Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://instagram.com

windows10-2004-x64

1

Resubmissions

24/04/2023, 17:36

230424-v62pmadd94 1

24/04/2023, 17:34

230424-v5ehpsdd78 1

24/04/2023, 17:31

230424-v3pwnafb6z 1

24/04/2023, 17:28

230424-v13dzadd54 1

24/04/2023, 17:25

230424-vzabssfb4w 1

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/04/2023, 17:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://instagram.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://instagram.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1212
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1212 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2992
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3128
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3884
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.0.739154093\562486638" -parentBuildID 20221007134813 -prefsHandle 1824 -prefMapHandle 1832 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62783225-299a-4d6d-a22e-e53f40084523} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 1932 215788ecb58 gpu
        3⤵
          PID:4476
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.1.106284848\2016248145" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c91c74a4-3ab2-463b-9dd2-5e9e5ad36b0c} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 2332 2156b972b58 socket
          3⤵
            PID:5100
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.2.464962054\1158290376" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 3124 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9e62b51-fd5d-4579-a24f-a15abbffd0a7} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 3208 21578867b58 tab
            3⤵
              PID:4904
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.3.1007406187\1006967736" -childID 2 -isForBrowser -prefsHandle 3504 -prefMapHandle 3024 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1340c76f-308c-4251-83d6-c69f6d8671d7} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 1448 2156b964758 tab
              3⤵
                PID:1136
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.4.928704179\1040591416" -childID 3 -isForBrowser -prefsHandle 3936 -prefMapHandle 3944 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d29223fc-f8cc-4c26-86b2-8b4cb8e43344} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 4032 2156b962558 tab
                3⤵
                  PID:2580
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.5.1920375692\327000422" -childID 4 -isForBrowser -prefsHandle 5012 -prefMapHandle 4908 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64277492-6902-4869-80c9-43e949df07b5} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 5084 2157b16e858 tab
                  3⤵
                    PID:3064
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.7.1034144858\54867137" -childID 6 -isForBrowser -prefsHandle 5172 -prefMapHandle 5184 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24355747-c09b-46f9-a237-a6684085767f} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 5432 2157eeea658 tab
                    3⤵
                      PID:1660
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.6.88804669\1157043098" -childID 5 -isForBrowser -prefsHandle 1624 -prefMapHandle 5088 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6033f05-df64-4c2c-b95d-5a0bf001c3b6} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 5004 2157eeebe58 tab
                      3⤵
                        PID:1988
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.8.46432122\2092853896" -childID 7 -isForBrowser -prefsHandle 3360 -prefMapHandle 3380 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15730f2a-a7be-4853-9d2a-fc59526dc7a2} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 5716 2156b96ca58 tab
                        3⤵
                          PID:3724
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.10.787374031\566079592" -childID 9 -isForBrowser -prefsHandle 4688 -prefMapHandle 4856 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78f7bd84-6546-46bc-9180-98201f3a391d} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 4084 21580d04d58 tab
                          3⤵
                            PID:5740
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.9.1149155887\2100121221" -childID 8 -isForBrowser -prefsHandle 3564 -prefMapHandle 4360 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c8dc3a2-1255-4e49-8714-c129bb510b33} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 3580 2157fb18458 tab
                            3⤵
                              PID:3912

                        Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                          Filesize

                          471B

                          MD5

                          d6b67afeb31f0d9bfe232166e8b300c5

                          SHA1

                          6ba1a534d40fea9302591aaee8fb6969bfa28e4b

                          SHA256

                          ab4f8d3ad2a02ad67059703fcb9c7ecd397d9abfce4b4cacdf7ecc11b4e37520

                          SHA512

                          62c9fc6797c263bf33c8f52d5d41ce276b3df2aaed6433d582987a607ae508f5389f86d5d8a63cc5715964623f5be08d5741ddd70a0fe18f0140eb314815c272

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                          Filesize

                          404B

                          MD5

                          3099f4205a401e772bef2523328675e5

                          SHA1

                          90afbd65a3701fbb5d48ecf181a654a89e5d3c41

                          SHA256

                          a72582984b7c3979fcfd575938a543872fc645f09d785175196a7ee6aeb1ae47

                          SHA512

                          14f8c70fea8ec67ea044f3aa72d63fa3b1220bda2167ec884b6a1d4a7bf30a2a24ffa830a48ce0165bafa83ce83d1799b213108cd8c9e288afa24e54359e62fb

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FE58SWSJ\www.instagram[1].xml
                          Filesize

                          101B

                          MD5

                          79feccd885d493591a55181719debaf5

                          SHA1

                          862feb42591902993ef0b775c2bc628bc9027308

                          SHA256

                          c8377196c87cd364d59fabbdbd9848298c7a49bc6ad32daf81d1f27a5585cca0

                          SHA512

                          4ce352d97a6fa3c36b1b9379d3cb48c562c63edb6d48e5228c4eb60ebcfd2d365b505fa0df5e56653386688c7ca434ec4358a23a0b1c6b3ad07fdd43ef0a1193

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\phzg4yt\imagestore.dat
                          Filesize

