URL: | https://tools.usps.com/go/TrackConfirmAction.action?tLabels=9400109205568800301922 |
Full analysis: | https://app.any.run/tasks/7407dbb0-6cb2-42b3-ae68-25241fa86004 |
Verdict: | Malicious activity |
Analysis date: | September 29, 2021, 02:53:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 34BA498321CC5C5C6F669211F886FB0D |
SHA1: | 69979353C7F17942EEB51721DD4BAB8E95A03538 |
SHA256: | FDA3B181C2107B8BC064DE4F17ED8E62867617D0DB26853BBA2371FA1C8ABDDD |
SSDEEP: | 3:N8CKW8LGVKKxUGEfkG6bHEgBGsXX:2CKlwXUGEMLEARXX |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3420 | "C:\Program Files\Mozilla Firefox\firefox.exe" "https://tools.usps.com/go/TrackConfirmAction.action?tLabels=9400109205568800301922" | C:\Program Files\Mozilla Firefox\firefox.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Exit code: 0 Version: 91.0 Modules
| |||||||||||||||
656 | "C:\Program Files\Mozilla Firefox\firefox.exe" https://tools.usps.com/go/TrackConfirmAction.action?tLabels=9400109205568800301922 | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | ||||||||||||
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 91.0 Modules
| |||||||||||||||
2492 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="656.0.122207924\126810471" -parentBuildID 20210804193234 -prefsHandle 1104 -prefMapHandle 1096 -prefsLen 1 -prefMapSize 246031 -appdir "C:\Program Files\Mozilla Firefox\browser" - 656 "\\.\pipe\gecko-crash-server-pipe.656" 1188 d394438 gpu | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 91.0 Modules
| |||||||||||||||
3120 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="656.1.1959370054\334190931" -childID 1 -isForBrowser -prefsHandle 1904 -prefMapHandle 1900 -prefsLen 282 -prefMapSize 246031 -jsInit 964 285716 -parentBuildID 20210804193234 -appdir "C:\Program Files\Mozilla Firefox\browser" - 656 "\\.\pipe\gecko-crash-server-pipe.656" 1916 123af4f8 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 91.0 Modules
| |||||||||||||||
760 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="656.3.46606816\1503414868" -childID 2 -isForBrowser -prefsHandle 2820 -prefMapHandle 2876 -prefsLen 5260 -prefMapSize 246031 -jsInit 964 285716 -parentBuildID 20210804193234 -appdir "C:\Program Files\Mozilla Firefox\browser" - 656 "\\.\pipe\gecko-crash-server-pipe.656" 2888 171eab88 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 91.0 Modules
| |||||||||||||||
2724 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="656.5.245520119\878911550" -childID 3 -isForBrowser -prefsHandle 3572 -prefMapHandle 2820 -prefsLen 5920 -prefMapSize 246031 -jsInit 964 285716 -parentBuildID 20210804193234 -appdir "C:\Program Files\Mozilla Firefox\browser" - 656 "\\.\pipe\gecko-crash-server-pipe.656" 3580 1893d798 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 91.0 Modules
| |||||||||||||||
2752 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="656.6.943326157\177485947" -childID 4 -isForBrowser -prefsHandle 3672 -prefMapHandle 3668 -prefsLen 5920 -prefMapSize 246031 -jsInit 964 285716 -parentBuildID 20210804193234 -appdir "C:\Program Files\Mozilla Firefox\browser" - 656 "\\.\pipe\gecko-crash-server-pipe.656" 3732 1893de28 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Exit code: 0 Version: 91.0 Modules
| |||||||||||||||
2292 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="656.10.458372869\2091319320" -childID 5 -isForBrowser -prefsHandle 3788 -prefMapHandle 3784 -prefsLen 5920 -prefMapSize 246031 -jsInit 964 285716 -parentBuildID 20210804193234 -appdir "C:\Program Files\Mozilla Firefox\browser" - 656 "\\.\pipe\gecko-crash-server-pipe.656" 3768 1893de28 tab | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 91.0 Modules
