Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

https://www.youtube....

windows10-1703-x64

1

Resubmissions

03/05/2023, 17:56

230503-wjh5fahf6w 1

03/05/2023, 17:54

230503-wg32tshf5w 4

Analysis

  • max time kernel
    470s
  • max time network
    1602s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/05/2023, 17:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbmEyYTdic0psbDY5R2xCNVFGN0p5NS1pS3YtUXxBQ3Jtc0tualY0UUY3WkVyR29RdEY4dmhHRE5DS1MwTmM4SjhvN3gwMXpmVzlsb2xUaUtPQWtlVVRZZ2ljQ2V4akRpaWVMbElHVkVVSGhmSHdqbzJ0eGtLSURtOFFUdUtjWll0MGFFTVd4NzUzT3JFaHl4TGszQQ&q=http%3A%2F%2Flyksoomu.com%2FmO1x&v=YmBhPy4YQ3Q

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 16 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbmEyYTdic0psbDY5R2xCNVFGN0p5NS1pS3YtUXxBQ3Jtc0tualY0UUY3WkVyR29RdEY4dmhHRE5DS1MwTmM4SjhvN3gwMXpmVzlsb2xUaUtPQWtlVVRZZ2ljQ2V4akRpaWVMbElHVkVVSGhmSHdqbzJ0eGtLSURtOFFUdUtjWll0MGFFTVd4NzUzT3JFaHl4TGszQQ&q=http%3A%2F%2Flyksoomu.com%2FmO1x&v=YmBhPy4YQ3Q
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4540
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbmEyYTdic0psbDY5R2xCNVFGN0p5NS1pS3YtUXxBQ3Jtc0tualY0UUY3WkVyR29RdEY4dmhHRE5DS1MwTmM4SjhvN3gwMXpmVzlsb2xUaUtPQWtlVVRZZ2ljQ2V4akRpaWVMbElHVkVVSGhmSHdqbzJ0eGtLSURtOFFUdUtjWll0MGFFTVd4NzUzT3JFaHl4TGszQQ&q=http%3A%2F%2Flyksoomu.com%2FmO1x&v=YmBhPy4YQ3Q
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3972
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.0.253785805\1327261948" -parentBuildID 20221007134813 -prefsHandle 1672 -prefMapHandle 1664 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {177e4d10-e9b8-48b1-813e-aa175291c492} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 1748 1fb2f418558 gpu
        3⤵
          PID:4496
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.1.566174571\850811164" -parentBuildID 20221007134813 -prefsHandle 2188 -prefMapHandle 2184 -prefsLen 21749 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {838fd492-738f-42a0-85ea-f2ee0ba53c49} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 2200 1fb2d83ac58 socket
          3⤵
          • Checks processor information in registry
          PID:3540
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.2.684700106\1024212479" -childID 1 -isForBrowser -prefsHandle 3404 -prefMapHandle 3400 -prefsLen 21832 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db826c94-0619-4103-b9ac-da97ab93db80} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 3164 1fb3242dc58 tab
          3⤵
            PID:4960
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.3.1239882137\1020044907" -childID 2 -isForBrowser -prefsHandle 2928 -prefMapHandle 1520 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8077f6d9-3ca7-4d36-b5b8-204f1dedcfc5} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 2632 1fb336b3858 tab
            3⤵
              PID:4636
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.5.28230223\1239674063" -childID 4 -isForBrowser -prefsHandle 4656 -prefMapHandle 4660 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e987bcdb-0384-4e3a-bf59-f8dc5c8f1b18} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 4740 1fb347dc958 tab
              3⤵
                PID:1684
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.4.783715715\2129645094" -childID 3 -isForBrowser -prefsHandle 3008 -prefMapHandle 4544 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50b1e355-3641-498d-890a-1fba6e531d3b} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 3764 1fb2e305f58 tab
                3⤵
                  PID:2328
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.6.471944288\1750084113" -childID 5 -isForBrowser -prefsHandle 4636 -prefMapHandle 4756 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b0536b1-13cf-47c0-b937-c6da4421a6c0} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 4888 1fb347db758 tab
                  3⤵
                    PID:1732
              • C:\Windows\System32\fontview.exe
                "C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\UninstallDebug.ttc
                1⤵
                  PID:1140
                • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                  "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\UninstallStep.xlsb"
                  1⤵
                  • Checks processor information in registry
                  • Enumerates system info in registry
                  • Suspicious behavior: AddClipboardFormatListener
                  • Suspicious use of SetWindowsHookEx
                  PID:4052
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe"
                  1⤵
                    PID:3412
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe"
                      2⤵
                      • Checks processor information in registry
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      • Suspicious use of SetWindowsHookEx
                      PID:4392
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4392.0.468904878\1553897387" -parentBuildID 20221007134813 -prefsHandle 1580 -prefMapHandle 1572 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8beb87f-dfd5-4cf7-97c1-00fec1bddc7b} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" 1656 22a223f5e58 gpu
                        3⤵
                          PID:2324
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4392.1.188547227\1331607843" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1832 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {310e6864-3c47-48e6-a672-7dbf61ca9546} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" 1848 22a22844258 socket
                          3⤵
                            PID:3008

