Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://aplikacja.ce...

windows10-1703-x64

1

https://aplikacja.ce...

windows10-2004-x64

1

https://aplikacja.ce...

macos-10.15-amd64

1

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/04/2023, 15:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=781025a2-a0c3-4243-9219-97c9e7c3868d&source=versionChange&history=true

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=781025a2-a0c3-4243-9219-97c9e7c3868d&source=versionChange&history=true
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3664
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=781025a2-a0c3-4243-9219-97c9e7c3868d&source=versionChange&history=true
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3672
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.0.958925938\1425435070" -parentBuildID 20221007134813 -prefsHandle 1640 -prefMapHandle 1628 -prefsLen 20810 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39d58f0e-e3d7-4bb9-a131-c3bd4dcdc3eb} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 1732 1dfb69e8858 gpu
        3⤵
          PID:1620
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.1.381163961\1152329809" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 21671 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82ec06c9-10f2-4f03-b537-8c93808d4ed1} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 2184 1dfab47ee58 socket
          3⤵
            PID:1564
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.2.830894125\1460660124" -childID 1 -isForBrowser -prefsHandle 3056 -prefMapHandle 3052 -prefsLen 21754 -prefMapSize 232645 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ecd0ad9-fe26-42db-873d-27c644006516} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 3044 1dfbab0a758 tab
            3⤵
              PID:4480
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.3.1713310641\1874794205" -childID 2 -isForBrowser -prefsHandle 3712 -prefMapHandle 3708 -prefsLen 26484 -prefMapSize 232645 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c096ad10-c216-4375-95fd-97709ff0999a} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 3724 1dfab46e258 tab
              3⤵
                PID:3700
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.4.387462190\600214818" -childID 3 -isForBrowser -prefsHandle 4624 -prefMapHandle 4616 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5938d330-9b9d-4c8f-b30c-8adeafb5dba7} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 4632 1dfbc8b1858 tab
                3⤵
                  PID:420
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.5.785507940\559048428" -childID 4 -isForBrowser -prefsHandle 4740 -prefMapHandle 4744 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6950365e-fa6b-4fcf-95a3-5e0466f33067} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 4732 1dfbc8b1e58 tab
                  3⤵
                    PID:3388
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3672.6.1036048984\1705782187" -childID 5 -isForBrowser -prefsHandle 4932 -prefMapHandle 4936 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {959bfb6a-d6ee-4a8d-b673-6c857c3c5b96} 3672 "\\.\pipe\gecko-crash-server-pipe.3672" 4924 1dfbcc67558 tab
                    3⤵
                      PID:4316

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oqpbz544.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  162KB

                  MD5

                  c3b3a47c3731745c085144c20d48301c

                  SHA1

                  b3855d7fbac27ad630d04d10e5052bac54a899b8

                  SHA256

                  114910c1dae7aacf44aaa5eae727f31e99785968b9a03e4c26b81597fe17b7ea

                  SHA512

                  7594a12f982505a366ec1b73ba527e0b538d5bd6828425f9c124e460d043dd8885de5fc5328ae7124153968a5cc18780b6baef5cc23ea68d0b0486d94be98749

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oqpbz544.default-release\cache2\entries\1828E4E921608758E0564847C9620C67F432FAF6
                  Filesize

                  19KB

                  MD5

                  179a9e83b9d06850d258be8ef8e20d81

                  SHA1

                  7411fce8bebea28bb6181c2b219a9a4254541c45

                  SHA256

                  71befc9d8e80250f7ea7d4bb26247a9ba4a1f79f3fd50c2305c6edbeec5c7af6

                  SHA512

                  8813637f9c7ca952ffc0a9cc73808e17cab6b1adbd913bd828573e9b66d3266c87165ab7eb2db63d779ccc1c0b59c2e1b2d6149bb4b712139f3598971959aac1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  cdb5a91b7898f75f98e448e80b41dba6

                  SHA1

                  c749651f98e32a2320d2e52fd467fd6217660535

                  SHA256

                  ed56bd19352777293cf7195af0fe1412d52e25af6a9a8e2bb04e3e32056556dc

                  SHA512

                  b99bca03a398f7e068691852106fe03a90489d1e8230720749c25703e59874765ef706e9e27c9215251372efee84d9c9d0eb636a54e45035d5d2095304fee97b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  09cccda7073c9b6f51c7f0edfddf5180

                  SHA1

                  e0bbb8bcce12563ad3cd99aff2258c4861fe8e10

                  SHA256

                  07124e9247137b7358ca1b8908e4baccdf41b09439d39c329f95afa471a84047

                  SHA512

                  0c91a2b4e8a9d835ce3f602d03da16d3ce19ea9394e500200835a2d1d3ffa13d568bf042ba2af0f5b299a8791f17e8fd5ff883b737f0800e4facd6d479fc271d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  e6bc2496dab2099835db0d5b73afb124

                  SHA1

                  b2353ed7f969616ff5b799499ccde984ac93ce3c

                  SHA256

                  e6ea8857ce63aa2fdb29e9f62c51c1c73cdcfb91f862ee369af7ab4590e51188

                  SHA512

                  a2497e16f1a476bfb39e7115de51291df448f1e8862d9d497b74ebbba59ffe5a3b98db3e964ee4168ed306e3155bf0f5081eba7b3f55d361bfee430e2967682d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  bdeb075204e9fc219621b8de9e8d2a56

                  SHA1

                  88571b3073c9dbbceb4ecbb29a9600bfa264245d

                  SHA256

                  4ba399c68a3f9bfea37fa7d824050b31e0b6d1f44ba03486b5e828ba9e19fec0

                  SHA512

                  f1627bd89bd1b75323642586762c430655f9278700452b06a0ef81dd16a3325ed0ccb6b6a97bc02d8605caa1d02cd07bbef8752ae899f08a22fcec2a522f46cd

                  Download Submit