3123af93014a5a5c49aa6fd2118f6805041af178c222be27e30b2fd477085c19

Resubmissions

11-12-2024 15:32

241211-sy44nssrdm 10

09-08-2024 21:57

06-08-2024 13:01

06-08-2024 12:52

06-08-2024 12:29

06-08-2024 12:26

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1/4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
Size

1.2MB
MD5

dd831eb4a822421a497990d84a0fd578
SHA1

aa7ee9cd7fcdb6e0f15c57f6f99c83c320480f3b
SHA256

4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95
SHA512

5a894b58d5d6b3a6abedb687caa16c06344d87b6d8e5bfb39d5b9806a7b51f3003e3ae83871683d086a760ea987a42bff511d4cb4d723a9e52744ea8aaf9b73e
SSDEEP

24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8aLY2Sbly7TWEPje:4TvC/MTQYxsWR7aLY2dW

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4128	firefox.exe
Token: SeDebugPrivilege	4128	firefox.exe
Token: SeDebugPrivilege	4128	firefox.exe
Token: SeDebugPrivilege	4128	firefox.exe
Token: SeDebugPrivilege	4128	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4128	firefox.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4128	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4156 wrote to memory of 1596	4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe	84
PID 4156 wrote to memory of 1596	4156	4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe	84
PID 1596 wrote to memory of 4128	1596	firefox.exe	87
PID 1596 wrote to memory of 4128	1596	firefox.exe	87
PID 1596 wrote to memory of 4128	1596	firefox.exe	87
PID 1596 wrote to memory of 4128	1596	firefox.exe	87
PID 1596 wrote to memory of 4128	1596	firefox.exe	87
PID 1596 wrote to memory of 4128	1596	firefox.exe	87
PID 1596 wrote to memory of 4128	1596	firefox.exe	87
PID 1596 wrote to memory of 4128	1596	firefox.exe	87
PID 1596 wrote to memory of 4128	1596	firefox.exe	87
PID 1596 wrote to memory of 4128	1596	firefox.exe	87
PID 1596 wrote to memory of 4128	1596	firefox.exe	87
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 4660	4128	firefox.exe	88
PID 4128 wrote to memory of 1176	4128	firefox.exe	89
PID 4128 wrote to memory of 1176	4128	firefox.exe	89
PID 4128 wrote to memory of 1176	4128	firefox.exe	89
PID 4128 wrote to memory of 1176	4128	firefox.exe	89
PID 4128 wrote to memory of 1176	4128	firefox.exe	89
PID 4128 wrote to memory of 1176	4128	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
"C:\Users\Admin\AppData\Local\Temp\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4156
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4128
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd660aac-a2d9-4415-8c71-25d1ae8d34a2} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" gpu
      4⤵
      PID:4660
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4616d54-0c02-47b2-ba56-ab932f6cec58} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" socket
      4⤵
      PID:1176
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3000 -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2988 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94c23db1-4d38-4183-ad9f-eb8ea1c2466d} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" tab
      4⤵
      PID:2412
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4144 -childID 2 -isForBrowser -prefsHandle 4136 -prefMapHandle 4132 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0792ccf-20ad-46e5-969b-722c3f4fb91a} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" tab
      4⤵
      PID:4176
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4840 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5056 -prefMapHandle 4880 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf6af9e4-17b8-4cd8-a8f3-a716737a439c} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" utility
      4⤵
      Checks processor information in registry
      PID:4536
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 3 -isForBrowser -prefsHandle 5252 -prefMapHandle 5260 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb4c19e4-1b47-4e78-aaea-a9d373dd22a9} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" tab
      4⤵
      PID:5100
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f952fcc-08bd-45ef-a133-ff2b96bf619c} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" tab
      4⤵
      PID:2588
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 5 -isForBrowser -prefsHandle 5696 -prefMapHandle 5692 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7634dbc4-49e5-463a-ac72-7d15814a31fa} 4128 "\\.\pipe\gecko-crash-server-pipe.4128" tab
      4⤵
      PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\activity-stream.discovery_stream.json.tmp

