File name:

Firefox_Portable_2.0.0.15_en-us.paf.exe

Full analysis: https://app.any.run/tasks/339c9d18-4fbc-4196-8ae3-0f47bee73eef
Verdict: Malicious activity
Analysis date: February 22, 2024, 15:15:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

F40544FD8C7F7E5ECB71A476E26847C1

SHA1:

728D3F2E708D5BC62FEC8A68E0AA1B66E352245E

SHA256:

47B98342208EF1DFD1E7D0DA0587BF2A15472343EAB9655219E9F46B51565AA1

SSDEEP:

98304:BjeS9Zwrt/TXNZh1/5ZcExD+GKe5Dp43pVil4wx3Bjud/6LXpxeBU2Q6qbumo9A3:4rjLoTE6E

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)

    • Executable content was dropped or overwritten

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)

    • Reads the Internet Settings

      • FirefoxPortable.exe (PID: 2960)
      • firefox.exe (PID: 2000)

    • Reads security settings of Internet Explorer

      • FirefoxPortable.exe (PID: 2960)

    • Application launched itself

      • firefox.exe (PID: 1976)

  • INFO

    • Checks supported languages

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)
      • firefox.exe (PID: 2000)
      • firefox.exe (PID: 1976)

    • Reads the computer name

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)
      • firefox.exe (PID: 2000)
      • firefox.exe (PID: 1976)

    • Create files in a temporary directory

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)

    • Reads the machine GUID from the registry

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)
      • firefox.exe (PID: 2000)

    • Manual execution by a user

      • FirefoxPortable.exe (PID: 2960)
      • explorer.exe (PID: 3228)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (91.9)
.exe | Win32 Executable MS Visual C++ (generic) (3.3)
.exe | Win64 Executable (generic) (3)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2008:05:03 14:08:42+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23040
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x3225
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.0.0.15
ProductVersionNumber: 2.0.0.15
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
Comments: For additional details, visit PortableApps.com
CompanyName: PortableApps.com
FileDescription: Mozilla Firefox, Portable Edition
FileVersion: 2.0.0.15
InternalName: Mozilla Firefox, Portable Edition
LegalCopyright: PortableApps.com and contributors
LegalTrademarks: Firefox is a Trademark of The Mozilla Foundation. PortableApps.com is a Trademark of Rare Ideas, LLC.
OriginalFileName: Firefox_Portable_2.0.0.15_en-us.paf.exe
PortableAppscomInstallerVersion: 0.9.9.0
ProductName: Mozilla Firefox, Portable Edition
ProductVersion: 2.0.0.15
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox_portable_2.0.0.15_en-us.paf.exe explorer.exe no specs firefoxportable.exe firefox.exe no specs firefox.exe

Process information

PID
CMD
Path
Indicators
Parent process
1976"C:\Portable\FirefoxPortable\App\firefox\firefox.exe" -profile "C:\Portable\FirefoxPortable\Data\profile"C:\Portable\FirefoxPortable\App\firefox\firefox.exeFirefoxPortable.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
1.8.1.15: 2008062306
Modules
Images
c:\portable\firefoxportable\app\firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\portable\firefoxportable\app\firefox\js3250.dll
c:\portable\firefoxportable\app\firefox\nspr4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2000"C:\Portable\FirefoxPortable\App\firefox\firefox.exe" "-profile" "C:\Portable\FirefoxPortable\Data\profile" C:\Portable\FirefoxPortable\App\firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
1.8.1.15: 2008062306
Modules
Images
c:\portable\firefoxportable\app\firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\portable\firefoxportable\app\firefox\js3250.dll
c:\portable\firefoxportable\app\firefox\nspr4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2160"C:\Users\admin\Desktop\Firefox_Portable_2.0.0.15_en-us.paf.exe" C:\Users\admin\Desktop\Firefox_Portable_2.0.0.15_en-us.paf.exe
explorer.exe
User:
admin
Company:
PortableApps.com
Integrity Level:
MEDIUM
Description:
Mozilla Firefox, Portable Edition
Exit code:
0
Version:
2.0.0.15
Modules
Images
c:\users\admin\desktop\firefox_portable_2.0.0.15_en-us.paf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2960"C:\Portable\FirefoxPortable\FirefoxPortable.exe" C:\Portable\FirefoxPortable\FirefoxPortable.exe
explorer.exe
User:
admin
Company:
PortableApps.com
Integrity Level:
MEDIUM
Description:
Mozilla Firefox, Portable Edition
Exit code:
0
Version:
1.5.9.1
Modules
Images
c:\portable\firefoxportable\firefoxportable.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3228"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
5 674
Read events
5 663
Write events
11
Delete events
0

Modification events

(PID) Process:(2160) Firefox_Portable_2.0.0.15_en-us.paf.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2160) Firefox_Portable_2.0.0.15_en-us.paf.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Width
Value:
318
(PID) Process:(2160) Firefox_Portable_2.0.0.15_en-us.paf.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Height
Value:
288
(PID) Process:(2960) FirefoxPortable.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2960) FirefoxPortable.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2960) FirefoxPortable.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2960) FirefoxPortable.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
31
Suspicious files
21
Text files
287
Unknown types
1

