Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://bitdefenderl...

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/04/2023, 17:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://bitdefenderlogin-1317634057.cos.ap-beijing-fsi.myqcloud.com/bitdefenderlogin.html

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://bitdefenderlogin-1317634057.cos.ap-beijing-fsi.myqcloud.com/bitdefenderlogin.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4764
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4764 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:772
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1620
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.0.1912447643\1140651459" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24cd50be-84a6-4a76-9650-6135feefa4ea} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 1940 1c741717d58 gpu
        3⤵
          PID:3636
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.1.569578698\457700988" -parentBuildID 20221007134813 -prefsHandle 2312 -prefMapHandle 2308 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c798bf76-246e-40a1-87c4-a39d8858ae89} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 2324 1c73376fb58 socket
          3⤵
            PID:2952
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.2.794967716\1974083050" -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2860 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {458efbcf-a9c4-4673-ba7b-89f38fcaa217} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 2940 1c744430e58 tab
            3⤵
              PID:4836
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.3.1878788169\86306614" -childID 2 -isForBrowser -prefsHandle 3236 -prefMapHandle 1228 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68b16561-b221-4923-8911-5da86fe8ca49} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 1436 1c73375f858 tab
              3⤵
                PID:2632
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.4.1194867596\1901688334" -childID 3 -isForBrowser -prefsHandle 3948 -prefMapHandle 3944 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3401405-e044-4029-9d1b-f2b96398b065} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 3952 1c743214858 tab
                3⤵
                  PID:4812
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.5.1356458818\190914174" -childID 4 -isForBrowser -prefsHandle 4984 -prefMapHandle 5060 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c337090c-5b4d-4684-805f-9436555dad33} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 4912 1c74436fe58 tab
                  3⤵
                    PID:4088
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.7.430242910\1193453935" -childID 6 -isForBrowser -prefsHandle 5332 -prefMapHandle 5336 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {913b0128-0501-4b80-8e7e-c993f304f717} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 5324 1c746aedf58 tab
                    3⤵
                      PID:5060
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.6.1474605777\63479211" -childID 5 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d2179cb-6c68-4a8a-85b3-27288da46527} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 5124 1c746aa0f58 tab
                      3⤵
                        PID:4864
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.8.1191165530\1023916533" -childID 7 -isForBrowser -prefsHandle 4948 -prefMapHandle 4876 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb975df8-65a4-4241-939a-2708ca8e5545} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 4952 1c74843c258 tab
                        3⤵
                          PID:3704

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                      Filesize

                      471B

                      MD5

                      0d3a327012d745be5460b16b2ad84a14

                      SHA1

                      4d2ba2c84274a0b849205ae02126b2b4f20081d9

                      SHA256

                      ce02f3c64f276f89f05554bd0e91388b26e2107c5c7c658c7a09a2f0937156fa

                      SHA512

                      13af8edd9dcd9878e4fcc33d375718cd340861098cf0f519139891d9709b733167ce4ee39ef9a9527e732a4d32376b537a65b3c307b1008a60e565697b3a1b74

                      Download Submit

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                      Filesize

                      434B

                      MD5

                      9dee9cb0727fdd5acb6b2f95b82ba0ef

                      SHA1

                      f9bf89f7761b2749d3137cbcb2b63e0706674b5a

                      SHA256

                      4ec01800432dac8e08064a08c803ab0cf2981a13916994d256ab3520ffcf1d3b

                      SHA512

                      415d810b4b7f1a937a658dadd8bf5ab712e1a30b63be8eec8c1c8b7a1dede484768b1dfc6061a6b06c9dd2206bacc27f9ffc7c0d8b26a44882ac65abd080d92d

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\bootstrap.min[1].js
                      Filesize

                      49KB

                      MD5

                      67176c242e1bdc20603c878dee836df3

                      SHA1

                      27a71b00383d61ef3c489326b3564d698fc1227c

                      SHA256

                      56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

                      SHA512

                      9fa75814e1b9f7db38fe61a503a13e60b82d83db8f4ce30351bd08a6b48c0d854baf472d891af23c443c8293380c2325c7b3361b708af9971aa0ea09a25cdd0a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\jquery-3.2.1.slim.min[1].js
                      Filesize

