656eb4d10487e855a11b88e487b887e88f8d3540f14c6a08869e83f8c2d5e13f

Analysis

max time kernel
150s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2025 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mozilla Firefox/maintenanceservice_installer.exe
Size

184KB
MD5

375fa830b43d7eaf2ac453417028b07a
SHA1

c9c3e3748de7157ff2be480511ddb76fa3b9cf60
SHA256

a98f5c087a8c7fffc7e7de8c579d68008f343493e25338767b1f7e4296e62d85
SHA512

0f0b7bcab6695ef5ab3ae105020e0fd7392f6865b1bd64f9296550448db144c4f276b9fbd61ee4f417e7e377cb7b2272d3613310acef311dbca2c6266378a882
SSDEEP

3072:sNRCywDw1DiJkuKUNRD5bdb4g2Lem7y6tuU/RDObU7y4jem7y6tJS:sT4DteUjD514Z9oU5DOY7y4j9O

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe	maintenanceservice_installer.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe	maintenanceservice_installer.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini	maintenanceservice_installer.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log	maintenanceservice_tmp.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	maintenanceservice_tmp.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	maintenanceservice_installer.exe

Executes dropped EXE 1 IoCs

pid	Process
4368	maintenanceservice_tmp.exe

Loads dropped DLL 1 IoCs

pid	Process
4804	maintenanceservice_installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	maintenanceservice_installer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4368	maintenanceservice_tmp.exe
4368	maintenanceservice_tmp.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 4368	4804	maintenanceservice_installer.exe	82
PID 4804 wrote to memory of 4368	4804	maintenanceservice_installer.exe	82

C:\Users\Admin\AppData\Local\Temp\Mozilla Firefox\maintenanceservice_installer.exe
"C:\Users\Admin\AppData\Local\Temp\Mozilla Firefox\maintenanceservice_installer.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
  "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe" install
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log

Filesize
827B

MD5
8b7a95a5ad94f4ea86068c425fa67130

SHA1
ec86aff20af51451680775a1a9eab3ab83bce82b

SHA256
84ddbc5556fd4ff527bc678b50d05e006eaee02c7019fff4e38177db742998c7

SHA512
da7371c3f5ea15c9ad6396877cdcbc90cf642ac59c277302fd97be86efcaaa8879420f86c76d51c1a3166f622d374da629ab082e509d13ad061223caee51707a

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe

Filesize
272KB

MD5
933b72d5ab4d0a2e3e3cf71efecb4546

SHA1
60d20d0b9e7d466bfe72d2c3a57c7029e40ed1f0

SHA256
3a37547504b85862bcb6460dd346eb34473d92e3a159889ba4d9f77f75d22005

SHA512
3db6fac8d5b9d197b0c36542769d8f8903ea76b580e81ec760ae9723dcbc5f1a14bbe908193b148a6154b5cf3737d5fc61b671a66cbef63b9dd789e3bc31da3c

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini

Filesize
1KB

MD5
7a6cbd521497f6dd382f7b8c6aaa1eb5

SHA1
a0bccd339f6d045f0aeb4de504398c97c3dc2be0

SHA256
531b55d2224efa181b75ed4ceb84e4f854f26c2382dc411945515d57d8df2243

SHA512
af32b8b1e93c2fc1bb6c7ce0f371c8cedcdcb753393e8cbdf282424935db5f8f04b3468d450edc81ef28d8b4430d8941dacb2d8826d28be9065dc787c53eb553

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiB4E9.tmp\System.dll

Filesize
22KB

MD5
b361682fa5e6a1906e754cfa08aa8d90

SHA1
c6701aee0c866565de1b7c1f81fd88da56b395d3

SHA256
b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

SHA512
2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

Download Submit