Filesize
19KB

MD5
b7b1d7774eec682e05bd7ea203fc1622

SHA1
adfe5b3e73164ae69f66e98d45cf4f08c3457ac4

SHA256
982a53b30d4d4dd2e2e250f9faa769851833d22dff7251dd2591b12a3904d6b3

SHA512
bed999f8550496339f6bf264f108585a5fc52b2976ba9c02b33ecffbdcb824c7bf159fc69a1ff4684f47c324de31c243372ac8a1e22870a24d709b508280e755

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984

Filesize
13KB

MD5
67abfc16194e51eb1be4b74205c5b7e6

SHA1
505f996e4616f46d89ff849a38bfc0ffa5b6996f

SHA256
e35a6a3fbe0c2a053b728db99d7d76644b5cbdb31730e457131f7bb1ef3ffd71

SHA512
66849de69d54b38c610e5f2c0fcf9468f596821fbd8875d5c1c87000c45fb85486573b504fabc5c364971c6100d58fddff1f171ec751dabf41fe27faa5716726

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
6KB

MD5
8b319f6b3bb302e8dc88ded704a4632c

SHA1
dd88bf6d59982edcb72a5af684d272eeef7595c3

SHA256
c26b68086f39a0af98a3cedfccded4d109d80f6c6269c6b2e944e230c9a78dc0

SHA512
d6caaa3f948eafab7a778ec589db8fdf2ee0d7f259995a80a7e58cbf5f8ef623eefb0ad2e51184b2c2b0233e9cbf92e530c09f7a8de79f060070d66eb68c8868

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
8KB

MD5
0e738aa5938bf4a238b149f8db7725f0

SHA1
04dc84518a91d1bd928f3197e2e783f632151478

SHA256
9b1cb46705c3c5f38d2848b794a71a5f647d79cb8769d561dc4b4c8d45d1af3e

SHA512
38d21ebfc407436bc5d76ccbc546b85046282e2c43b2b9a142a7db79dae1f43f808fe6478d1c43f30f7701fe3fe0843ebeaf10af5afdc80d89a4af389be82f7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
10KB

MD5
e9a3551bb143ebb73b7ea1fefe5036e3

SHA1
f05c2bc5c1ef4a579c6320a2a54abf7d40d8aeb6

SHA256
f0cb2ad72eda78065cb8756021c1df1ae3aed3380b5b754b723331111fe9da66

SHA512
6be788d76b104d4c4fe6a859fca35881231a59239d8189baa739f73a7db2f9866007ecd9b5b0398edb25e3f4a549690d1be107be598357f855b1ddf4a1f37764

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
26d1bdbb3e14af4f1dd479e46be855a7

SHA1
57436a232c9688273c6d73321ec5d85de58c14d8

SHA256
c26914bcef658dade59e8720a81607968b8d337bc5e24d93daa6d704089b15ed

SHA512
25772eda871bdff48ee8a028181d8fad1c8f90dd854bda3cc6fa885843ab453d4e9c6ef39ea41b4fc5c0e5a21b538ec08dc6b10a56a5ca93dbda5e2e55c04e06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
ee5184c20e3702aa733d9bd80250d97c

SHA1
083123a0b0de6630babfdfb3285285d8f7bc14c9

SHA256
1846311080b98ba2c148f5bf3bfcb5ca8c964eafb82f6c51a45c8d231f32be3a

SHA512
39f971c323fb3e677a23ad339342e47635aefee0dbeb2b07d1c15ecd9139dad76a1e48c43f8059aadb95236103a908b0a4ccf6a743b0885bf2952be395c7f4ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a114ac292a093b8fb8aee59b0780e475

SHA1
7494610e9bd471c066ea1ac35e4a3e44ca1e75e8

SHA256
9e2c3fbaaccc550eb3b02f787e297ae2f4f2db4f649913427d1640dba8a8813a

SHA512
f22e58d218725bd12ee00ec2462f9153d2c693a442346a730c021af7137f84b1151553be792b35b419fb759fd9fd481c1702db0d41441b28be284d1f18bc3f80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\1ef7455c-5c3e-4bf4-a898-57e7fe27f03f

Filesize
671B

MD5
9292ee6fbe341f137e63b1ac0433f569

SHA1
1e016d0b58612d2b739751d294c43ae5fb3cc4c0

SHA256
3ba3ae92b0c5ae1d9d2cfbeed789acac61b63e07345b49e87700e127d5561188

SHA512
a17af9402a297b27fa7780449fe02cf43ac67b3f66d2b204452c574a5194c9ed1f474b3b3b660dda27f2895dbb103455047e06a306540c548d2ee1988428b902

