File name:

Firefox_Portable_2.0.0.15_en-us.paf.exe

Full analysis: https://app.any.run/tasks/339c9d18-4fbc-4196-8ae3-0f47bee73eef
Verdict: Malicious activity
Analysis date: February 22, 2024, 15:15:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

F40544FD8C7F7E5ECB71A476E26847C1

SHA1:

728D3F2E708D5BC62FEC8A68E0AA1B66E352245E

SHA256:

47B98342208EF1DFD1E7D0DA0587BF2A15472343EAB9655219E9F46B51565AA1

SSDEEP:

98304:BjeS9Zwrt/TXNZh1/5ZcExD+GKe5Dp43pVil4wx3Bjud/6LXpxeBU2Q6qbumo9A3:4rjLoTE6E

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)

    • The process creates files with name similar to system file names

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)

    • Reads security settings of Internet Explorer

      • FirefoxPortable.exe (PID: 2960)

    • Reads the Internet Settings

      • FirefoxPortable.exe (PID: 2960)
      • firefox.exe (PID: 2000)

    • Executable content was dropped or overwritten

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)

    • Application launched itself

      • firefox.exe (PID: 1976)

  • INFO

    • Reads the computer name

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)
      • firefox.exe (PID: 1976)
      • firefox.exe (PID: 2000)

    • Checks supported languages

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)
      • firefox.exe (PID: 1976)
      • firefox.exe (PID: 2000)

    • Manual execution by a user

      • FirefoxPortable.exe (PID: 2960)
      • explorer.exe (PID: 3228)

    • Create files in a temporary directory

      • FirefoxPortable.exe (PID: 2960)
      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)

    • Reads the machine GUID from the registry

      • Firefox_Portable_2.0.0.15_en-us.paf.exe (PID: 2160)
      • FirefoxPortable.exe (PID: 2960)
      • firefox.exe (PID: 2000)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (91.9)
.exe | Win32 Executable MS Visual C++ (generic) (3.3)
.exe | Win64 Executable (generic) (3)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2008:05:03 14:08:42+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23040
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x3225
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.0.0.15
ProductVersionNumber: 2.0.0.15
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
Comments: For additional details, visit PortableApps.com
CompanyName: PortableApps.com
FileDescription: Mozilla Firefox, Portable Edition
FileVersion: 2.0.0.15
InternalName: Mozilla Firefox, Portable Edition
LegalCopyright: PortableApps.com and contributors
LegalTrademarks: Firefox is a Trademark of The Mozilla Foundation. PortableApps.com is a Trademark of Rare Ideas, LLC.
OriginalFileName: Firefox_Portable_2.0.0.15_en-us.paf.exe
PortableAppscomInstallerVersion: 0.9.9.0
ProductName: Mozilla Firefox, Portable Edition
ProductVersion: 2.0.0.15
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox_portable_2.0.0.15_en-us.paf.exe explorer.exe no specs firefoxportable.exe firefox.exe no specs firefox.exe

Process information

PID
CMD
Path
Indicators
Parent process
1976"C:\Portable\FirefoxPortable\App\firefox\firefox.exe" -profile "C:\Portable\FirefoxPortable\Data\profile"C:\Portable\FirefoxPortable\App\firefox\firefox.exeFirefoxPortable.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
1.8.1.15: 2008062306
Modules
Images
c:\portable\firefoxportable\app\firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\portable\firefoxportable\app\firefox\js3250.dll
c:\portable\firefoxportable\app\firefox\nspr4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2000"C:\Portable\FirefoxPortable\App\firefox\firefox.exe" "-profile" "C:\Portable\FirefoxPortable\Data\profile" C:\Portable\FirefoxPortable\App\firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
1.8.1.15: 2008062306
Modules
Images
c:\portable\firefoxportable\app\firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\portable\firefoxportable\app\firefox\js3250.dll
c:\portable\firefoxportable\app\firefox\nspr4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2160"C:\Users\admin\Desktop\Firefox_Portable_2.0.0.15_en-us.paf.exe" C:\Users\admin\Desktop\Firefox_Portable_2.0.0.15_en-us.paf.exe
explorer.exe
User:
admin
Company:
PortableApps.com
Integrity Level:
MEDIUM
Description:
Mozilla Firefox, Portable Edition
Exit code:
0
Version:
2.0.0.15
Modules
Images
c:\users\admin\desktop\firefox_portable_2.0.0.15_en-us.paf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2960"C:\Portable\FirefoxPortable\FirefoxPortable.exe" C:\Portable\FirefoxPortable\FirefoxPortable.exe
explorer.exe
User:
admin
Company:
PortableApps.com
Integrity Level:
MEDIUM
Description:
Mozilla Firefox, Portable Edition
Exit code:
0
Version:
1.5.9.1
Modules
Images
c:\portable\firefoxportable\firefoxportable.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3228"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
5 674
Read events
5 663
Write events
11
Delete events
0

Modification events

(PID) Process:(2160) Firefox_Portable_2.0.0.15_en-us.paf.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2160) Firefox_Portable_2.0.0.15_en-us.paf.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Width
Value:
318
(PID) Process:(2160) Firefox_Portable_2.0.0.15_en-us.paf.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Height
Value:
288
(PID) Process:(2960) FirefoxPortable.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2960) FirefoxPortable.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2960) FirefoxPortable.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2960) FirefoxPortable.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
31
Suspicious files
21
Text files
287
Unknown types
1

