URL:

https://motorolapromociones.com/index.php?54lhls

Full analysis: https://app.any.run/tasks/dc2e141c-60b6-44fa-986b-2cc1042f853a
Verdict: Malicious activity
Analysis date: June 21, 2025, 04:31:59
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
arch-scr
Indicators:
MD5:

93197A95B4021ACBD004353E9E8EA52D

SHA1:

1719F1F0D89A63F9563AE3D63426F73C28C87361

SHA256:

F7D1C9E8C85B5EFE5B6B80623D21CFE48B1A4FA7D2202B356D42BFEF9CFE7B06

SSDEEP:

3:N8zKXKKVdqKbHOn:2mX3VdqKbHO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • svchost.exe (PID: 2200)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • firefox.exe (PID: 3888)
      • firefox.exe (PID: 6200)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
23
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs #PHISHING svchost.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1036"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6040 -prefsLen 39149 -prefMapHandle 6044 -prefMapSize 272997 -jsInitHandle 6048 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 6056 -initialChannelId {2af227be-3f77-49a3-855c-db9b765b58e3} -parentPid 6200 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6200" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 13 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\bcrypt.dll
1964"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -prefsHandle 2108 -prefsLen 36520 -prefMapHandle 2112 -prefMapSize 272997 -ipcHandle 2132 -initialChannelId {f86bd36f-ab7d-4018-b2aa-bf782584f145} -parentPid 6200 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6200" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
2200C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2288"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -sandboxingKind 1 -prefsHandle 5304 -prefsLen 45502 -prefMapHandle 5408 -prefMapSize 272997 -ipcHandle 6592 -initialChannelId {7dc28ae5-2cfb-427d-a723-26d2b3cb3da2} -parentPid 6200 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6200" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 18 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\vcruntime140.dll
2448"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3716 -prefsLen 39191 -prefMapHandle 6244 -prefMapSize 272997 -jsInitHandle 3732 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 6064 -initialChannelId {e852c2d7-258c-4292-ad3d-8842a4bd0d11} -parentPid 6200 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6200" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 15 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
3672"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6484 -prefsLen 39191 -prefMapHandle 6472 -prefMapSize 272997 -jsInitHandle 6444 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 6276 -initialChannelId {11a6da5e-7798-4677-844c-84cd113ae1a6} -parentPid 6200 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6200" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 14 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\crypt32.dll
3888"C:\Program Files\Mozilla Firefox\firefox.exe" "https://motorolapromociones.com/index.php?54lhls"C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\bcrypt.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\crypt32.dll
3964"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3200 -prefsLen 31090 -prefMapHandle 3204 -prefMapSize 272997 -jsInitHandle 3208 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 2740 -initialChannelId {ec18ec28-caa1-486f-b52c-a2c4fde02bab} -parentPid 6200 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6200" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
4576"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6584 -prefsLen 39452 -prefMapHandle 6636 -prefMapSize 272997 -jsInitHandle 6640 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 6648 -initialChannelId {a7bf579a-551b-4589-912b-fabfcf88d0df} -parentPid 6200 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6200" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 16 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
4680"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -prefsHandle 3316 -prefsLen 36996 -prefMapHandle 3320 -prefMapSize 272997 -ipcHandle 3328 -initialChannelId {9c23d046-167c-463b-889f-215e7955b883} -parentPid 6200 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6200" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rddC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Total events
14 401
Read events
14 400
Write events
1
Delete events
0

Modification events

(PID) Process:(6200) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
Executable files
0
Suspicious files
246
Text files
31
Unknown types
0

Dropped files

PID
Process
Filename
Type
6200firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
6200firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
6200firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:3134ED3F12E4F4F8643DB90043B0FD7B
SHA256:26E4F122034D7A03F6DA0E707799B09CBEEBDAF8D7A3133A1F7BD894AC72EEA1
6200firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6200firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:2FD670934FEF0C60E2119BD874AAF470
SHA256:771A7C83CA015BDBC6AB86A7BD9B1D54E40062E28942D311A9178A0FE6433CF2
6200firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6200firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6200firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6200firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\SiteSecurityServiceState.binbinary
MD5:C94E8B12F5626BED1B7BCD67A1EBC659
SHA256:BECAF362562BFC4EFBC6BEB6FD1C3224E0F7242AE5EF8E15D34197215D46C72E
6200firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walbinary
MD5:7CBAF98614362E9B86E03F94424E68D4
SHA256:69DCE044F6D2E31EE5FD8F4DDF83CA3E4461BA255194A88BF00888DFE88B45A4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
49
TCP/UDP connections
176
DNS requests
257
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
POST
200
172.217.18.3:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
POST
200
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
POST
200
172.217.18.3:80
http://o.pki.goog/s/wr3/azY
unknown
whitelisted
6200
firefox.exe
POST
200
184.24.77.54:80
http://r11.o.lencr.org/
unknown
whitelisted
6200
firefox.exe
POST
200
184.24.77.54:80
http://r11.o.lencr.org/
unknown
whitelisted
6200
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
POST
200
172.217.18.3:80
http://o.pki.goog/s/wr3/azY
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
whitelisted
82.223.13.229:443
motorolapromociones.com
IONOS SE
ES
unknown
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
34.36.137.203:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
34.149.100.209:443
firefox.settings.services.mozilla.com
GOOGLE
US
whitelisted
172.217.18.3:80
o.pki.goog
GOOGLE
US
whitelisted
142.250.186.42:443
safebrowsing.googleapis.com
GOOGLE
US
whitelisted
34.107.243.93:443
push.services.mozilla.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.46
whitelisted
content-signature-2.cdn.mozilla.net
  • 34.160.144.191
whitelisted
content-signature-chains.prod.autograph.services.mozaws.net
  • 34.160.144.191
  • 2600:1901:0:92a9::
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
motorolapromociones.com
  • 82.223.13.229
unknown
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted
spocs.getpocket.com
  • 34.36.137.203
whitelisted
mc.prod.ads.prod.webservices.mozgcp.net
  • 34.36.137.203
whitelisted
example.org
  • 96.7.128.192
  • 23.215.0.132
  • 23.215.0.133
  • 96.7.128.186
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Web apps custom Builder (.my .id)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Web apps custom Builder (.my .id)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Web apps custom Builder (.my .id)
2200
svchost.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (panulmi-dev .com)
2200
svchost.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (panulmi-dev .com)
2200
svchost.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (panulmi-dev .com)
2200
svchost.exe
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
2200
svchost.exe
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
2200
svchost.exe
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
6200
firefox.exe
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://motorolapromociones.com/index.php?54lhls