Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.keysocia...

windows10-2004-x64

1

Analysis

  • max time kernel
    62s
  • max time network
    65s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    10/05/2023, 17:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.keysocialmediapy.com/so/7aOV3hvlU/c?w=Pv_DB1dNrdjeEXW8cW8uvhj96rxcvbiatJgcER4D98w.eyJ1IjoiaHR0cHM6Ly9hcGkud2hhdHNhcHAuY29tL3NlbmQ_cGhvbmU9KzU5NTk5MjkyODcwNCZ0ZXh0PVF1aWVybyUyMHF1ZSUyMG1lJTIwYXl1ZGVzJTIwYSUyMHNhYmVyJTIwY3UlQzMlQTFsJTIwZm9ybWFjaSVDMyVCM24lMjBlcyUyMHBhcmElMjBtaS4iLCJyIjoiMmJjY2ZmOTgtZDViMy00ODY2LTkwYTItMTUxMDMxZDM0OTc2IiwibSI6Im1haWwiLCJjIjoiZTk3NjVkZWMtNGIyMi00ZWQ1LWFlNmEtYzY2MmVlZTc3NDNmIn0

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.keysocialmediapy.com/so/7aOV3hvlU/c?w=Pv_DB1dNrdjeEXW8cW8uvhj96rxcvbiatJgcER4D98w.eyJ1IjoiaHR0cHM6Ly9hcGkud2hhdHNhcHAuY29tL3NlbmQ_cGhvbmU9KzU5NTk5MjkyODcwNCZ0ZXh0PVF1aWVybyUyMHF1ZSUyMG1lJTIwYXl1ZGVzJTIwYSUyMHNhYmVyJTIwY3UlQzMlQTFsJTIwZm9ybWFjaSVDMyVCM24lMjBlcyUyMHBhcmElMjBtaS4iLCJyIjoiMmJjY2ZmOTgtZDViMy00ODY2LTkwYTItMTUxMDMxZDM0OTc2IiwibSI6Im1haWwiLCJjIjoiZTk3NjVkZWMtNGIyMi00ZWQ1LWFlNmEtYzY2MmVlZTc3NDNmIn0
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4548
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.keysocialmediapy.com/so/7aOV3hvlU/c?w=Pv_DB1dNrdjeEXW8cW8uvhj96rxcvbiatJgcER4D98w.eyJ1IjoiaHR0cHM6Ly9hcGkud2hhdHNhcHAuY29tL3NlbmQ_cGhvbmU9KzU5NTk5MjkyODcwNCZ0ZXh0PVF1aWVybyUyMHF1ZSUyMG1lJTIwYXl1ZGVzJTIwYSUyMHNhYmVyJTIwY3UlQzMlQTFsJTIwZm9ybWFjaSVDMyVCM24lMjBlcyUyMHBhcmElMjBtaS4iLCJyIjoiMmJjY2ZmOTgtZDViMy00ODY2LTkwYTItMTUxMDMxZDM0OTc2IiwibSI6Im1haWwiLCJjIjoiZTk3NjVkZWMtNGIyMi00ZWQ1LWFlNmEtYzY2MmVlZTc3NDNmIn0
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2388
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.0.670300524\882370491" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f74e635-3b07-4052-b5aa-a5ee6617dab5} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 1936 237a8816558 gpu
        3⤵
          PID:1508
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.1.1618419787\688191281" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae5ae4b7-df5c-49f1-ac70-50abbe5bdc7f} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 2424 2379a87d858 socket
          3⤵
            PID:3452
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.2.1815424640\1685852820" -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3104 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {478c3e39-89dd-4562-9660-a1df36dde735} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 3260 237ab60f858 tab
            3⤵
              PID:704
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.3.709726800\1261943751" -childID 2 -isForBrowser -prefsHandle 4012 -prefMapHandle 4008 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cee15ba3-dadb-4a13-91b8-d5fe05a6fe87} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 4020 237ac4af058 tab
              3⤵
                PID:812
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.4.503027325\684677658" -childID 3 -isForBrowser -prefsHandle 4816 -prefMapHandle 4812 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a1cbecc-81ad-4510-ab19-68f78ac086e7} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 4788 237ab496a58 tab
                3⤵
                  PID:3220
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.7.562993882\176698505" -childID 6 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5efdc8a5-dc7d-41d7-ab84-18a6ad302c62} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 5352 237ae79e758 tab
                  3⤵
                    PID:3108
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.6.1554890524\1325957123" -childID 5 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0702896-1c94-4956-ba3b-925bc9315ef8} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 5160 237acd59c58 tab
                    3⤵
                      PID:816
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.5.860146202\1696657602" -childID 4 -isForBrowser -prefsHandle 5056 -prefMapHandle 4148 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75789e92-6456-43e0-9c41-2d5aa572bbad} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 4284 2379a872e58 tab
                      3⤵
                        PID:3328