                      67KB

                      MD5

                      5f48fc77cac90c4778fa24ec9c57f37d

                      SHA1

                      9e89d1515bc4c371b86f4cb1002fd8e377c1829f

                      SHA256

                      9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

                      SHA512

                      cab8c4afa1d8e3a8b7856ee29ae92566d44ceead70c8d533f2c98a976d77d0e1d314719b5c6a473789d8c6b21ebb4b89a6b0ec2e1c9c618fb1437ebc77d3a269

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\bootstrap.min[1].js
                      Filesize

                      1.1MB

                      MD5

                      a9943ee67b40e36052617594d135c4d2

                      SHA1

                      b048b47304ead262a18ce30ff38c18552ff29ec8

                      SHA256

                      84189f8750aa9cc475a1418ace09a5774f92f7ac32d7c15a4de39e95186390e9

                      SHA512

                      8f51721e02e8de1ec43b94b99b9dd4e50996a8e8f9284858857e340f4111e9dab546f972ba607def1cb9bb49343c3d952917712bf066f77e318d9465720224f2

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\popper.min[1].js
                      Filesize

                      18KB

                      MD5

                      70d3fda195602fe8b75e0097eed74dde

                      SHA1

                      c3b977aa4b8dfb69d651e07015031d385ded964b

                      SHA256

                      a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

                      SHA512

                      51affb5a8cfd2f93b473007f6987b19a0a1a0fb970ddd59ef45bd77a355d82abbbd60468837a09823496411e797f05b1f962ae93c725ed4c00d514ba40269d14

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\jquery.min[1].js
                      Filesize

                      83KB

                      MD5

                      2f6b11a7e914718e0290410e85366fe9

                      SHA1

                      69bb69e25ca7d5ef0935317584e6153f3fd9a88c

                      SHA256

                      05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

                      SHA512

                      0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\bootstrap.min[1].js
                      Filesize

                      47KB

                      MD5

                      14d449eb8876fa55e1ef3c2cc52b0c17

                      SHA1

                      a9545831803b1359cfeed47e3b4d6bae68e40e99

                      SHA256

                      e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

                      SHA512

                      00d9069b9bd29ad0daa0503f341d67549cce28e888e1affd1a2a45b64a4c1bc460d81cfc4751857f991f2f4fb3d2572fd97fca651ba0c2b0255530209b182f22

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\suggestions[1].en-US
                      Filesize

                      17KB

                      MD5

                      5a34cb996293fde2cb7a4ac89587393a

                      SHA1

                      3c96c993500690d1a77873cd62bc639b3a10653f

                      SHA256

                      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                      SHA512

                      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      137KB

                      MD5

                      c07ef25e8e1cc4a54bba4b0fe0d1bc21

                      SHA1

                      6cee7fdc40e4852941260494fd890d192d409227

                      SHA256

                      7b65c064ce4785a0eb7566a0e73a91576223942b149607646e1b2bdfefa84086

                      SHA512

                      3f6396a0b3aa2ec50686bd8435b26aa3d3b059d75fa2941fe5f5c883b7216ffd825a6848b72e8b6760a6a22dac147998fb7a42f8075b86faff84f5cd4fbb46fa

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\CD9CD02064A90FD886A56EC209BC0587592E87B6
                      Filesize

                      29KB

                      MD5

                      59a470cfd2620134cdde5d4f02511bd4

                      SHA1

                      b2cc5a74ee2587516373cb4071bcea4f7ce72fa4

                      SHA256

                      7c403d9fd11bbc647fae1858b7c0802d195322b6ce3c84de95b4b91944e8d08e

                      SHA512

                      9a8ab734370c8d1f8694f5b9e3d75c55d84cc9536afedbf47fb06ee170c39acfa04366ad32e2d2e55436867468aec9e30683a227e45ccba7d4f5c03d111abd7e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      a82d197df478edbb84b0041f08d4a204

                      SHA1

                      cbbfb81fe01fd3f430396e2ef78ad56c1ae41cf5

                      SHA256

                      9c73a734d0ec66508200df10800625a3964bf0341191eacbdea4b955318aa381

                      SHA512

                      a02651c079ed1c06de16aa1d7f6e05c4e2765edab74dbf13846ac9572e0bbede7db47804049678bdc3b9aa5ed859f718078a40bbdea57ed7f7652e848a0f776b

