Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://roblox.com

windows10-2004-x64

1

Analysis

  • max time kernel
    155s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/03/2023, 16:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://roblox.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 13 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://roblox.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4824
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4824 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2172
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3892
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.0.97683832\1822304508" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe710e4c-c808-4d76-a446-03237c63fc9b} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 1900 1119d3e8158 gpu
      2⤵
        PID:2316
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.1.359687295\369676495" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d31e760d-0a80-426b-8f34-269e79be35a8} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 2300 11190472258 socket
        2⤵
          PID:4104
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.2.859038409\911240638" -childID 1 -isForBrowser -prefsHandle 3176 -prefMapHandle 3288 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f2a9c25-061f-4a41-a3c0-4f6b033e01f0} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 3172 111a1348658 tab
          2⤵
            PID:3504
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.3.664333868\227216529" -childID 2 -isForBrowser -prefsHandle 1208 -prefMapHandle 3424 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8989f08c-ac3f-4787-b4bc-9ef5a54523fb} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 3508 11190471058 tab
            2⤵
              PID:2132
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.4.872968651\991753106" -childID 3 -isForBrowser -prefsHandle 4156 -prefMapHandle 4152 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b5ce606-40bb-4027-8fa5-2346ed941625} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 4168 11190462858 tab
              2⤵
                PID:1292
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.5.1262352214\728451642" -childID 4 -isForBrowser -prefsHandle 4684 -prefMapHandle 2792 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09f3aa27-4efa-4307-adcf-6b3bcf990f8d} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 1644 1119d30fb58 tab
                2⤵
                  PID:5104
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.6.1675797018\1449838475" -childID 5 -isForBrowser -prefsHandle 4872 -prefMapHandle 4876 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {052607b6-e9e3-42c0-b58e-e7bc169ad80a} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 4944 111a3413558 tab
                  2⤵
                    PID:496
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.7.676527186\352989653" -childID 6 -isForBrowser -prefsHandle 5048 -prefMapHandle 5044 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2596b08-3c12-4947-b35f-23b7831b0695} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 5052 111a3415f58 tab
                    2⤵
                      PID:1812
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.8.1503284931\1323321857" -childID 7 -isForBrowser -prefsHandle 4640 -prefMapHandle 4648 -prefsLen 27020 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2aa65cf4-2339-4f87-9651-02ea63f2f695} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 3472 111a4c45458 tab
                      2⤵
                        PID:4448
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.9.1685615000\1369701545" -childID 8 -isForBrowser -prefsHandle 3912 -prefMapHandle 3572 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03822769-7cd6-4655-ba01-1b7197316eef} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 4088 1119045fe58 tab
                        2⤵
                          PID:3868
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.10.1988449681\1880339818" -childID 9 -isForBrowser -prefsHandle 3868 -prefMapHandle 3912 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cf7e57b-7b8a-4ec9-964c-274f31bd7ec7} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 3592 11190471058 tab
                          2⤵
                            PID:560
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.11.1870031014\1621248885" -childID 10 -isForBrowser -prefsHandle 4488 -prefMapHandle 4636 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40a69a33-425c-4284-afea-1862fd0a8cf0} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 5056 111a3413558 tab
                            2⤵
                              PID:1288

                          Network

                          MITRE ATT&CK Enterprise v6

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
                            Filesize

                            150KB

                            MD5

                            5a280c68961cd3b3714deafe5840a2d1

                            SHA1

                            d6270fc5720c3b0d0d0a9e66ae959e58accf2903

                            SHA256

                            845e922a3485ef6a8962ae3f8e6bb18ab443abace1a42cbb1b04eb7411e9c3cf

                            SHA512

                            5495a87f784b653a1c350f7d9f0483af94040384a193c0dd60c235962f392c690e98e860d2fe18222a38697ca2eb4d35652b25ddd2c3b692e8647e2a95abe2e4

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\7023
                            Filesize

