Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-2004-x64

3

Resubmissions

13/03/2023, 08:30

230313-kegj9shd85 3

19/12/2022, 17:13

221219-vrrk4saf3s 10

Analysis

  • max time kernel
    46s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2023, 08:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1045003118900940843/1054445358895353876/Krnl.zip

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 20 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://cdn.discordapp.com/attachments/1045003118900940843/1054445358895353876/Krnl.zip
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:532
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:532 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4072
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 476 -p 3056 -ip 3056
    1⤵
      PID:2968
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3056 -s 1756
      1⤵
      • Program crash
      PID:2692
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4460
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:408
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="408.0.2092688267\174767378" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39a0f685-cf06-4cb5-9fef-0db89769b3c4} 408 "\\.\pipe\gecko-crash-server-pipe.408" 1940 1f38b216558 gpu
          3⤵
            PID:4768
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="408.1.56869509\402952563" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c80ab5aa-19ec-4de4-b705-9b64193caa4a} 408 "\\.\pipe\gecko-crash-server-pipe.408" 2316 1f38a00fb58 socket
            3⤵
              PID:2284
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="408.2.630730266\1758044866" -childID 1 -isForBrowser -prefsHandle 3164 -prefMapHandle 2692 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb35f439-e859-427f-95bb-4d7df090841c} 408 "\\.\pipe\gecko-crash-server-pipe.408" 3060 1f38df04758 tab
              3⤵
                PID:744
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="408.3.1388185759\1655993931" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3c05d32-5c4e-4b87-9893-42cc500d94f0} 408 "\\.\pipe\gecko-crash-server-pipe.408" 3588 1f3fd15d358 tab
                3⤵
                  PID:2448
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="408.4.397126111\68269335" -childID 3 -isForBrowser -prefsHandle 3972 -prefMapHandle 3968 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16a53c1d-15dc-4e01-88ec-4fe481e23409} 408 "\\.\pipe\gecko-crash-server-pipe.408" 3984 1f38ee35158 tab
                  3⤵
                    PID:1332
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="408.5.873721071\1025769142" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5116 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c78bd47d-2ae5-47d4-93dc-2db3d567c85b} 408 "\\.\pipe\gecko-crash-server-pipe.408" 5088 1f391a59d58 tab
                    3⤵
                      PID:3596
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="408.6.1047966446\778759871" -childID 5 -isForBrowser -prefsHandle 5348 -prefMapHandle 5352 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcd1a8c3-9599-4560-a22b-12eedb2b8afe} 408 "\\.\pipe\gecko-crash-server-pipe.408" 5164 1f391a5a358 tab
                      3⤵
                        PID:2336
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="408.7.983706582\1053112916" -childID 6 -isForBrowser -prefsHandle 5552 -prefMapHandle 5564 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93284c45-0350-4e82-a91b-0096ec4758a7} 408 "\\.\pipe\gecko-crash-server-pipe.408" 5548 1f391a5a958 tab
                        3⤵
                          PID:2956
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="408.8.342480228\123456110" -childID 7 -isForBrowser -prefsHandle 5732 -prefMapHandle 5736 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6952078-6b67-4019-8933-4b0c46258e5b} 408 "\\.\pipe\gecko-crash-server-pipe.408" 5724 1f391a59158 tab
                          3⤵
                            PID:5240
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="408.9.538223708\496510663" -childID 8 -isForBrowser -prefsHandle 5840 -prefMapHandle 6004 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b59cd164-0585-4f6c-b4ce-485176437b49} 408 "\\.\pipe\gecko-crash-server-pipe.408" 6012 1f38a010d58 tab
                            3⤵
                              PID:5484

                        Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          162KB

                          MD5

                          6c36cff02e48007a2490f370a92aade5

                          SHA1

                          121f9a91df2b854d242880a8dbc3387536389e40

                          SHA256

                          a66358bca9904f9ef6665d4343a7409010414a31425a2d4ce959acd7a889875b

                          SHA512

                          26651d11d72beb6424cef11913c6a8b9e9b0bbe1a04cde70e381a5105a597bf507c9dc06e1ba30b3356564d192de2bc5e6b58fee14c819ff4966ae7977cefb55

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          25a613b276657f38e577bc528845fae6

                          SHA1

                          1e1ea0d4084053d7509a210c714e49829959a7ef

                          SHA256

                          f3b8285a1ab9fdb51cba52324c6980706ebe29a523f2d9a63d6e789c9ece69f3

                          SHA512

                          ac926c2a30f8ddddc8af80a3c2c3e07562549cf61c282000e5a8a62167afbded9e4da4698068d66e2f978cd45eac915c2e19736e1a5da4e9fcb7d985c4febdac

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          d88c107b2da4af9346ca0c42eb8dcbdf

                          SHA1

                          f5940c996d6344212796bfadb471338995872021

                          SHA256

                          6e5e95e04897f30caed511ca1573ef1542897074de5daa7af766c7e1561fcaff

                          SHA512

                          8779eeaab996c2bfbdeb47aae37ca84c238b4123ed31811c63049dc8f5adbe4bd1cb17669683373b725cf7efba1727be8bbcb5bedadd40387e7f6a562a0620eb

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          108b97b1ff7efbdb1aecce96d55ff2e5

                          SHA1

                          bb72b2e0c3d859fe5e821632307a32df331b55e1

                          SHA256

                          c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

                          SHA512

                          e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          0422e30a714034b11f166be221f49c22

                          SHA1

                          e8adb163c520b1b99215d193510675291055d094

                          SHA256

                          a107bb7c675b62ccb1ad2a5900484d034ce4b1f77bde9a27ee005f587e25c02c

                          SHA512

                          cc375d902b83dd4e5ebcc1451790e8ca7f27724fe2554af8804ad7e24299f3b54eb166e48006dd97e818d4f8bfcd1a517f8b97597744f77874f429a759423e18

                          Download Submit