Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

URLScan

urlscan

http://cf-ray: 7ba7b...

windows10-1703-x64

1

http://cf-ray: 7ba7b...

windows7-x64

1

http://cf-ray: 7ba7b...

windows10-2004-x64

1

http://cf-ray: 7ba7b...

android-10-x64

1

http://cf-ray: 7ba7b...

android-11-x64

7

http://cf-ray: 7ba7b...

android-9-x86

1

http://cf-ray: 7ba7b...

macos-10.15-amd64

1

http://cf-ray: 7ba7b...

debian-9-armhf

http://cf-ray: 7ba7b...

ubuntu-18.04-amd64

Resubmissions

19/04/2023, 20:31

230419-zaxg9afb6x 7

19/04/2023, 20:17

230419-y2sgyadc26 1

19/04/2023, 19:58

230419-yp65kadb39 1

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2023, 20:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://cf-ray: 7ba7b66d69ea997a-FRA

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "http://cf-ray: 7ba7b66d69ea997a-FRA"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5052
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" "http://cf-ray: 7ba7b66d69ea997a-FRA"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:488
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.0.862241853\469116496" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2904e70e-cb0b-4d42-ab1b-ee12d30a8f6c} 488 "\\.\pipe\gecko-crash-server-pipe.488" 1900 20ac19a7158 gpu
        3⤵
          PID:4404
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.1.928218641\579552599" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2252 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {301cf69f-23de-4050-842e-37005d9da0c0} 488 "\\.\pipe\gecko-crash-server-pipe.488" 2300 20ab3972b58 socket
          3⤵
            PID:892
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.2.463249349\1588550461" -childID 1 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5af5d152-687c-477b-95c9-78eab6cb7261} 488 "\\.\pipe\gecko-crash-server-pipe.488" 3196 20ac0992c58 tab
            3⤵
              PID:3952
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.3.483574158\1988677798" -childID 2 -isForBrowser -prefsHandle 2300 -prefMapHandle 1464 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31dc9150-5dfb-4eea-b08c-193f16bc82cd} 488 "\\.\pipe\gecko-crash-server-pipe.488" 1204 20ab3971658 tab
              3⤵
                PID:3208
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.4.1245203737\429470346" -childID 3 -isForBrowser -prefsHandle 4120 -prefMapHandle 4116 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3bdbdc9-7a9e-4cbc-b4a3-93be5957c94d} 488 "\\.\pipe\gecko-crash-server-pipe.488" 4132 20ac5860458 tab
                3⤵
                  PID:3824
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.7.2055178347\178896169" -childID 6 -isForBrowser -prefsHandle 5296 -prefMapHandle 5300 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac431cd4-036b-4441-8f25-37444e1324f3} 488 "\\.\pipe\gecko-crash-server-pipe.488" 5288 20ac6ecb158 tab
                  3⤵
                    PID:3996
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.6.1521953658\1252736258" -childID 5 -isForBrowser -prefsHandle 4620 -prefMapHandle 4664 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09bb6deb-8756-4771-b402-63e801649cba} 488 "\\.\pipe\gecko-crash-server-pipe.488" 5032 20ac6eca858 tab
                    3⤵
                      PID:1052
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="488.5.536161084\1805556701" -childID 4 -isForBrowser -prefsHandle 4952 -prefMapHandle 5004 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bb038fd-0eb4-4cbb-90d9-aff735700fde} 488 "\\.\pipe\gecko-crash-server-pipe.488" 5008 20ac6ca0058 tab
                      3⤵
                        PID:2116

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    162KB

                    MD5

                    399d4db736d3aba8a8503441e05f74bf

                    SHA1

                    f4050b08713bca5f00e173f423780c86042f5f25

                    SHA256

                    36ca698a23b9788c651ebad5fc180eea12badd7df358c9b1579aaabd08481438

                    SHA512

                    db6c9d3136b5c450bd2d217e7096ba4e5a4acba1905edc8e303ec2049a685fd82d1cf15910356fe5c2a45d6b4044856635e12339cd57d1e65ac1371c55fbb8b8

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    ebc71976633c6992db04f2837b2617bb

                    SHA1

                    f1850ed56111823e3c14eb73e9f25f3a6f6a0c46

                    SHA256

                    6f311a38284d24e6f764dfe44daf1f8517341e3e6a4f59c4531d46f448349957

                    SHA512

                    a407ef53ec3e6c48e6d4941c5c95e2468ec7d7843b7ccbbfdb2743399a418e334a81dad68251088e7bfcd2e988eda7c210af2c39646917608a7980349c357731

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    02d20176c0a17befba7babaf4c51efa1

                    SHA1

                    6151c1ac0328364f198b4344ef154a40f44e9c8e

                    SHA256

                    2dfc3cf078a3ff5f05fe1883bdb7128923a49a7bbf89685c34e9d538d726b924

                    SHA512

                    1d4b690a513f0a457d84d0b25a7c4d7fa30cd93889d4ec76922d7e5c09cf09a930b27a136581547fa2c68a408ffb04f823c87be7d7bfdae0e7f788d58ef1f43e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    0c12bb1a2d24beb5b18718ba09a45f6a

                    SHA1

                    6a0e77cc41baa9b4ea30edcec14f7a2941f2177e

                    SHA256

                    39d9252ee60fe287c58c81856add647688931bbb3f70af1ce8042ae33470f04d

                    SHA512

                    e61f9e65e230275e21492ad9c6b6a16b4275e4b994288746f5ae53a7aef8f89737109daaba708833a9adfc50773de0b60c335def78692c2a903ae12096c11ab1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    fcb41e7940056ad57798100a05800701

                    SHA1

                    5ca37f2567cca1fe11a56bda1204285a4d9c4d80

                    SHA256

                    51fbe163c80315785463503f55f48e93971523332bf5e766da325eaf731ae11e

                    SHA512

                    f282cc9a20fbda6df8405a486d1a7a1a07a516eb0f650d12258fda064a202bb4b075b176b7cb28787cb6a3f11f8357c36c0fe952065454cc1943d7b21b709bb3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    207077fed406e49d74fa19116d2712aa

                    SHA1

                    3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

                    SHA256

                    b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

                    SHA512

                    0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    8977340113872cc85662496157165015

                    SHA1

                    ee6154f527d8377b461ed48f6e9adc45d4955c25

                    SHA256

                    49bec1f39e3f6c2f1e6647d8829671a6a8b0a42278eae39866ec7cffdb993b18

                    SHA512

                    934f4e29b0a9c4ede63ecb765177f53efdf06f6dc6837fd4478ddd09bbbd63c9070bc648331361088c415e0d4f3f3ea2352f77f7866a9cbd7d9151eb3466a378

                    Download Submit