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    147KB

                    MD5

                    1de712becf3727426713b94a85b41ee4

                    SHA1

                    2293b5a25e91c8f6baaf85dd0a4b0828bb1bb6dd

                    SHA256

                    ee3b63eaa3d34351f6e3859004d3bd13606c0fd63caeffa10711c13555554890

                    SHA512

                    7671a5eb8fbb178fd4d81a26eb094d7ddebdc573464234bd4fae756d8430666ec925584237f7d1714478f7d877385090b6edeaefd9c37376bbe29c4c7a393a38

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    263a085464a3819158106fd622b57d8a

                    SHA1

                    8bef588f563fdd95e3bce116254b9d8071c84142

                    SHA256

                    1f8f86943bc87c3ef195ebfa32f1869375a8eb9655ad879d21767e17746ee891

                    SHA512

                    d787a650052156d127a0b6c43bc754c4b09208b1aea78b6b951713a0640d58e88a61355b8ee836004282c3cac2f88eb08ac72f007cb5e92e6c36ad2281e046b2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    acec785c763867a9ffebde71aaf869db

                    SHA1

                    ebcf21a83e0ed67db746be8671c6f0b39f3f1e67

                    SHA256

                    9790da4988800d6825d764b3d0748942511923f01e1190077d59a7afb2b12c5b

                    SHA512

                    7d56e0237811df1eab5d94e35412080e982a3f2543a3cea86ba73b7108f4e7c71564783fea139db998facdf2e0f41ae7dbe6d8f0c1a498e2d074e63b947546f7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    c449f26c71a5560b98a682266f1618b4

                    SHA1

                    9f76374632100d65377dd7c4c76ca01c614bad85

                    SHA256

                    1535048465ea6cd74e664cef8ff188b306824672ca6d492007eaad08e3cb7de5

                    SHA512

                    e8807ad83f79d3e0f6a094894d7106cb41dd3f390e73873a8375d35559842df8633adcb5d4a31d3901704fc633d7badf4a8bfd318d16ac9a765ecca57cf08e84

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    fcd5f37e5e4066f7cffe8eb106b6ce19

                    SHA1

                    b0a1c4d3d5c96271429fb09cb71055d177c13402

                    SHA256

                    38dbdb91f24f8e138803d71d0f7e4758fbb78e7f657208325fe30a501e225c67

                    SHA512

                    afdf7697bc784c3c85f30a8a1e4caa32459cf7f19c1ffacde04f62f089218ff1899ffe69fc465677d719546c8f91bea0d04807b13d58096f79aeba8eef0a0a15

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    2KB

                    MD5

                    63c266758869704901d0d74fc05c24ea

                    SHA1

                    96285901a0e08860ea322c1c0b55937c9ad57915

                    SHA256

                    5e6296dcf4f1619fe03f5e7346770b70c8cd68636bb96db23d58eb018735d4e7

                    SHA512

                    1fa6b0987d3d62d4403e44f3ce22fc0dd85fd10e86c4aadb6851c1ed9c29ad0171cf58cbfdc8a6b976af1ca5c90194ac633dde50c81b0c3bf8e69e71bee92ba2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage\default\https+++api.whatsapp.com\ls\usage
                    Filesize

                    12B

                    MD5

                    ed5f885692b059e39d64b5d582a4e65d

                    SHA1

                    643f2e722740293e170f5849780a532388431956

                    SHA256

                    31b782576da25c1767b54dac45e585df94f28510fb1ae6f13802aa5ad34ebb82

                    SHA512

                    f06baffc67f7a24dfbedfe57c3ffd604aa335a6ea0c9a2c6aa2ceac3de913e01bb52a5aa435860e0a66d43e5708e8fd791e27bc51579699aeaaab6807e714934

                    Download Submit