URL:

https://bitiasolutions-my.sharepoint.com/:b:/p/keilasalazar/Ebu-K3u7pP5NuiaKD77B9K4BlpXwLfjAK4_PbEvETS1Adg?e=B0ZEx1

Full analysis: https://app.any.run/tasks/c4c06473-e01d-43fe-84c1-5727a08a2605
Verdict: Malicious activity
Analysis date: May 15, 2019, 14:39:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
phishing
phish-pdf
phish-office365
Indicators:
MD5:

B07DF13E6FA76E266E062812D76983F7

SHA1:

805FB3CE54156C2BD96B113791844D5BB24B106D

SHA256:

F2ACF0B5B4F2904CC116A39BD890D1C0769E088A9C60D5A679BE2C56D6A5765D

SSDEEP:

3:N8iQtLK+ArL5W5/gEfqw2nMEuhncuRJ4cuFpVxn:2O+AfT2BlAu/nu/n

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Creates files in the program directory

      • firefox.exe (PID: 3328)

  • INFO

    • Reads CPU info

      • firefox.exe (PID: 3328)

    • Application launched itself

      • firefox.exe (PID: 3328)

    • Creates files in the user directory

      • firefox.exe (PID: 3328)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
6
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe firefox.exe

Process information

PID
CMD
Path
Indicators
Parent process
2856"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3328.20.1339279502\1044510862" -childID 3 -isForBrowser -prefsHandle 2760 -prefMapHandle 2824 -prefsLen 5824 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3328 "\\.\pipe\gecko-crash-server-pipe.3328" 3168 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3000"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3328.27.1446523685\26493809" -childID 4 -isForBrowser -prefsHandle 1720 -prefMapHandle 3048 -prefsLen 6390 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3328 "\\.\pipe\gecko-crash-server-pipe.3328" 1588 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3328"C:\Program Files\Mozilla Firefox\firefox.exe" https://bitiasolutions-my.sharepoint.com/:b:/p/keilasalazar/Ebu-K3u7pP5NuiaKD77B9K4BlpXwLfjAK4_PbEvETS1Adg?e=B0ZEx1C:\Program Files\Mozilla Firefox\firefox.exe
explorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3576"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3328.6.1995306759\233697120" -childID 1 -isForBrowser -prefsHandle 1724 -prefMapHandle 1720 -prefsLen 1 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3328 "\\.\pipe\gecko-crash-server-pipe.3328" 764 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3688"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3328.13.1223311842\1145939961" -childID 2 -isForBrowser -prefsHandle 2548 -prefMapHandle 2552 -prefsLen 216 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3328 "\\.\pipe\gecko-crash-server-pipe.3328" 2564 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
3756"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3328.0.1491389032\1622747598" -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}" 3328 "\\.\pipe\gecko-crash-server-pipe.3328" 1152 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
65.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
Total events
808
Read events
806
Write events
2
Delete events
0

Modification events

(PID) Process:(3328) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3328) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
Executable files
0
Suspicious files
130
Text files
32
Unknown types
64

Dropped files

PID
Process
Filename
Type
3328firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
3328firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\trash31444
MD5:
SHA256:
3328firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
MD5:
SHA256:
3328firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
MD5:
SHA256:
3328firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.binbinary
MD5:
SHA256:
3328firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.binbinary
MD5:
SHA256:
3328firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.jstext
MD5:
SHA256:
3328firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstorebinary
MD5:
SHA256:
3328firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.jsontext
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3328firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
52
DNS requests
110
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3328
firefox.exe
POST
200
104.18.25.243:80
http://ocsp.msocsp.com/
US
der
1.79 Kb
whitelisted
3328
firefox.exe
POST
200
104.18.25.243:80
http://ocsp.msocsp.com/
US
der
1.79 Kb
whitelisted
3328
firefox.exe
POST
200
172.217.22.99:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
3328
firefox.exe
POST
200
172.217.22.99:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
3328
firefox.exe
POST
200
172.217.22.99:80
http://ocsp.pki.goog/GTSGIAG3
US
der
471 b
whitelisted
3328
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3328
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3328
firefox.exe
GET
200
2.16.186.112:80
http://detectportal.firefox.com/success.txt
unknown
text
8 b
whitelisted
3328
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3328
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3328
firefox.exe
2.16.186.112:80
detectportal.firefox.com
Akamai International B.V.
whitelisted
3328
firefox.exe
52.32.77.100:443
aus5.mozilla.org
Amazon.com, Inc.
US
unknown
3328
firefox.exe
52.10.97.252:443
search.services.mozilla.com
Amazon.com, Inc.
US
unknown
3328
firefox.exe
13.107.136.9:443
bitiasolutions-my.sharepoint.com
Microsoft Corporation
US
whitelisted
3328
firefox.exe
54.192.131.113:443
snippets.cdn.mozilla.net
Amazon.com, Inc.
US
unknown
3328
firefox.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3328
firefox.exe
216.58.205.234:443
safebrowsing.googleapis.com
Google Inc.
US
whitelisted
3328
firefox.exe
172.217.22.99:80
ocsp.pki.goog
Google Inc.
US
whitelisted
3328
firefox.exe
2.16.186.40:443
spoprod-a.akamaihd.net
Akamai International B.V.
whitelisted
3328
firefox.exe
54.186.120.41:443
shavar.services.mozilla.com
Amazon.com, Inc.
US
unknown

DNS requests

Domain
IP
Reputation
bitiasolutions-my.sharepoint.com
  • 13.107.136.9
suspicious
detectportal.firefox.com
  • 2.16.186.112
  • 2.16.186.50
whitelisted
aus5.mozilla.org
  • 52.32.77.100
  • 52.27.144.31
  • 34.216.134.104
  • 35.164.82.230
  • 34.214.241.105
  • 52.43.79.30
  • 54.148.138.18
  • 52.40.226.98
  • 34.218.159.169
whitelisted
a1089.dscd.akamai.net
  • 2.16.186.50
  • 2.16.186.112
whitelisted
balrog-aus5.r53-2.services.mozilla.com
  • 52.40.226.98
  • 54.148.138.18
  • 52.43.79.30
  • 34.214.241.105
  • 35.164.82.230
  • 34.216.134.104
  • 52.27.144.31
  • 52.32.77.100
  • 34.218.159.169
whitelisted
search.services.mozilla.com
  • 52.10.97.252
  • 52.88.179.171
  • 52.27.173.161
whitelisted
search.r53-2.services.mozilla.com
  • 52.27.173.161
  • 52.88.179.171
  • 52.10.97.252
whitelisted
tiles.services.mozilla.com
  • 52.42.232.148
  • 52.26.103.165
  • 52.26.166.58
  • 52.27.87.181
  • 52.35.96.157
  • 52.34.132.219
  • 52.43.91.152
  • 52.25.71.236
whitelisted
tiles.r53-2.services.mozilla.com
  • 52.25.71.236
  • 52.43.91.152
  • 52.34.132.219
  • 52.35.96.157
  • 52.27.87.181
  • 52.26.166.58
  • 52.26.103.165
  • 52.42.232.148
whitelisted
spo-0004.spo-msedge.net
  • 13.107.136.9
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://bitiasolutions-my.sharepoint.com/:b:/p/keilasalazar/Ebu-K3u7pP5NuiaKD77B9K4BlpXwLfjAK4_PbEvETS1Adg?e=B0ZEx1