| |||||||||||||||
2820 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="656.11.590271370\524140169" -parentBuildID 20210804193234 -prefsHandle 3752 -prefMapHandle 2736 -prefsLen 5920 -prefMapSize 246031 -appdir "C:\Program Files\Mozilla Firefox\browser" - 656 "\\.\pipe\gecko-crash-server-pipe.656" 3876 d395ba8 rdd | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe | |||||||||||
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Version: 91.0 Modules
|
(PID) Process: | (3420) firefox.exe | Key: | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher |
Operation: | write | Name: | C:\Program Files\Mozilla Firefox\firefox.exe|Launcher |
Value: 15F6E3E23E000000 | |||
(PID) Process: | (656) firefox.exe | Key: | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher |
Operation: | write | Name: | C:\Program Files\Mozilla Firefox\firefox.exe|Browser |
Value: 97FEE3E23E000000 | |||
(PID) Process: | (656) firefox.exe | Key: | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher |
Operation: | write | Name: | C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry |
Value: 0 | |||
(PID) Process: | (656) firefox.exe | Key: | HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment |
Operation: | write | Name: | C:\Program Files\Mozilla Firefox\firefox.exe |
Value: 0 | |||
(PID) Process: | (656) firefox.exe | Key: | HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings |
Operation: | write | Name: | C:\Program Files\Mozilla Firefox\firefox.exe|Theme |
Value: 1 | |||
(PID) Process: | (656) firefox.exe | Key: | HKEY_CURRENT_USER\Software\Mozilla\Firefox\PreXULSkeletonUISettings |
Operation: | write | Name: | C:\Program Files\Mozilla Firefox\firefox.exe|Enabled |
Value: 1 | |||
(PID) Process: | (656) firefox.exe | Key: | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent |
Operation: | write | Name: | C:\Program Files\Mozilla Firefox|DisableTelemetry |
Value: 1 | |||
(PID) Process: | (656) firefox.exe | Key: | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent |
Operation: | write | Name: | C:\Program Files\Mozilla Firefox|DisableDefaultBrowserAgent |
Value: 0 | |||
(PID) Process: | (656) firefox.exe | Key: | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent |
Operation: | write | Name: | C:\Program Files\Mozilla Firefox|ServicesSettingsServer |
Value: https://firefox.settings.services.mozilla.com/v1 | |||
(PID) Process: | (656) firefox.exe | Key: | HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent |
Operation: | write | Name: | C:\Program Files\Mozilla Firefox|SecurityContentSignatureRootHash |
Value: 97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E |
PID | Process | Filename | Type | |
---|---|---|---|---|
656 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin | binary | |
MD5:0308C6EA18FC8109F3B6EF5D777CF8AE | SHA256:52B9ACD85C90EFDC079F759A6514F779DEB31E1D9F932BB2C16818D657E75B49 | |||
656 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\QLDYZ5~1.DEF\cert9.db-journal | binary | |
MD5:86CB96936C9CA6C7649EA1C4038CA089 | SHA256:DCCA74461B6FB6DA357F7AFAC4D0E585C005BF0E85E2EC92F2D36642937F2F5F | |||
656 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js | text | |
MD5:9F1308886B2A8CE36D207F099F457A00 | SHA256:2E9B7F62510D177F12322088322370BB9C4DE509FF8F3D2D7A6B8958240E5A0E | |||
656 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite | — | |
MD5:— | SHA256:— | |||
656 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\QLDYZ5~1.DEF\cert9.db | sqlite | |
MD5:9FD3526DA5DB5EE87FFEC7B6DBA207E9 | SHA256:C03AE2F020C50C448DAF11EE950484C3062056F5EEBB8C05E954DE740B0F0ADC | |||