                      Network

                      MITRE ATT&CK Enterprise v6

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\evlzgz75.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        144KB

                        MD5

                        8a80007b9b831059abd8e883ceba4380

                        SHA1

                        c39737343a9c5d20136155cc677c8c4be89078cf

                        SHA256

                        fee94a44197ea3b1f70db565a187888a204015445179bb36da562956079c0e2f

                        SHA512

                        9c75aef9c37ac7b1f5f527e569a38b94912f9136a73de19e76b9350c13e939c62b8c23ea158f8991d408b55271ac5d9bff52084152a0913992cda70f62425de2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        f843fc3b858888d342076c7199266348

                        SHA1

                        97dea7b7d8486f03cc085ef488fda80fe53515a0

                        SHA256

                        19b6e95d7e0e109333b648d994d42f1f8552467f8f43a4570f84dc5c5e2189a4

                        SHA512

                        9b25cfb2a279bda5827e7d4c3446c75cb5057e7a886e23b7f3eb44d3a2fbb04d19249ff423c821cc41ea7a6d8585fafb0b4f9ae8d54274883250c4a4a1c7c1f7

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionCheckpoints.json.tmp
                        Filesize

                        193B

                        MD5

                        2ad4fe43dc84c6adbdfd90aaba12703f

                        SHA1

                        28a6c7eff625a2da72b932aa00a63c31234f0e7f

                        SHA256

                        ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

                        SHA512

                        2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        6191ac4b2c9e0f6e06511daaf1940d26

                        SHA1

                        8a7d3a56c5b9e949cac4c56f7c6bf414b2f97f7a

                        SHA256

                        e6e4e486991360360fcbc8150b9609f1fe12495ac6c2e927a59fc84fd36684f6

                        SHA512

                        9d3961477f5a667c4c1eac4fb5cfb5eef9d7fc4818e468c3bfbaaeb3328d32978fb2f1cfc99eaf133e62397aae28b6516aa14a90ccdd4435b345b6ae1c7abeba

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        4b18565e2611f07ca7006bcb9b4b08f0

                        SHA1

                        e39625761983573faef995ed3bb207303d004b5f

                        SHA256

                        8a26d75d2b3ab90af98f53b8e8850684ca08ac31d2b440a3531f01e1e1f18b77

                        SHA512

                        f7c4b0cf735a43bc289456ad63c6038fcabde141598b1310637f6f9a8c4a0dc7f12fc1e6160cba069e73596fe24a46f705aa92a7ee3ef1b4262670a667305480

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore.jsonlz4
                        Filesize

                        1KB

                        MD5

                        45fd93d2195ce6231ff2d4ec0e83d275

                        SHA1

                        ca52f36d60aad35f8805b4c9748014f9a9ee54f5

                        SHA256

                        f949a7eedf5447de3b3ecd63da79c90353d0a2e6eb976642f8203aa92674da8b

                        SHA512

                        d34cc32b8dbd7cdd0116e126b913b20d0cca25432106550cf90364107a47eaea52b2fd51861f8f4d078ca8029e946c5cb00017b0d07979e4786a51d4d591b184

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        184KB

                        MD5

                        13f4ea7224417985aabae4a2f59fc2ba

                        SHA1

                        2d20752d98ce84d37a69d349d2c008e302748b59

                        SHA256

                        929688d666a67a627252819b523a1a80c92a092a94b155728b8ae603ec370c4f

                        SHA512

                        0cf9e68368fff17491537a97f62cd1dc0ac9d1d7330cb2ad3f3e252ad973097fd53e416c70e9c0abb7a5cf97ac92e58f364fa96c47c95c071df71aca94dd8501

                        Download Submit

                      • memory/4052-802-0x00007FFE80130000-0x00007FFE80140000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4052-804-0x00007FFE80130000-0x00007FFE80140000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4052-815-0x00007FFE7C790000-0x00007FFE7C7A0000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4052-816-0x00007FFE7C790000-0x00007FFE7C7A0000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4052-803-0x00007FFE80130000-0x00007FFE80140000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4052-1101-0x00007FFE80130000-0x00007FFE80140000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4052-1100-0x00007FFE80130000-0x00007FFE80140000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4052-1099-0x00007FFE80130000-0x00007FFE80140000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4052-1098-0x00007FFE80130000-0x00007FFE80140000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4052-801-0x00007FFE80130000-0x00007FFE80140000-memory.dmp

                        Filesize

                        64KB

                        Download