bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
Size

1.2MB
MD5

41fcd50f34127bc0d16bff8f4a78a431
SHA1

c1edd4a84647628fd2454f3aa007792355d8331a
SHA256

bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0
SHA512

fb5dfcf5a743dfa8c4f444c4ffb46995d7dc23427287db4e235092022414dd9f57bc8b649b979bb4e4ea9801c8cbb5ecc3da5100929ed7bd6059bffb72c8f584
SSDEEP

24576:NqDEvCTbMWu7rQYlBQcBiT6rprG8arnAb7B/KCIGhFal8:NTvC/MTQYxsWR7arnAPphI

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	5112	firefox.exe
Token: SeDebugPrivilege	5112	firefox.exe
Token: SeDebugPrivilege	5112	firefox.exe
Token: SeDebugPrivilege	5112	firefox.exe
Token: SeDebugPrivilege	5112	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5112	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 3852	1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe	87
PID 1696 wrote to memory of 3852	1696	bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe	87
PID 3852 wrote to memory of 5112	3852	firefox.exe	89
PID 3852 wrote to memory of 5112	3852	firefox.exe	89
PID 3852 wrote to memory of 5112	3852	firefox.exe	89
PID 3852 wrote to memory of 5112	3852	firefox.exe	89
PID 3852 wrote to memory of 5112	3852	firefox.exe	89
PID 3852 wrote to memory of 5112	3852	firefox.exe	89
PID 3852 wrote to memory of 5112	3852	firefox.exe	89
PID 3852 wrote to memory of 5112	3852	firefox.exe	89
PID 3852 wrote to memory of 5112	3852	firefox.exe	89
PID 3852 wrote to memory of 5112	3852	firefox.exe	89
PID 3852 wrote to memory of 5112	3852	firefox.exe	89
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 2404	5112	firefox.exe	90
PID 5112 wrote to memory of 5064	5112	firefox.exe	91
PID 5112 wrote to memory of 5064	5112	firefox.exe	91
PID 5112 wrote to memory of 5064	5112	firefox.exe	91
PID 5112 wrote to memory of 5064	5112	firefox.exe	91
PID 5112 wrote to memory of 5064	5112	firefox.exe	91
PID 5112 wrote to memory of 5064	5112	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
"C:\Users\Admin\AppData\Local\Temp\bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5112
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86b7a703-01a7-49c9-9fc3-7ef659e62123} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" gpu
      4⤵
      PID:2404
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d77edc73-d0ef-44b5-bc38-a3e687842779} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" socket
      4⤵
      PID:5064
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3064 -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 2948 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a28c8a42-e4ff-454a-8086-50937c6f5e52} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" tab
      4⤵
      PID:1532
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3656 -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bdd519b-e22c-455c-bb01-806dc6a46fad} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" tab
      4⤵
      PID:1388
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4828 -prefMapHandle 4824 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d13b613-386c-468e-8dce-3a6231503601} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" utility
      4⤵
      Checks processor information in registry
      PID:4408
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5288 -prefMapHandle 5284 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d04eee0-fbe2-4b26-bac5-95142520d02f} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" tab
      4⤵
      PID:1940
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5480 -childID 4 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97dd163f-80cb-47f2-954d-a6ed5e12cbef} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" tab
      4⤵
      PID:896
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 5 -isForBrowser -prefsHandle 5676 -prefMapHandle 5672 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fa11ff1-f815-4580-b769-991b53146a03} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" tab
      4⤵
      PID:3448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
3e4f97bb0ab008d2429b4fb2c08e97ed

SHA1
bac57bf40dba5c9fc21c03c9278ac414c6739007

SHA256
798842be2a4f24f72bd7d7ceb9161a5d629b0931aafeb754be8e1d9f3ba40b14

SHA512
87a9453591a7d57e61961d3aeae005f20d3b98e2ea2664bf65b7be7dfd1575b43532519f69538ad6bdf0c3c97bbb2926da7995b1b55543a8bf6716e9b1c0e690

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\cache2\doomed\29098

Filesize
16KB

MD5
ef739caa53d3af9addb2c35756062870

SHA1
8bde941fe936a7d975f3cddcb30058ed362d8485

SHA256
e0abcdbc4f901ec43ff43e2456ec6afa59abab50905aa292ac2058ba3070df2b

SHA512
63f9c23290651d67f333895f6a83ea21b955b649f111d28070c958b16376e6adc3fbe269340ad91785b5831f91200693bee3abab0be8a7f22f3ced7593e30d40