656 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js | text | |
MD5:9F1308886B2A8CE36D207F099F457A00 | SHA256:2E9B7F62510D177F12322088322370BB9C4DE509FF8F3D2D7A6B8958240E5A0E | |||
656 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.bin | binary | |
MD5:89A8A086336AA27BA1E56E33B155165A | SHA256:5D0D04952D693FA2F40AE23EB7F4BC9888ED3526A55C9ECD0F6B8ADDF03DD9AC | |||
656 | firefox.exe | C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\update-config.json | text | |
MD5:64CF5CFF1D92B0E6C1176A4D6D00AA0C | SHA256:2392EA2FB42A92BF2D310337ADC75A815D50C3A6DC34A1594220746CBEFA9C1A | |||
656 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal | binary | |
MD5:9A37280A657D4F868C28F531E1824B5D | SHA256:9EEEF0F05D0F644611FE1ECB337DDC1FEAB2BE4273DA651F88E68723E474050B | |||
656 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\protections.sqlite-journal | binary | |
MD5:0E706C404D50ECDB7B138EBEAF72F28D | SHA256:01DD418649131741A33502DA30CFB9562C295D58762D82F732EA50026CA52AEA |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
656 | firefox.exe | POST | 200 | 142.250.186.163:80 | http://ocsp.pki.goog/gts1c3 | US | der | 472 b | whitelisted |
656 | firefox.exe | POST | 200 | 142.250.186.163:80 | http://ocsp.pki.goog/gts1c3 | US | der | 472 b | whitelisted |
656 | firefox.exe | POST | 200 | 142.250.186.163:80 | http://ocsp.pki.goog/gts1c3 | US | der | 471 b | whitelisted |
656 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
656 | firefox.exe | POST | 200 | 142.250.186.163:80 | http://ocsp.pki.goog/gts1c3 | US | der | 471 b | whitelisted |
656 | firefox.exe | POST | 200 | 142.250.186.163:80 | http://ocsp.pki.goog/gts1c3 | US | der | 471 b | whitelisted |
656 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
656 | firefox.exe | POST | 200 | 142.250.186.163:80 | http://ocsp.pki.goog/gts1c3 | US | der | 472 b | whitelisted |
656 | firefox.exe | POST | 200 | 142.250.186.163:80 | http://ocsp.pki.goog/gts1c3 | US | der | 471 b | whitelisted |
656 | firefox.exe | GET | 200 | 34.107.221.82:80 | http://detectportal.firefox.com/canonical.html | US | text | 90 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
656 | firefox.exe | 34.107.221.82:80 | detectportal.firefox.com | — | US | whitelisted |
— | — | 34.107.221.82:80 | detectportal.firefox.com | — | US | whitelisted |
656 | firefox.exe | 142.250.184.238:443 | www.googleoptimize.com | Google Inc. | US | whitelisted |
656 | firefox.exe | 142.250.186.138:443 | safebrowsing.googleapis.com | Google Inc. | US | whitelisted |
656 | firefox.exe | 142.250.186.163:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
656 | firefox.exe | 13.224.193.70:443 | firefox.settings.services.mozilla.com | — | US | malicious |
656 | firefox.exe | 13.32.29.31:443 | content-signature-2.cdn.mozilla.net | Amazon.com, Inc. | US | unknown |
656 | firefox.exe | 104.17.224.78:443 | fast.fonts.net | Cloudflare Inc | US | unknown |
656 | firefox.exe | 192.229.221.165:443 | tools.usps.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | suspicious |
656 | firefox.exe | 142.250.185.104:443 | www.googletagmanager.com | Google Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
firefox.settings.services.mozilla.com |
| whitelisted |
detectportal.firefox.com |
| whitelisted |
prod.detectportal.prod.cloudops.mozgcp.net |
| whitelisted |
tools.usps.com |
| suspicious |
cs1799.wpc.upsiloncdn.net |
| suspicious |
example.org |
| whitelisted |
ipv4only.arpa |
| whitelisted |
safebrowsing.googleapis.com |
| whitelisted |
content-signature-2.cdn.mozilla.net |
| whitelisted |
d2nxq2uap88usk.cloudfront.net |
| shared |