Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 08:30 UTC

General

  • Target

    $9:/Documents and Settings/$1/Application Data/Mozilla/Firefox/Profiles/$3/user.js

  • Size

    181B

  • MD5

    cac30c3ad61e8d07a4bbb09421df68ce

  • SHA1

    0ea485078e36bbc1a7c2cf620e7282b74b63c298

  • SHA256

    88f66f6a9af9d507213c6bc28850b22822aea838a5737857db8b4180502ac52f

  • SHA512

    d3bdf9400b6eb0020e7a0301eb83f8e1db002f72554c97c516693e7746e3f17aa991f3cbd9d342cb95d567fb155633f6ee1044b811d01d644b43e660ad69c907

Score
3/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe "C:\Users\Admin\AppData\Local\Temp\$9_\Documents and Settings\$1\Application Data\Mozilla\Firefox\Profiles\$3\user.js"
    1⤵
      PID:4876

    Network

    • flag-us
      DNS
      4.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      4.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      212.20.149.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      212.20.149.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      206.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      101.11.19.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      101.11.19.2.in-addr.arpa
      IN PTR
      Response
      101.11.19.2.in-addr.arpa
      IN PTR
      a2-19-11-101deploystaticakamaitechnologiescom
    • flag-us
      DNS
      134.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      134.190.18.2.in-addr.arpa
      IN PTR
      Response
      134.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-134deploystaticakamaitechnologiescom
    • flag-us
      DNS
      23.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.236.111.52.in-addr.arpa
      IN PTR
      Response
    No results found
    • 8.8.8.8:53
      4.159.190.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      4.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      212.20.149.52.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      212.20.149.52.in-addr.arpa

    • 8.8.8.8:53
      206.23.85.13.in-addr.arpa
      dns
      71 B
      145 B
      1
      1

      DNS Request

      206.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      101.11.19.2.in-addr.arpa
      dns
      70 B
      133 B
      1
      1

      DNS Request

      101.11.19.2.in-addr.arpa

    • 8.8.8.8:53
      134.190.18.2.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      134.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      23.236.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      23.236.111.52.in-addr.arpa

    • 8.8.8.8:53

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.