Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

http://a.academia-as...

windows10-1703-x64

1

http://a.academia-as...

windows10-2004-x64

1

Analysis

  • max time kernel
    21s
  • max time network
    24s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    03/05/2023, 18:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://a.academia-assets.com/images/emails/inky/Academia.Logo.Shadow.png

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" http://a.academia-assets.com/images/emails/inky/Academia.Logo.Shadow.png
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" http://a.academia-assets.com/images/emails/inky/Academia.Logo.Shadow.png
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2020
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2020.0.1780629644\270088040" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1792 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4638279b-7819-4b9a-9e62-11581bf9cb20} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" 1916 201ee118958 gpu
        3⤵
          PID:3368
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2020.1.1706207540\1314364353" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f980e047-5705-4f3b-87b1-3c5be954c89d} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" 2424 201e0171158 socket
          3⤵
            PID:1680
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2020.2.609898119\1335052274" -childID 1 -isForBrowser -prefsHandle 3132 -prefMapHandle 2988 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec74838c-38a6-41d5-a077-b5309a5a964f} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" 3000 201f0ede558 tab
            3⤵
              PID:1476
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2020.3.1419447701\1335570211" -childID 2 -isForBrowser -prefsHandle 4104 -prefMapHandle 4100 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fe3a878-18f2-4f53-84b4-549cff013b34} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" 4116 201f1fbd558 tab
              3⤵
                PID:1504
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2020.4.200194647\1116653427" -childID 3 -isForBrowser -prefsHandle 4876 -prefMapHandle 4872 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cdec4f4-ab74-486b-bcb7-b5c71b42686d} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" 4848 201e0169a58 tab
                3⤵
                  PID:2940
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2020.5.1169278951\1607312052" -childID 4 -isForBrowser -prefsHandle 4888 -prefMapHandle 4884 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26a50bdc-e127-49ee-851e-5c186f53cdf2} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" 4776 201f36b2258 tab
                  3⤵
                    PID:4468
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2020.6.1749122304\773472588" -childID 5 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcb67f4a-1504-4bd5-b20c-c57111916204} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" 5160 201f36b1c58 tab
                    3⤵
                      PID:2532

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  151KB

                  MD5

                  0423df14458e9a8e17a497c75494b5d3

                  SHA1

                  e98fbadee8d91c61a1cd1e40f961a9874bb90d73

                  SHA256

                  b9f752bc1f5c00d7b7df3e54ddb6d96cadb728ed42dfb4e9eb249f9c225326aa

                  SHA512

                  e21ae320d78e08783dc8169031beeddc6a54049859ae8172fb7790cb29fe91111b0b87c9ff4261d72fb649945dde1cfc49ca6037032c4ea2372a2ac44cfebe5a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  5c6b809a71b632eea95d92d4089544c5

                  SHA1

                  388d2c9b94b4ee54b512d799693d548e82c874a0

                  SHA256

                  3933b2d06f9dd778e9a87a1d5d8fc3f9d03559a0ac2564356d0def2eedc089f9

                  SHA512

                  5e35491e43f1816b8b9eaff084e9721ff0f3c8376432fd516d575471bbee40a1edf8d13916b0b382c438d01f06e0edbc21dfce0758b8a96413cb874c801a8ad1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  6f20c2418ab4bc9d0fddcf6b21e98438

                  SHA1

                  62e4dd931928ecb980e7c3b04b057fd870ddeb15

                  SHA256

                  813bfd022e6d6e4bd15478ae27a16ec5d15ed3cbdf7f798acad8b905f6746443

                  SHA512

                  ae9873d69e3d066e95fdebe28742d26d6ffb1a3508c3a97506038239e4ed6e149e63c51ad49cb1387a82dd0a6d4800a37c6427991cba277391885606ec42f2c6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  feb8a52858c8167a58f36caa1b37f116

                  SHA1

                  7ae7f9d2721ae3c579f9e18e4fea679e8c848158

                  SHA256

                  adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

                  SHA512

                  109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

                  Download Submit