URL:

http://daas4uyngl.execute-api.ap-southeast-2.amazonaws.com

Full analysis: https://app.any.run/tasks/ee412750-24cd-4c33-8c39-f6b26e18b1a5
Verdict: Malicious activity
Analysis date: December 14, 2019, 15:18:36
OS: Windows 10 Professional (build: 16299, 64 bit)
Indicators:
MD5:

6434A95E14DBE01D82C470EB28DD7C8F

SHA1:

AC99AE8B7DA61F84B7457AA82E9BDD8B0B0A0CEC

SHA256:

409EE07E7132688976CD56B2A5025E02F84710EA748EB59C33D0B9BB0A1E4AEF

SSDEEP:

3:N1KaEEXLAqM8EiWQ2N2Q7W2:Cat7AF8Z/e3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Creates files in the program directory

      • firefox.exe (PID: 1932)

  • INFO

    • Creates files in the user directory

      • firefox.exe (PID: 1932)

    • Application launched itself

      • firefox.exe (PID: 1932)

    • Dropped object may contain Bitcoin addresses

      • firefox.exe (PID: 1932)

    • Reads CPU info

      • firefox.exe (PID: 1932)

    • Reads the machine GUID from the registry

      • firefox.exe (PID: 1932)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
100
Monitored processes
6
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe firefox.exe

Process information

PID
CMD
Path
Indicators
Parent process
1160"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1932.0.1626282724\1376308016" -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{048b6647-5496-472c-a8de-1c5bfaf6adf3}" 1932 "\\.\pipe\gecko-crash-server-pipe.1932" 1444 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ucrtbase.dll
1932"C:\Program Files\Mozilla Firefox\firefox.exe" "http://daas4uyngl.execute-api.ap-southeast-2.amazonaws.com"C:\Program Files\Mozilla Firefox\firefox.exe
explorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ucrtbase.dll
5500"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1932.27.1606712131\1073996491" -childID 4 -isForBrowser -prefsHandle 3816 -prefMapHandle 2900 -prefsLen 6236 -prefMapSize 179819 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 1932 "\\.\pipe\gecko-crash-server-pipe.1932" 3628 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
5856"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1932.6.2090277509\450095204" -childID 1 -isForBrowser -prefsHandle 2244 -prefMapHandle 2384 -prefsLen 1 -prefMapSize 179819 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 1932 "\\.\pipe\gecko-crash-server-pipe.1932" 2240 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
5860"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1932.20.1769641529\1047991484" -childID 3 -isForBrowser -prefsHandle 4264 -prefMapHandle 4284 -prefsLen 5925 -prefMapSize 179819 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 1932 "\\.\pipe\gecko-crash-server-pipe.1932" 4288 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
6104"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1932.13.1797834180\1404250214" -childID 2 -isForBrowser -prefsHandle 3076 -prefMapHandle 3100 -prefsLen 301 -prefMapSize 179819 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 1932 "\\.\pipe\gecko-crash-server-pipe.1932" 3168 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
Total events
1 203
Read events
1 203
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
65
Text files
22
Unknown types
51