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\6b5a857c-1982-4ade-9099-7833f20be921

Filesize
26KB

MD5
b990560dad6096d2480709c7f6841388

SHA1
1782ad4d9e87e87c0c2d3231271ef1827a1ca6c8

SHA256
5cd3a543221344125bc09c18d4a57a4866c6dc1cbd9b409148940d56342f06f2

SHA512
da7908e570534c6f354430c19f4147cc69391fd9afe8c89cf5ac096be451c398e9762ac39d0b87c9c37b54ad1aff4b461d6e8d78d80231cf107ea8c95ad3ea57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\a4114994-923b-46dc-9379-61ba7d4fa0cd

Filesize
982B

MD5
4e66ed261c35e8e87183aab5c5205e2f

SHA1
3d930dfad95180cfa1928571084ba508cda1b235

SHA256
46487bada9a97352f754844bec4eecf9d8d941c387e4558706975facb2f555a2

SHA512
4329594f21e8435b27ed03ce5b6d6296aa50eded37fed883c09a42f15fc574e5a224055bbb21e34889043d3fb24d44b5973a5fd97a9d31ee0dde0c8217df6b19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
12KB

MD5
76c07d81a2b8ee0ef02dc27a2060f56a

SHA1
c804a270e9adc81aa4c398f398c9c7c242d1053d

SHA256
9864925909df7730c32ba24ae956f25863d701d3d6e97c2927757e0132e1a1fc

SHA512
f987f64018d4a7b294aa57e3f2d01753dbb1d9aec47a177b10f38910a464e158463f0333bbff165e5f25ab390d45a4260c79c4387da7ef5f37eb7b1b3be8a048

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
10KB

MD5
ed6283e1d0e74d053bd68bc3a0b6fad2

SHA1
a1cdc7286d792d4c854e713067e207b6b845dbd7

SHA256
69e82b17cd8c9200af3f061b058203daec8bcf000ff6e3c5757ae9ee824058d0

SHA512
30ad21970888048192a85472a94d820837e91b60e47ecff07beadd6f72872f09542cab0e2b20dc88f409001cb279481de1f08c8fccd411f4536d48c7168074aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
15KB

MD5
38b9f49feed98cb3320d5a7e4d31bc79

SHA1
28c78c73bfa29937bdca581d52b4f0d95395745c

SHA256
903d4f9a1871026add8f9d39f0aea3e1d16e5357ada238dfd223aff663b3eae4

SHA512
07e6ab9b557698b36f4de81b5a427f75d6e21ae25e9d7e9064c7152bb80504bd17cbf65844f2ebf4e064f3b1ace83848bc9a986b4ea337beac5d78309fdcb000

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs.js

Filesize
10KB

MD5
75a1779c1cb258208b461376b8a91c6c

SHA1
fb4b3e910d03a239a5e9c1405baa4935f1bb5468

SHA256
c07f4599845568bbfd0a256c93058bde5a08be712eb8ad866f4e29d9431e30ab

SHA512
d581534590d79543b00407e8d283f11e0ec8378678ac5caea5f0a3e84580fa6554ef22fe39ef02fe9a63472c9f40aabe1d1b0d14a5a311f80c4ffac622c7e605

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.7MB

MD5
876f2939e870902191b3db32bb715793

SHA1
58d0e5b101bd893a267563dccf0e3eac823b6207

SHA256
34f5e7ed7b2e6ccbb425eea80180011a62d886163c62fc6c2696c2fa9846a84a

SHA512
de96fde507970585c3b8678a12028f78d12db6f6f03d17a794c16eb0b789d4e837f79e535493685ba23e9cb30fbad521ea59b2bce5cd75c6779e5117f9616cdb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.0MB

MD5
355e8ad15e137db7923043baf8566860

SHA1
c8f91af98f40265977a99db3185e995b1eb46829

SHA256
d3cbc0aa4dfed2578200f02153ebfc44504f1c08a882f66eddcdfff405bc14bf

SHA512
f3264162ea680a8a675e769a106ac9a7ee03d843547557eb5e29b6dfd3ccaa23ed8a6986cde8f4501155582a778e4408e5276a714c23cfa42b014ef675b19d40

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads