Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://io1.nl/cURj....

windows10-1703-x64

1

Resubmissions

09/05/2023, 11:44

230509-nwh17she7x 7

09/05/2023, 07:56

230509-js3tzseh34 1

Analysis

  • max time kernel
    109s
  • max time network
    108s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09/05/2023, 07:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://io1.nl/cURj.zO.gr

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://io1.nl/cURj.zO.gr
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4228
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://io1.nl/cURj.zO.gr
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4240
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4240.0.2043496547\1931549486" -parentBuildID 20221007134813 -prefsHandle 1652 -prefMapHandle 1628 -prefsLen 20810 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b2cc9d4-8354-4aad-b008-cb404ebe20fa} 4240 "\\.\pipe\gecko-crash-server-pipe.4240" 1732 1ece1517558 gpu
        3⤵
          PID:3936
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4240.1.941668075\990811921" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 21671 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33471b42-e7ff-4170-be61-458a328d3b19} 4240 "\\.\pipe\gecko-crash-server-pipe.4240" 2184 1ecdf942558 socket
          3⤵
            PID:3000
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4240.2.410558161\205087337" -childID 1 -isForBrowser -prefsHandle 2804 -prefMapHandle 2820 -prefsLen 21754 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b48d88f1-f55e-4dcf-9ca6-7cb5e6301476} 4240 "\\.\pipe\gecko-crash-server-pipe.4240" 2968 1ece4435258 tab
            3⤵
              PID:4456
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4240.3.1469521465\1190207604" -childID 2 -isForBrowser -prefsHandle 3728 -prefMapHandle 3724 -prefsLen 26484 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e605259b-1fa0-4a06-86ce-94cafc429212} 4240 "\\.\pipe\gecko-crash-server-pipe.4240" 3740 1ece541f858 tab
              3⤵
                PID:4800
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4240.4.1822919971\25353618" -childID 3 -isForBrowser -prefsHandle 4748 -prefMapHandle 4744 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86a6ebaf-292b-4bfe-8332-c38c18d1a3aa} 4240 "\\.\pipe\gecko-crash-server-pipe.4240" 4692 1ece63f3758 tab
                3⤵
                  PID:1116
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4240.6.1052399465\547411259" -childID 5 -isForBrowser -prefsHandle 4840 -prefMapHandle 5048 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c45f5958-87c3-4846-9d41-80fcb13d5078} 4240 "\\.\pipe\gecko-crash-server-pipe.4240" 4956 1ece63f5258 tab
                  3⤵
                    PID:616
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4240.5.2052072567\1620664873" -childID 4 -isForBrowser -prefsHandle 4764 -prefMapHandle 4760 -prefsLen 26543 -prefMapSize 232645 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04a5bee0-d04e-44a0-aff2-7c1d40f28617} 4240 "\\.\pipe\gecko-crash-server-pipe.4240" 4840 1ece63f4358 tab
                    3⤵
                      PID:1068

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oqpbz544.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  144KB

                  MD5

                  2841488aabbe17d92b728528a894db8e

                  SHA1

                  64a25fdf6e5a11867bb68230f8ce36d9f26b8dfb

                  SHA256

                  5bb1ecbb90e5c81a9a82cb802ff89be9fc8ced275f2249e73571d6cc9f1d0257

                  SHA512

                  04441e2f87e73fca49871ed0c342448e753f22b11f4259c1aabc8695f7ad43a592bf4c834ab80e657fa9089f2548cdca6fcb96e950b95293cbb370072f1eadcd

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  cdb5a91b7898f75f98e448e80b41dba6

                  SHA1

                  c749651f98e32a2320d2e52fd467fd6217660535

                  SHA256

                  ed56bd19352777293cf7195af0fe1412d52e25af6a9a8e2bb04e3e32056556dc

                  SHA512

                  b99bca03a398f7e068691852106fe03a90489d1e8230720749c25703e59874765ef706e9e27c9215251372efee84d9c9d0eb636a54e45035d5d2095304fee97b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  b070498ca6ffa3adfddd4a581662717a

                  SHA1

                  44fd8220b4f09a52c1d78d97e0db9c084ec8373f

                  SHA256

                  d06d0319a6ccb8c633653c890a54af5a43664081739702c89f3451d2636f8e14

                  SHA512

                  6ed9f1d2c86a718e9a227f594a42af90c679a1180fe91e77420500cd52dc05fa67365e2418cea719d33ccfe565d24184c091b9361eab1af3f59c29c1c955f242

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  85b2449241705df35b6e11ee03947c9d

                  SHA1

                  edd27443388721dfd0ead7e554b1dc7e145b5821

                  SHA256

                  1bd730926d2fc01616c798424868a080d39a39cfbfde9a1bab737bde11f3ea70

                  SHA512

                  37f5c90ce1861b3a94e1c8bb3beebd4bc347787e30c59a014866b8c9470fa5e98e1aa5520b0e3b7a08ba66da8e2aa3d74c7be9cb8b98898fb869b8292a4012f9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  bdeb075204e9fc219621b8de9e8d2a56

                  SHA1

                  88571b3073c9dbbceb4ecbb29a9600bfa264245d

                  SHA256

                  4ba399c68a3f9bfea37fa7d824050b31e0b6d1f44ba03486b5e828ba9e19fec0

                  SHA512

                  f1627bd89bd1b75323642586762c430655f9278700452b06a0ef81dd16a3325ed0ccb6b6a97bc02d8605caa1d02cd07bbef8752ae899f08a22fcec2a522f46cd

                  Download Submit