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      66497b550b9faa01336608ee4f61b5b0

                      SHA1

                      f68314e02ace6d1e75a1fb22c5d92ba4b7fbfcc1

                      SHA256

                      6f9446d53ce0fd85072aec29022cda2d43ce6b241a20c33dce143d1ac2cc897c

                      SHA512

                      4c7995df0841ba18da5009237a800334ed847c5a0964f4d322ba398b44108879030abc5d4d4a9a6391da77524334de29b9d6b34a752ff078c3ed2f892f64d608

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      7684f15ad5703569001c229a5df6029b

                      SHA1

                      834b9316b1bda27ed513674ff2a5407035418505

                      SHA256

                      c7f0afc166fec97b97acfeb304450cdc066e36fa989b9f04e69651512e3a782d

                      SHA512

                      78adc70ae4f195fa6a02b2f3e92b2b031199aca7848987936a21a07e2c75b9d2160b5bf648b0224239d21e285a2f3ab3d7f925192e2ec014334fdc4c668b0715

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      d795b1b5cd451d537aeb2469b762812d

                      SHA1

                      76f014d03acea53a77c25c0fe70ce46b3485667b

                      SHA256

                      6e633bdc3d1a3122dff3e65b8b25da1b58fad19387f61363ee5d466fff3cd4a4

                      SHA512

                      19e72bb85926b21ad33f2b25878b116cd136dca12b9250658d13fb424df3167e646a51f399f4b99c4591ac89f1284a7aece52e9d3bb2124ef8414627ae77d9b7

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      3595f0c6f07998b7331973b3ed0d6d6e

                      SHA1

                      3c7262f95984220444cc9932327afd4b92e22910

                      SHA256

                      2e96a50f21461b74d7806d7eaa01edd4e97bc9117021ad5effe8bcff3879938e

                      SHA512

                      f5102de8232e509038f8c55985d3985e68c87786c9a717cf448115e5f0f32225099417c34bd19596395f23f20358d5072843c8057d89bab4f41d76f2eee2f488

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                      Filesize

                      8KB

                      MD5

                      335d954e44ff3ddd299129e274b9fb8f

                      SHA1

                      8443ba68ef022d295288e915da8ad5809b37ffc7

                      SHA256

                      b8db2263b0be0e440db1667816690c202139f1a0df1efcc953f4ff5fae043a08

                      SHA512

                      5e71d897d39344e6d22949e3bde97711757c4cc8ae5634dc534f3eafce06e5abb86994f18267843fc3acf1f3485f34c8928e5ca9af0c1d4d3b4adddcf01f72fa

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      a06ea38b5821d615b31519c0add8a523

                      SHA1

                      f33ce69208c8b211dd512c5faf5579124d6424a4

                      SHA256

                      7222a0843865628dc729666d5b2a6803aea5586aadfa3ef0c22164417b80e82e

                      SHA512

                      f7151854919ec301c40c562055e64e649aa5bac4f1569bc384a062f10ef251d9b81d7ab7c79ecfbe4b91a38e4cc55c230371453cd4b71b32606278bcbe02e40a

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      207077fed406e49d74fa19116d2712aa

                      SHA1

                      3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

                      SHA256

                      b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

                      SHA512

                      0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      41114c2120c404063a5087fc03484e3b

                      SHA1

                      8f818f6faeff96733c9d8be601cb3e956d5bcb96

                      SHA256

                      bf5d932670e589fcd21736faf6cd4728b3106b1beb5d9d3e272b6d99989b4dba

                      SHA512

                      0b5e0ec592033de1912ef528225ff94ac11596df9f16902300b1b635a155cd9b1cf7f4c972f74b6cec205a9e3000c6ef4b54a0db5a9a5f9cdf4a2ce3fa5fa11d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      b2dd4900100e837f0320919db2d673ea

                      SHA1

                      a73c91845d6bbc55c13d622fb36dc02c8d2430fe

                      SHA256

                      f8bfd24bb68eccca906c93df94bbf4f58761b420927bbd2f49159afcd882a592

                      SHA512

                      7e38e906cd6cc54cc0c59382f860af60ed861e4a67356837b83f45265daeda28ca439547ce237ecd73b6f5c54569e5437a07a2ea63ce01d436b4b5d7f7f0290b

                      Download Submit