                          11KB

                          MD5

                          51aa450f5fb1de1ecfe492bbcb8b0668

                          SHA1

                          dc1d4007158ebc6bd12677c8cc6f24858eaf3c43

                          SHA256

                          ce74d8a47e98460745460f357a8891a6481b94c7b806681f91e59716f8fc2b21

                          SHA512

                          511b254e0e42f5c38f60adccc250beffe44ddc5f0891dd269c1f5f899c0971b5293623dc7079d53a35a44c48971c2760372dd2a1d63ff0e778b99086df5a379f

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\lswP1OF1o6P[1].png
                          Filesize

                          11KB

                          MD5

                          112f95bd7a8e11efb6553c5970fec9bc

                          SHA1

                          29eaf460e6741faccf8744dc74d42f911a73d358

                          SHA256

                          4f4c0ebb5150db9096ce3e4edb754966f91c84bc840ea6b9240aa81c9bb5154b

                          SHA512

                          4a2d2cf2ef5a1c1378959bbb3777c08f5a2a71934abfb8183947c36a0e5d723b1d14aad1721c08dd1154d4b757cfb7b57da23a4978ee545f2a5d081afc289757

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\suggestions[1].en-US
                          Filesize

                          17KB

                          MD5

                          5a34cb996293fde2cb7a4ac89587393a

                          SHA1

                          3c96c993500690d1a77873cd62bc639b3a10653f

                          SHA256

                          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                          SHA512

                          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          156KB

                          MD5

                          f1088e1f12aecd36d99ad17ea9979fda

                          SHA1

                          97c54e9ddf894d6697630dce1ece3cf65e759bb6

                          SHA256

                          feef4ad5786103571d3b4e2841cc0ce47b8731bb7d33dd07a0f3e6a471232d12

                          SHA512

                          85752e16f419e43eac4ed516f63a4ae70f2003714438e57343c8a66a7e6366f4a4aff8722aa943725c7d3cf49385cb7ecfb8e5868c7c46d524af62561abfa9ab

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          2a4d89e23966dbec82f8b0849e4440ed

                          SHA1

                          89dda5dfb2c6844a325dd51da1dff7de790aa3c5

                          SHA256

                          3c3101ae44ced7947952324ba5997075e764f036db71ad2037aa57a9727d85a5

                          SHA512

                          4b6bb9ae5f847b74b5072e62487e3ca23a87fea3fe2380e03d0b6c721bde6c7de7fb8c3d880876002d2a79300300221c3b4d6f98ab984d88b69479d9c354e05c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          f2e0bec05012cfc53360a41e30d08def

                          SHA1

                          5f9bf22fa4d3b6850b67a68f8fb634a3a4977ba5

                          SHA256

                          3103edd3b137aaf524a6d6f009d97a95f5590dc6976a6534c18f66053bdf2f13

                          SHA512

                          dc10157cfaff00e09eedcb6a14e7e73c63ccd7ac26a462f838f432dbb2d2134c1d233b763ecc46d57e4742001f4001426e825d63010d50bd8b6ff5b5b5af2abb

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          eb0bb5d0e80ceb77f162625b939ef573

                          SHA1

                          e2a2d40e6b565757eba06e9f2dfca4ce5f859e94

                          SHA256

                          0c53c96970478911f28420586f0255f44a226de0a34ab9c507639acf115bab27

                          SHA512

                          c61e7e136ca28ad0ea0f686c5d369c75a4908350506a2ac5c4512fa879cd2559d0643d787705f49c5634f70afaebbc0c8f8d2cf4fdfba3d6e2512aa62ae4da08

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          d9e7959a82045d94f90214c2e637159c

                          SHA1

                          c4bf45cb9879f86d372913a0243fe40cc6c028b4

                          SHA256

                          37da66921a3f319f9cef10cb14a15ad6c5ad72f9d8d49a77321efd7744c66d0c

                          SHA512

                          37aba7221c63f6909e3f845977ee59f778e9bbe068f9ff0d74e7f24970aac0663b113c33893637c86fec84136e104b8d9149b6964f115cf82bfb6b8b849ed529

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          f73e52d124620d05267ba934f3b312d3

                          SHA1

                          34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30

                          SHA256

                          fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7

                          SHA512

                          4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          7KB

                          MD5

                          7b7ecd9f16a7604b6f0a71e5151470cf

                          SHA1

                          344fe9eb5ff9c99f9c5438a0c161bb591a54097c

                          SHA256

                          b54bbc5d2a2506fae0a2e64fd4e3f9e89364dd3a4f1eaf45a7356a902ae08290

                          SHA512

                          19c36a0c9f8c83ea959f417a22b950433b9a42dadc8b3b4008e3242be265e9ba88d52387f11bd81440d312f368c1567aa2eb869629b767c7deb1b493a798d9c3

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          15KB

                          MD5

                          2d588cc2019a16efca240e9031b9aa1d

                          SHA1

                          6eea96ce1424781571dfe7412aa20550ef056f7a

                          SHA256

                          fdb8f12719777270b81b9e0276eb7be42ec922fa6d49b45d1c3a5246d3ea5f51

                          SHA512

                          4af7f97236c99f65134c50e6db7141718f1cc3d9b7b314a29a1e2f0804ea8058eaabb45b70c2451b0b87bb6ada60fc377437ac4188b50d821b4b943a2f42979b

                          Download Submit