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
b304f03390c15d3f77a29ab4244699ea

SHA1
37c88f7c1064d4d3be1314c688c752699cd187e9

SHA256
6a4120443570f8af5e08681a16c7a6996ca42adf415cfa38c2bf506392a367f2

SHA512
2ff346ff0277b99f663bbb8c6119879683924d621169189defe15a9e0881d495eb28cb7fb768fe8f0b6c8d13cd3f1781100b1463874b68600c082f96046da743

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

Filesize
6KB

MD5
29b80b5c553997f62c14c0626e07e0c1

SHA1
8fb1b5788bf1a805fc06ab9d4a8c5244461f7222

SHA256
25cb09f27624a7efc604398b65412f0dc2680fda1abf0387fb5d306d75c362b6

SHA512
142581ed06756824ff499ec28cb86af830dc49daf1fac4ff608716ee70be3baf9a9a5539bceab89eaa7009737e4f7fc11a8cffddc8754d5fc69e76f819f42cf5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
68def33111e9e673c511796e0e0e1d11

SHA1
40e90e7d6307c9490c91c630def34e4ac234dd01

SHA256
83825375ad54ffa0575afbff2e04c43d91e8ccc02fd1667eaac0e9594cca2157

SHA512
ba0a87598f05e7de9ed8ca0377a6512fb7b38c71fb6399fa6b875de566e664ef77c4dd403c628fed3ed01189ffbddf050f779b4d8490a882b12d31c4737bd875

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
73783e613692dc1e97dff9e0b3e92971

SHA1
4c83264cf831bfa07c7adee2b1a94611e36fad00

SHA256
7647b6f1b8ac77b588ad1fe957787d2d0163fc134ccc5de5d14aa8855aca82b4

SHA512
16a5b3a3fe59e394f67038321f077fdf60f5984d5e8dafd183778c52a5e60942ef8fb31860d67a8f725877d9068deb82291fba06e3a80e449ffc18db9c6e4da9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
9d80d254a96706a589c6c6ac36a7ab53

SHA1
a088c8a67d6881dde14840b67e1cf8d6670e1e85

SHA256
529d06e74c8f02ed337cf304e01effd081db9af8e2c7774657d8ed2d252436b8

SHA512
f596f743ce472719c29db8d4f84086236ad6b268add807f970bda6d856fae2f02351629fa2aa8086d99c200f21cff7812b5db4c7f722ac7f561f01fb79a93060

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
70b89e83474e04e45ed074035a01b314

SHA1
f7c72bf82e6a37ddaaa5f6dc5c7a10327337e1fd

SHA256
af1679334186f6c53cff854a157cd3d94fa18948de31fbb2cb27a8331ae2a808

SHA512
19a7b3ddbfcbd9b700faa931e940358c34fb08ee73a618f000cf170beacf1da7c7f733ef0bf8c156169fd03e546f5a7228632ccb3b8d6aba18b8aee595ca9fe9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
277fcb8f0e76e2d7dd9e7bb8a6367ce7

SHA1
a17835c3731990b7bf74a9d1a327be76c029c4b0

SHA256
1a45dfd8b2d3e076efb75f3d333f562efe6da8a2f429220479a748cb08430f04

SHA512
5c7817a1f65bf6a8a5ed72ae0edb9e4ed9befcf74771be45696b507e7a44656aee4cf5e6b90a3a5e84f8bd72aec8b561d4dcca9c394743bb8e82228ca51b3c26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\3bdd0f92-4686-4ecc-99d4-586b53905df7

Filesize
982B

MD5
8ce737a63acbba7508722737d92b5aab

SHA1
10a0f85c13335d995d528a6228cf60d574d84df6

SHA256
e9705e376f61c4d417c22a66fb3f10ac3c1150941893b73e1fa2da2d0ef82bd7

SHA512
33759145e9893001972c9e29cead2343e945d0227cec8f12cd280ce2813ac20701f29b4e3e8fa71d192b51fa96e8d41906c9e5cb00d2b5362883e9607604ecd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\c3a5918b-6b5b-4273-bc52-90cc78170f5a