Dropped files

PID
Process
Filename
Type
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Users\admin\AppData\Local\Temp\nsaEC2.tmp\modern-wizard.bmpimage
MD5:74665CEFAFE2E26EFA93C3D9E714B32E
SHA256:27E7243D5AF3337E0135E2F137DC87E05204B604E99476690C3DC1C95ED39C62
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Users\admin\AppData\Local\Temp\nsaEC2.tmp\InstallOptions.dllexecutable
MD5:3809B1424D53CCB427C88CABAB8B5F94
SHA256:426EFD56DA4014F12EC8EE2E268F86B848BBCA776333D55482CB3EB71C744088
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Users\admin\AppData\Local\Temp\nsaEC2.tmp\System.dllexecutable
MD5:32465A07028B927B22C38E642C2CB836
SHA256:EDA545D4DCB37098A90FCE9692D5094BB56897F04EFF6D40E3DEDD122A4D1292
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Users\admin\AppData\Local\Temp\nsaEC2.tmp\ioSpecial.iniini
MD5:E2D5070BC28DB1AC745613689FF86067
SHA256:D95AED234F932A1C48A2B1B0D98C60CA31F962310C03158E2884AB4DDD3EA1E0
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\DefaultData\profile\bookmarks.htmlhtml
MD5:0512CC8EA5D1F10B276E0990884AD69E
SHA256:080E2C4C22D0D0168EE502451F3D534C3C586B0622B1D37FE08E1FEC12633091
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\DefaultData\profile\cookies.txttext
MD5:2FFAEA0A9579122A995E0F4BB354BD86
SHA256:280B8607693341CA45AF61368141D879DEFC67CF532F1B402B6A37983A52A8AB
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\DefaultData\profile\extensions.rdfxml
MD5:6374609A0F01C5B1C3550C9EE59820B1
SHA256:BB7EE4C97DEA95B18D206678426D13B41E9FB1D727C1D657D8B3B48009782216
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\DefaultData\profile\kf.txttext
MD5:0335DFEBB7643EAF56810A6272F9E161
SHA256:6F261D3FA9D4787DBB491A7D550DFCD99B02E5363067693E970BA2C081A1EAF1
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\DefaultData\profile\mimeTypes.rdfxml
MD5:6047F42624D9930CAA8D651FA94D28F1
SHA256:C9AEBB4219A0E86565A9399C14B70219EA4F066464102848010CEFC425D72008
2160Firefox_Portable_2.0.0.15_en-us.paf.exeC:\Portable\FirefoxPortable\App\DefaultData\plugins\plugins_readme.txttext
MD5:68A053ABE09221B4131721FD7AF43D74
SHA256:3EAF549AE05ADDED0D502ABC1983BFF904C9BC5762DB07B35B481629987830C8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
10
DNS requests
7
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2000
firefox.exe
GET
301
3.122.152.250:80
http://portableapps.com/feeds/general
unknown
html
2.42 Kb
unknown
2000
firefox.exe
GET
301
44.236.48.31:80
http://en-us.www.mozilla.com/en-US/firefox/2.0.0.15/firstrun/
unknown
html
162 b
unknown
2000
firefox.exe
GET
200
142.250.185.110:80
http://feeds.feedburner.com/portableapps_com
unknown
xml
3.46 Kb
unknown
2000
firefox.exe
GET
404
142.250.181.238:80
http://sb.google.com/safebrowsing/update?client=navclient-auto-ffox&appver=2.0.0.15&version=goog-white-domain:1:-1,goog-white-url:1:-1,goog-black-url:1:-1,goog-black-enchash:1:-1
unknown
html
1.54 Kb
unknown
2000
firefox.exe
GET
301
3.122.152.250:80
http://portableapps.com/
unknown
html
2.41 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2000
firefox.exe
44.236.48.31:80
en-us.www.mozilla.com
AMAZON-02
US
unknown
2000
firefox.exe
3.122.152.250:80
portableapps.com
AMAZON-02
DE
unknown
2000
firefox.exe
44.236.48.31:443
en-us.www.mozilla.com
AMAZON-02
US
unknown
2000
firefox.exe
3.122.152.250:443
portableapps.com
AMAZON-02
DE
unknown
2000
firefox.exe
142.250.181.238:80
sb.google.com
GOOGLE
US
whitelisted
2000
firefox.exe
13.32.119.185:443
www.mozilla.org
AMAZON-02
US
unknown
2000
firefox.exe
142.250.185.110:80
feeds.feedburner.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
en-us.www.mozilla.com
  • 44.236.48.31
  • 44.236.72.93
  • 44.235.246.155
unknown
en-us.start2.mozilla.com
unknown
fxfeeds.mozilla.com
unknown
portableapps.com
  • 3.122.152.250
  • 3.69.213.60
  • 3.67.181.148
unknown
sb.google.com
  • 142.250.181.238
whitelisted
www.mozilla.org
  • 13.32.119.185
whitelisted
feeds.feedburner.com
  • 142.250.185.110
whitelisted

Threats

PID
Process
Class
Message
2000
firefox.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake FireFox Version 2.
2000
firefox.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake FireFox Version 2.
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Firefox_Portable_2.0.0.15_en-us.paf.exe