                            14KB

                            MD5

                            cead7b8ffec40483cb4cb7511b50c88d

                            SHA1

                            8d7268a7150b50336f0cf5b0990697a4393f455e

                            SHA256

                            42fea93418d4de754cb4521505fd6602065aa8280ca7e6dd6816bb042481f1a3

                            SHA512

                            c335ad90a088308e0c0ae24c3cf312fbd55ae47b3529e55146598acbfb3661c92d2c62a78b6a0dfdfeb34746003980b9220fcb6522eeb521e6d82682901e0031

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            b1635c8a89aa2d71bc6f9187c552e737

                            SHA1

                            3204ccd7032e4fb370d2fdbea6bf564614ea904b

                            SHA256

                            59046693ea2affeaaf023ddbe73d21111e93f48fc957d4aba078e1917369b0f7

                            SHA512

                            39d0dd852688a559cb39213d970b1afb28ec48f5439d45b5e168f5d05200a6bdbd2b722172d985b432442f57c7fd3ad50894d8ab3e29d7d64f9f140def6f9e8a

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            990bbe8186ebc84984ac849b15584d6c

                            SHA1

                            7f9c1f0a509b6f5404e89e8e383a02a7ecbdd78b

                            SHA256

                            20350856180c57430185b1aa71fb5896a688a31bbffbf3222bf3c61da6a0e2ab

                            SHA512

                            24bffa7e6f2e619eba0e64eb77d3ce095e32b7010ae2b8144c7a3a215966f811b1b357a72200c35dd4a1f21017cf3188e4b60c21b240b8de919c263b8eb1c2b9

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            40d973848c5c5a4ffa32c1675bbb01b9

                            SHA1

                            8e4f5c2a27803cf9d82df8080b64218f235faf06

                            SHA256

                            f9829983df5ceca5124d26f349b82b6410bd5559f68d2e9294b1ac668a129011

                            SHA512

                            8d9d4334b9157d162a41e35edaf951166e12bd6069ef209abadc82d8a9bc5cc900a99260564143a4f95955a50af6bf03e3f3ff92981de4f9cd01212c2e512c36

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                            Filesize

                            7KB

                            MD5

                            d935fe35c29ac82db9118ba564566ad5

                            SHA1

                            0737331c3384e43c818ad336cc101aba8a01ca57

                            SHA256

                            09a5b7ae100db7d1dfa410cda1fc9a090dfc722536edfef36344d35adc499cfa

                            SHA512

                            f675662f8e3d8187514ff8f4ca811671032cc748391ac139827e9d09ef8a6a6895deb012a7cb3afd550db0724122dd257fbd1b16cf2e33efe8f6aac247ff4d24

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            feb8a52858c8167a58f36caa1b37f116

                            SHA1

                            7ae7f9d2721ae3c579f9e18e4fea679e8c848158

                            SHA256

                            adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

                            SHA512

                            109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            1KB

                            MD5

                            fddf76b1102f7571dc69726ca62e0cbf

                            SHA1

                            da981875214a5f796d696914d36968d9cf82285e

                            SHA256

                            e86911934ae8629c911fa20e85e863887c2fdd00667f514da66c400d74b7916b

                            SHA512

                            6d390fce684e25b951cfd26f608e6d8b78fe73ce9a86211de4ed74fabbd5865f05b667e7319b6b874e8305ee46f988e51f3c8565d8f905b254235535f714b04c

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            1KB

                            MD5

                            af77bd9c951b0948b22ee5ad9eaa32bb

                            SHA1

                            f50f1053256edf2bbbe0691274779163c730337f

                            SHA256

                            3097b6fe566dcfce102387b4eb3e56ede1decc61f7229053a9b297cb743ff933

                            SHA512

                            01fd1068bd6d732ac4500803f525f5dd9db5d723b4e38d1a25f53aa25b4b10e1820f7b8c98316ead8e4680af75b848290da88affc1bdd4c79bcbdd2fe9460537

                            Download Submit