Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://capacitacion...

windows10-2004-x64

1

Resubmissions

09/05/2023, 14:30

230509-rvavzsac5s 1

09/05/2023, 14:27

230509-rsmf1agd28 1

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    09/05/2023, 14:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://capacitacionessat.actualizate.biz/login/change_password.php

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://capacitacionessat.actualizate.biz/login/change_password.php
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3552
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://capacitacionessat.actualizate.biz/login/change_password.php
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3504
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3504.0.2075111557\693826769" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1820 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70b25c8a-9f0c-40b1-88ba-7a4d9828a646} 3504 "\\.\pipe\gecko-crash-server-pipe.3504" 1916 1099a819258 gpu
        3⤵
          PID:3988
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3504.1.662003750\1181745580" -parentBuildID 20221007134813 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5f873ac-9938-44e3-a71d-9a434015fb75} 3504 "\\.\pipe\gecko-crash-server-pipe.3504" 2416 1098c971c58 socket
          3⤵
            PID:552
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3504.2.2031251481\655508400" -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 3248 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65d0f03e-00a3-4908-9bb8-548a6eda79b8} 3504 "\\.\pipe\gecko-crash-server-pipe.3504" 3260 1099d716758 tab
            3⤵
              PID:4404
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3504.3.1406131823\1755901935" -childID 2 -isForBrowser -prefsHandle 4028 -prefMapHandle 4024 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da2d05e2-f3b5-41c4-80c2-6f613decfe14} 3504 "\\.\pipe\gecko-crash-server-pipe.3504" 4048 1098c961958 tab
              3⤵
                PID:736
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3504.4.677537909\362250784" -childID 3 -isForBrowser -prefsHandle 4720 -prefMapHandle 4172 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b5a9615-3297-4275-ba97-da1e07a4cad8} 3504 "\\.\pipe\gecko-crash-server-pipe.3504" 4708 1099f2b7858 tab
                3⤵
                  PID:992
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3504.6.1606251094\718784795" -childID 5 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {197f49e0-0b07-425b-921e-5cff833a347b} 3504 "\\.\pipe\gecko-crash-server-pipe.3504" 4944 1099fcccb58 tab
                  3⤵
                    PID:1528
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3504.5.1678910770\1583424758" -childID 4 -isForBrowser -prefsHandle 4828 -prefMapHandle 4820 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6be4cce7-2488-405f-83d8-ce78ef3aadcb} 3504 "\\.\pipe\gecko-crash-server-pipe.3504" 4656 1099f7e4e58 tab
                    3⤵
                      PID:4348

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  151KB

                  MD5

                  a54e123a0af91cc33b3799eee7ff7c7c

                  SHA1

                  df69d7f0b2f605541fd3203956117350432eba56

                  SHA256

                  1718ba6c46478277e1ba11a74dbae7821af217067c6df958dc201ecb3154a33b

                  SHA512

                  5b77a998cbda2767fd1c8754c91114e51d1bdae66a22736c347ddff975c1386a41f5cfe77253344055e6b93498f14f167039b7282652ecc9e9066a4956253f7f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  6d1d91ea853024e1319079c3ba1aa476

                  SHA1

                  1d6601b36fd831e0b0208bf03f2fefca44bada81

                  SHA256

                  2fe405770f5b8d347b9dac69eae6fa94a1477d3b1a01e207874bf1551e43f417

                  SHA512

                  bd2dc958e3e6711461adeca0e52ced71899da417d625a2a0822ef6ff35cd1451a3190235846847b2fece016a4215a0ed37faeb863608c6ecfe89bd8f117a37e0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  c02bf3f6d7d5d5d3877dd6d21b8d2b5e

                  SHA1

                  121690d8c1564d496c110df73a79402bf6733bc5

                  SHA256

                  0634aa9f1c0adc6f9778d7a9f25c4558cacf06b853b732c278b6e5853ec4f4b6

                  SHA512

                  1c3a1e7f75c351dfaef477ebe554b561045588e38f7d6491aac429f755c40d1393cf2373ebd3d9c838a61c079609051ce92135ccbf9d1c0a2a3ad520d35dc987

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  b37419316f842850675ce9bda540d6ef

                  SHA1

                  26e62feed3d843bb6b18c98bf4f63ce93507a9ad

                  SHA256

                  b9857ca5eeac5b5112cacdd07d74fe8989eb8990d2e26c2274623468acd9c1e8

                  SHA512

                  8d30eb42ac6079e523cb354fac07bc71e8915251cf8550ee86b380a41c86d8aa2058cc1833de981cd36edac32a323ae700029cf4466e37b00a773619ea19809f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  57894a42684dfaa8c4fdeb460541533e

                  SHA1

                  cc029beba1d9701300e86444194f54589b8e18a4

                  SHA256

                  50f31f872305839d6c53690417d7e06985b03e743d1ebcf75ec1e5c35219e499

                  SHA512

                  8ad6dbf05cf032bfc2eb0f6311536baa8710afa0d2757fe06c609992351f1f52f7b28569364e2f613de24037e6c016612e7357fd572919750242ec3d9d95426c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  0b4825cf94f63fd64b79b76273715244

                  SHA1

                  040910fe52afb1f88669d3bca2f119e4c3c78e8e

                  SHA256

                  0ec44b9e8dd6c2d02fa386cce9087962b7d6eb6521b8fdad43fdcd5647c8ea40

                  SHA512

                  7bb73e38c7cf9612b8030238b4a46d13af22018ce3c5de05adc46074b36788ea4f9c4acc139d6d64a7fa675e31a34ca062733121c8fa052f4c3d78d47d53029e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  108b97b1ff7efbdb1aecce96d55ff2e5

                  SHA1

                  bb72b2e0c3d859fe5e821632307a32df331b55e1

                  SHA256

                  c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

                  SHA512

                  e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  24KB

                  MD5

                  7be722facd043d159413d2b88ff0b0b0

                  SHA1

                  c7f27ec02e50b6f3a0225f3441121a0a6ff55b62

                  SHA256

                  440c9dbb6e6e841fb78e265830a0a01aa1f16d63f7720610e9f7f99b91f7f8ba

                  SHA512

                  179cffe708cb2184aaa4494a218bb8cd1206de00548c3af2cc80b81cc737c92ada41d0d1d6130f8870623b09ea9847c1b3db3133f7efc281c6d947a4035654f7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  24KB

                  MD5

                  c49bb62d893c2ab9aadaf141f3427a2b

                  SHA1

                  e53a9c7d2a76b2a5e5befb25a3e4b68dcb85b5fb

                  SHA256

                  aa027509b93cc825c5c10ce55425d1069673e26d162956e720dc789cbd4fad66

                  SHA512

                  476fcecd9935222e267654cfd181f2c3c03518dcc9d93d3b3e7ac2467ce732983ef68a19afc3a2501ce18a982b4d5b927361fe9f5039da0cc27fef3909351cb0

                  Download Submit