dc4f849c4d2f1665d17de9cd6eb6a97d42d0f894d65348c8fd8e79cd61b667ea5a78e8960347e8cc8db81d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse83D7.tmp\System.dll
    Filesize

    10KB

    MD5

    61151aff8c92ca17b3fab51ce1ca7156

    SHA1

    68a02015863c2877a20c27da45704028dbaa7eff

    SHA256

    af15ef6479e5ac5752d139d1c477ec02def9077df897dadc8297005b3fc4999d

    SHA512

    4f5c943b7058910dc635bdcfadfea1d369c3d645239d1a52b030c21f43aac8e76549e52fd28e38ba5341d32aefe3c090dd8377d9e105ad77f71ab8870d8e326e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse83D7.tmp\ioSpecial.ini
    Filesize

    617B

    MD5

    07dd1b10cfa5a901decf4f8cc8f67e1c

    SHA1

    4c1cee6777b4f983ad5b86fefc7ecf3d216fab3e

    SHA256

    d3c8437306b607927fe0c3d963ea386d0366e0f01f9ba2f68f8aaa6bde325c44

    SHA512

    9c0e7b2c6fbe6f530504fa879f878d93e0f3a01986f3d802b649abbb22c0260c7c366709eedb10d518497b1533d10dd5d4100a1a5a7d8a6a179e9aab1d428f26

    Download Submit

  • memory/2456-9-0x0000000002850000-0x000000000285C000-memory.dmp

    Filesize

    48KB

    Download