Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

goal-the-c...1-0.js

windows7-x64

1

goal-the-c...1-0.js

windows10-2004-x64

1

Analysis

  • max time kernel
    29s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/04/2023, 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    goal-the-club-manager-trainer-v1-0.js

  • Size

    22KB

  • MD5

    9b658b475f912b47b6edb00138ae7d32

  • SHA1

    60b494446e5a5134a0d9712814cb5a0d0124e1ce

  • SHA256

    de469eabd88ed3ca8595a2b14ec7d3deed3cb99ba433c69daebf9115b26a482e

  • SHA512

    6a16b566cb50407fad68ca5207052d10a61630a0a7f1601ae4cfe2d582d36e90fa65aed666917ff451933c37ef8747685b32e7517fc06f74dfdf7c2048a8b61c

  • SSDEEP

    384:SxAvxjNR08UTF/E4TaMCKz6Hf4AMGn6S3yNVnm8IZFVbrmPxuZ9PXoPqHHdB:S6vBNm8UTm4Rw8StVbrmJuZ9APqHHdB

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\goal-the-club-manager-trainer-v1-0.js
    1⤵
      PID:3304
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1880
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2296
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.0.1735931812\175464615" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {baf8ec6c-fdae-4d62-804b-458a4f31bd53} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 1916 1fafe618058 gpu
          3⤵
            PID:2980
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.1.1345442562\1266828486" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecb93309-4a5e-4482-bc58-c4070e637091} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 2316 1faf066f858 socket
            3⤵
              PID:3804
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.2.1511919894\2048876399" -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 3028 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29433265-382d-4665-b4b7-d0c5ef43a6ba} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 3104 1fa81df5558 tab
              3⤵
                PID:2616
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.3.367444883\1329505871" -childID 2 -isForBrowser -prefsHandle 2348 -prefMapHandle 2360 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef7db108-fee1-42d7-a2f0-518534356423} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 1208 1fa80aac558 tab
                3⤵
                  PID:4612
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.4.978292969\348541006" -childID 3 -isForBrowser -prefsHandle 4116 -prefMapHandle 4112 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51c5d629-c104-4bc7-ba50-1c1b9dfd409b} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 4128 1fa83276b58 tab
                  3⤵
                    PID:5008
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.5.1085680345\143561901" -childID 4 -isForBrowser -prefsHandle 2992 -prefMapHandle 4716 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db60839b-2ffa-41b9-a57d-1f6f825b2c67} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 5072 1fa84293258 tab
                    3⤵
                      PID:4916
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.7.1732034202\1828069254" -childID 6 -isForBrowser -prefsHandle 5332 -prefMapHandle 5336 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4493645-3061-44db-b6d3-702fa0fd6ed5} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 5324 1fa84b58b58 tab
                      3⤵
                        PID:1772
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.6.690744982\1798512777" -childID 5 -isForBrowser -prefsHandle 5144 -prefMapHandle 5148 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5375a2ec-82f1-4d99-8997-10d6f3f30073} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 5136 1fa84b55858 tab
                        3⤵
                          PID:2744

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      151KB

                      MD5

                      8502927fdcacd3fae4cf27bc7579ab81

                      SHA1

                      8e87d57cf632556ca94fbe5ecbc1597ca25890dd

                      SHA256

                      4c7bc196fc921248d60a3aaf5ebb96af580e477622adf9d40a882d7ac725c2c6

                      SHA512

                      e5f2f88e8d872147751cdb4fc7931c448712bd2b87035244f3adf2ff9bf5b1e3358d70df7f3b3072252d9fd6250cfaddd648e3a96509f837b9d6fc9a685dcfe9

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      0ed6dae6683607c0c30ec3c1d702fe6c

                      SHA1

                      57f2b81f717fddfa74d38abad1a323fa4d7c4ca7

                      SHA256

                      4cc7f346f9565c8ed0bf9cb91dda22a8b4a09d9349f8852fd8e2ccf47650ef9e

                      SHA512

                      dfa02cc99d5bfe537ddd5a29dfc7484569d31fc76e46e20bef4257848961144c1982551d2318782bf0cee5d79b9539551812d8c20083636d07d56bc0e6ba6f5b

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      207077fed406e49d74fa19116d2712aa

                      SHA1

                      3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

                      SHA256

                      b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

                      SHA512

                      0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

                      Download Submit