Dropped files

PID
Process
Filename
Type
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Users\admin\AppData\Local\Temp\nsaEC2.tmp\modern-wizard.bmpimage
MD5:74665CEFAFE2E26EFA93C3D9E714B32E
SHA256:27E7243D5AF3337E0135E2F137DC87E05204B604E99476690C3DC1C95ED39C62
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\AppInfo\appinfo.iniini
MD5:92F54E92D6D299F38853038481CE33B3
SHA256:D02D00564951256356C6A1D61142E78F4DB5DC6B80028CA57B469D13C5B85E83
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\readme.txttext
MD5:7785366DA1C73982691B1612BB6B6980
SHA256:F4F2101563BBA6AF027877FE8D6B8EE1B62ADE44A357B4555F2CFDF45E0C633F
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\DefaultData\plugins\plugins_readme.txttext
MD5:68A053ABE09221B4131721FD7AF43D74
SHA256:3EAF549AE05ADDED0D502ABC1983BFF904C9BC5762DB07B35B481629987830C8
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\DefaultData\profile\cert8.dbbinary
MD5:A5AE49867124AC75F029A9A33AF31BAD
SHA256:E45105A21696A26C834CFAA3F664C42426C99546094E22FBE3A5E1DD3FBC1F33
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\DefaultData\profile\cookies.txttext
MD5:2FFAEA0A9579122A995E0F4BB354BD86
SHA256:280B8607693341CA45AF61368141D879DEFC67CF532F1B402B6A37983A52A8AB
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\DefaultData\profile\extensions.iniini
MD5:D952E79FCF1CA47DCCD3E5E9D76C26EF
SHA256:8294E786AC10805563449401F102247C3DB3758375A046D1E220BD3AA773E5A1
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\DefaultData\profile\compatibility.iniini
MD5:90FF46FB801B022823567F2C9D5E8A6E
SHA256:1714B3D15BCD07C2361A12112C073F828467C58F324389E0DBE3C800BEAD069D
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\DefaultData\profile\kf.txttext
MD5:0335DFEBB7643EAF56810A6272F9E161
SHA256:6F261D3FA9D4787DBB491A7D550DFCD99B02E5363067693E970BA2C081A1EAF1
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\DefaultData\profile\extensions.rdfxml
MD5:6374609A0F01C5B1C3550C9EE59820B1
SHA256:BB7EE4C97DEA95B18D206678426D13B41E9FB1D727C1D657D8B3B48009782216
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
10
DNS requests
7
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2000
firefox.exe
GET
301
44.236.48.31:80
http://en-us.www.mozilla.com/en-US/firefox/2.0.0.15/firstrun/
unknown
html
162 b
unknown
2000
firefox.exe
GET
200
142.250.185.110:80
http://feeds.feedburner.com/portableapps_com
unknown
xml
3.46 Kb
unknown
2000
firefox.exe
GET
301
3.122.152.250:80
http://portableapps.com/feeds/general
unknown
html
2.42 Kb
unknown
2000
firefox.exe
GET
404
142.250.181.238:80
http://sb.google.com/safebrowsing/update?client=navclient-auto-ffox&appver=2.0.0.15&version=goog-white-domain:1:-1,goog-white-url:1:-1,goog-black-url:1:-1,goog-black-enchash:1:-1
unknown
html
1.54 Kb
unknown
2000
firefox.exe
GET
301
3.122.152.250:80
http://portableapps.com/
unknown
html
2.41 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2000
firefox.exe
44.236.48.31:80
en-us.www.mozilla.com
AMAZON-02
US
unknown
2000
firefox.exe
3.122.152.250:80
portableapps.com
AMAZON-02
DE
unknown
2000
firefox.exe
44.236.48.31:443
en-us.www.mozilla.com
AMAZON-02
US
unknown
2000
firefox.exe
3.122.152.250:443
portableapps.com
AMAZON-02
DE
unknown
2000
firefox.exe
142.250.181.238:80
sb.google.com
GOOGLE
US
whitelisted
2000
firefox.exe
13.32.119.185:443
www.mozilla.org
AMAZON-02
US
unknown
2000
firefox.exe
142.250.185.110:80
feeds.feedburner.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
en-us.www.mozilla.com
  • 44.236.48.31
  • 44.236.72.93
  • 44.235.246.155
unknown
en-us.start2.mozilla.com
unknown
fxfeeds.mozilla.com
unknown
portableapps.com
  • 3.122.152.250
  • 3.69.213.60
  • 3.67.181.148
unknown
sb.google.com
  • 142.250.181.238
whitelisted
www.mozilla.org
  • 13.32.119.185
whitelisted
feeds.feedburner.com
  • 142.250.185.110
whitelisted

Threats

PID
Process
Class
Message
2000
firefox.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake FireFox Version 2.
2000
firefox.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake FireFox Version 2.
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Firefox_Portable_2.0.0.15_en-us.paf.exe