Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://people.fl2wea...

windows10-2004-x64

1

Resubmissions

13/03/2023, 13:54

230313-q7qarsae86 1

13/03/2023, 13:53

230313-q64rrsae83 1

Analysis

  • max time kernel
    12s
  • max time network
    13s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2023, 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://people.fl2wealth.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" http://people.fl2wealth.com
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" http://people.fl2wealth.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3500
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3500.0.387795193\2144689853" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab095294-e279-4725-9b66-1f1f195bce02} 3500 "\\.\pipe\gecko-crash-server-pipe.3500" 1916 1d82a718358 gpu
        3⤵
          PID:4088
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3500.1.1690727484\898577016" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78c898af-f691-4aeb-b4f4-3ca6d0bbe8b9} 3500 "\\.\pipe\gecko-crash-server-pipe.3500" 2424 1d81c672858 socket
          3⤵
            PID:2188
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3500.2.1084977806\1030865524" -childID 1 -isForBrowser -prefsHandle 3172 -prefMapHandle 3168 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04161658-7215-42de-ad8c-9c9d869b3305} 3500 "\\.\pipe\gecko-crash-server-pipe.3500" 2884 1d82d40cd58 tab
            3⤵
              PID:2164
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3500.3.847247747\1673592638" -childID 2 -isForBrowser -prefsHandle 3984 -prefMapHandle 3980 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a30d5a8-185c-48c1-bedf-99ab76c2a7b3} 3500 "\\.\pipe\gecko-crash-server-pipe.3500" 3996 1d81c661f58 tab
              3⤵
                PID:1676
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3500.4.1048877308\911712596" -childID 3 -isForBrowser -prefsHandle 4536 -prefMapHandle 4528 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10515e1c-9ded-4282-acf1-89b0ee83fef9} 3500 "\\.\pipe\gecko-crash-server-pipe.3500" 4600 1d81c667b58 tab
                3⤵
                  PID:460
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3500.5.184121749\1618351133" -childID 4 -isForBrowser -prefsHandle 1656 -prefMapHandle 4760 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d17ea1d9-0fd3-427d-8763-999b5ba4a2de} 3500 "\\.\pipe\gecko-crash-server-pipe.3500" 4872 1d82f6ca258 tab
                  3⤵
                    PID:2676
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3500.6.416475554\1272738464" -childID 5 -isForBrowser -prefsHandle 4904 -prefMapHandle 4568 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5418ec1-9dc8-4a5c-9c9c-db8b5d0065d4} 3500 "\\.\pipe\gecko-crash-server-pipe.3500" 5112 1d82f68a558 tab
                    3⤵
                      PID:3840
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3500.7.2101453247\2016623324" -childID 6 -isForBrowser -prefsHandle 3276 -prefMapHandle 3264 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f9595a1-89d8-4926-afa4-3e80d70cb6f0} 3500 "\\.\pipe\gecko-crash-server-pipe.3500" 3256 1d830112158 tab
                      3⤵
                        PID:1508

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    162KB

                    MD5

                    5ebf73281a31d84a2fd94519d6568ddb

                    SHA1

                    2b51529dcf2d73b1aac08c5d5e4dfb1d7f92ddd1

                    SHA256

                    acb1fc7cb18b2882fe925d0ce54604ccaa3dac16fec7275d9eee58ce8d5715c7

                    SHA512

                    ae8ffe53c0b5f8cee2c446c43c1d319207cb207ac909fa276f632aa45af563a6734a4ec1dd0d0eb26142d58149fb07ab6f98ad02242045fb465b7202c0a69adf

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    4e596b2a86b9a155092b09aef7be9d9a

                    SHA1

                    4aa3a174db39cac6aa07e6456d0de2ff784e4f07

                    SHA256

                    c29b6e37bd393f2f65b1a22a542a5f45624cd2295cdc829d391719b4b6cecc20

                    SHA512

                    f9428503237e0d42f026a7314747c3d29236e6c5294f7184da2ad16185ad7ac1db79d088ec4d3fcf6bfd8a1200073b9a3f6a6e4625adab07ee6e54903a45dc2c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    feb8a52858c8167a58f36caa1b37f116

                    SHA1

                    7ae7f9d2721ae3c579f9e18e4fea679e8c848158

                    SHA256

                    adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

                    SHA512

                    109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

                    Download Submit