Dropped files

PID
Process
Filename
Type
1932firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ccduiye8.default\cookies.sqlite-shm
MD5:
SHA256:
1932firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ccduiye8.default\prefs-1.js
MD5:
SHA256:
1932firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ccduiye8.default\pluginreg.dat.tmp
MD5:
SHA256:
1932firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ccduiye8.default\sessionCheckpoints.json.tmp
MD5:
SHA256:
1932firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ccduiye8.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
MD5:
SHA256:
1932firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ccduiye8.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
MD5:
SHA256:
1932firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ccduiye8.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
MD5:
SHA256:
1932firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ccduiye8.default\safebrowsing-updating\allow-flashallow-digest256.pset
MD5:
SHA256:
1932firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ccduiye8.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
MD5:
SHA256:
1932firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\ccduiye8.default\safebrowsing-updating\base-track-digest256.pset
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
28
DNS requests
99
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1932
firefox.exe
POST
200
172.217.16.195:80
http://ocsp.pki.goog/gts1o1
US
der
472 b
whitelisted
1932
firefox.exe
POST
200
172.217.16.195:80
http://ocsp.pki.goog/gts1o1
US
der
472 b
whitelisted
1932
firefox.exe
POST
200
172.217.16.195:80
http://ocsp.pki.goog/gts1o1
US
der
472 b
whitelisted
1932
firefox.exe
POST
200
172.217.16.195:80
http://ocsp.pki.goog/gts1o1
US
der
472 b
whitelisted
1932
firefox.exe
POST
200
143.204.208.79:80
http://ocsp.sca1b.amazontrust.com/
US
der
471 b
whitelisted
1932
firefox.exe
POST
200
172.217.16.195:80
http://ocsp.pki.goog/gts1o1
US
der
471 b
whitelisted
1932
firefox.exe
GET
301
143.204.214.96:80
http://daas4uyngl.execute-api.ap-southeast-2.amazonaws.com/
US
html
183 b
shared
1932
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
1932
firefox.exe
POST
200
172.217.16.195:80
http://ocsp.pki.goog/gts1o1
US
der
472 b
whitelisted
1932
firefox.exe
POST
200
172.217.16.195:80
http://ocsp.pki.goog/gts1o1
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1932
firefox.exe
2.16.186.112:80
detectportal.firefox.com
Akamai International B.V.
whitelisted
1932
firefox.exe
52.89.218.39:443
search.services.mozilla.com
Amazon.com, Inc.
US
unknown
1932
firefox.exe
143.204.214.96:80
daas4uyngl.execute-api.ap-southeast-2.amazonaws.com
US
shared
1932
firefox.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1932
firefox.exe
13.225.78.51:443
snippets.cdn.mozilla.net
US
suspicious
1932
firefox.exe
143.204.214.96:443
daas4uyngl.execute-api.ap-southeast-2.amazonaws.com
US
shared
1932
firefox.exe
172.217.18.10:443
safebrowsing.googleapis.com
Google Inc.
US
whitelisted
1932
firefox.exe
143.204.208.79:80
ocsp.sca1b.amazontrust.com
US
whitelisted
1932
firefox.exe
172.217.16.195:80
ocsp.pki.goog
Google Inc.
US
whitelisted
1932
firefox.exe
13.224.132.7:443
content-signature-2.cdn.mozilla.net
US
unknown

DNS requests

Domain
IP
Reputation
detectportal.firefox.com
  • 2.16.186.112
  • 2.16.186.50
whitelisted
a1089.dscd.akamai.net
  • 2.16.186.50
  • 2.16.186.112
whitelisted
search.services.mozilla.com
  • 52.89.218.39
  • 52.35.182.58
  • 35.164.109.147
whitelisted
search.r53-2.services.mozilla.com
  • 35.164.109.147
  • 52.35.182.58
  • 52.89.218.39
whitelisted
daas4uyngl.execute-api.ap-southeast-2.amazonaws.com
  • 143.204.214.96
  • 143.204.214.31
  • 143.204.214.53
  • 143.204.214.49
shared
snippets.cdn.mozilla.net
  • 13.225.78.51
  • 13.225.78.54
  • 13.225.78.43
  • 13.225.78.112
whitelisted
d228z91au11ukj.cloudfront.net
  • 13.225.78.112
  • 13.225.78.43
  • 13.225.78.54
  • 13.225.78.51
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
cs9.wac.phicdn.net
  • 93.184.220.29
whitelisted
ocsp.sca1b.amazontrust.com
  • 143.204.208.79
  • 143.204.208.173
  • 143.204.208.150
  • 143.204.208.145
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://daas4uyngl.execute-api.ap-southeast-2.amazonaws.com