Filesize
659B

MD5
5f415ac07b3b91b04bc58c20ebed2509

SHA1
9a576820dffc437aae8aa6ef5a4b0021463f6001

SHA256
ddf2c9d3e32c9feb1b538d55f1de3dadf550ea621e78e6c5211b8df313e04f1c

SHA512
5fbf24625c591a9d8e2dff7d26123a952d6a60a7ad6b69cb963b07865cc95e177337aa3fa5c8df4a3233334067ad719b74cfef321ecd101dc47c84494423407b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
11KB

MD5
5d623634db139a8809f168df2e3be807

SHA1
2ab0d9a1f104496e72207a5c66229d0b6a7b5408

SHA256
219e6940488b9ed2d7e0660c2b395191f54baecc67eb01043212025353a871dc

SHA512
d10847f4d4b331dd661778cb29e27ba714f96b05c42fb66c2fee6f042e626c0c93910eaec06e14e34942d7c1db863eeed91f65c012043d71ff6efc4e4406836f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
11KB

MD5
52b05ce096baa3d14584883476215f5d

SHA1
e7c82d68c9fee9f04262d353ef61d5970a970dec

SHA256
51aa756e5942a81457943ee0bf65572794d139a6fe1018d566a811bc1a06b1cc

SHA512
141f1adfba212956fa44c42152be5c9be622eb1c766913b9f5e790f8cc7beeb2b6eabfc5e4186dd012d13a76c981138e768ca84902d0170aa8fcb039b61fb203

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
14KB

MD5
cf1d824e87cd5a829abc2376369857a8

SHA1
be4ddfba968f0215994f9f0d651fefcd851dd9c0

SHA256
6233a60ac008209d2e9f83e48055e8e5bf1bc6058332c0d5cd4b299d06872ea1

SHA512
f2c0d9d6389905e7214f4dc7044ab186153dcf47a100a33b00f6c7d4a0cf9d5ef1b8c2b0feb7e9f69a5c632b9ce922a1811ad0f8938697d857473ca8ee0d463c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
13KB

MD5
f96c104089e9378a56a178c8e5a15d5c

SHA1
567b72a3232262829f620cd97652429bc72a9e3f

SHA256
bdffe1f72420ca02066b2360997ce7174cb1b096069ea945977ae84d3aff9211

SHA512
85fe20cc6560895d1c57ebb591a0a907ab7de6c96a15800f9325b3e15168b912c4396f44b0694efc3006f4dd0555fddd206c7bdfe1f5e5a29984822f4d9536ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
d42c7b3a78dff6da860d952d5fe6253b

SHA1
665ad610bb7064843e8a867347d589bd57bd712e

SHA256
2cf178b9a84dfbbd6aeb6f0e0a296b5db22fc8f02e68079e082cea6310361a04

SHA512
925ea7330e1d39df62141dabdfac817375dd317df5ecc36363f3b652a1993b5b774ea9c7a7159703c8e0ca0de7d0edf4d1baec0d928ef85485a0d9ef8c5ff491

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
784KB

MD5
23575d8d49f3260206a22db487a3b38e

SHA1
a71ecabc7df44ca4726e66bb6c513ca516043419

SHA256
ea8ad894f0e263d3879d684139c082a6d6252ecf9b8f45e02ed6759785aded71

SHA512
a9f2e12f1a135f8c6c5ed01e817f7e985c77fe5ec529fbdf14c1fd9da01cd70f90bb6acba5dc6339c459a8edf4a49081b27ae9474b7370a925cb3faebc57fcf3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
cac6d40f792ea831d881fa565787d072

SHA1
0877a2dd971832972a03ebcfd3d6245e2011e2f7

SHA256
91f4b1ab0a1519a6e0fb28d6ea880631a2a0ac9fd5e98af3ea9d7b10206054a3

SHA512
8fd0e3241df2609b5f60c3fb9955706187fb59d9e90f15183ae40061acf19287ca026ad06160cef8a74b7ddb8da4badad752d166326b130edf14cabb1e97cb8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.5MB

MD5
291a71e420fcb2925794fe1bb7a2d800

SHA1
0397551df718beb0e64c7c4c46443ad483022d78

SHA256
84c78d231c54ae92a28e4ad2173de5f263d66937c3bbb274b9950d1c29c90b50

SHA512
1bc573a960634de56b40203faa5c764d03baa54472db026d0d750ebbd0dda83a5f5a5217612a79349a1ca0ef638d910e17a6b7949b4496bad5c9fc82f1d48c3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads