Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Aug. 1, 2024, 8:36 a.m. | Aug. 1, 2024, 8:39 a.m. |
-
-
-
-
crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\a089af0b-392c-4b62-98e4-1f41b5245e4e.dmp"
2648-
minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\a089af0b-392c-4b62-98e4-1f41b5245e4e.dmp"
2700 -
-
-
crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\702dd14f-8ee1-4a30-8dd1-ff701564c144.dmp"
1688-
minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\702dd14f-8ee1-4a30-8dd1-ff701564c144.dmp"
2612 -
-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
2744
-
-
-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
2980
-
-
-
-
-
-
-
crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\62ae7fa5-b47f-4b15-a880-b5cea6506670.dmp"
2184-
minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\62ae7fa5-b47f-4b15-a880-b5cea6506670.dmp"
2400 -
-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
916
-
-
-
crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\090e42bc-2338-4979-885d-6daf4d077773.dmp"
1232-
minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\090e42bc-2338-4979-885d-6daf4d077773.dmp"
2248
-
-
-
-
-
-
-
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
crash-reports.mozilla.com | 34.49.45.138 |
Suricata Alerts
Suricata TLS
No Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
file | C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll |
registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe |
section |
description | random.exe tried to sleep 312 seconds, actually delayed analysis time by 312 seconds |
section | {u'size_of_data': u'0x00050000', u'virtual_address': u'0x00001000', u'entropy': 7.999323946129605, u'name': u'', u'virtual_size': u'0x0009b000'} | entropy | 7.99932394613 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x0000f200', u'virtual_address': u'0x0009c000', u'entropy': 7.991564250865843, u'name': u'', u'virtual_size': u'0x00030000'} | entropy | 7.99156425087 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x0004f600', u'virtual_address': u'0x000d4000', u'entropy': 7.999276533464792, u'name': u'', u'virtual_size': u'0x00051000'} | entropy | 7.99927653346 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00006200', u'virtual_address': u'0x00125000', u'entropy': 7.964002571503239, u'name': u'', u'virtual_size': u'0x00008000'} | entropy | 7.9640025715 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00032800', u'virtual_address': u'0x00136000', u'entropy': 7.999018468268303, u'name': u'', u'virtual_size': u'0x0078f000'} | entropy | 7.99901846827 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00229e00', u'virtual_address': u'0x008c5000', u'entropy': 7.978915660034493, u'name': u'.data', u'virtual_size': u'0x0022a000'} | entropy | 7.97891566003 | description | A section with a high entropy has been found | |||||||||
entropy | 0.988509365654 | description | Overall entropy of this PE file is high |
url | https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%SYSTEM_CAPABILITIES%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml |
url | https://crash-reports.mozilla.com/submit?id= |
url | https://hg.mozilla.org/releases/mozilla-release/rev/92187d03adde4b31daef292087a266f10121379c |
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob |
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\62ae7fa5-b47f-4b15-a880-b5cea6506670.dmp" | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\090e42bc-2338-4979-885d-6daf4d077773.dmp" | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\702dd14f-8ee1-4a30-8dd1-ff701564c144.dmp" | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account | ||||||
parent_process | firefox.exe | martian_process | "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\a089af0b-392c-4b62-98e4-1f41b5245e4e.dmp" |
file | C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\parent.lock |
file | C:\Users\test22\AppData\Local\Temp\firefox\parent.lock |