Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://links.leal.c...

windows10-2004-x64

1

Analysis

  • max time kernel
    33s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    16/05/2023, 20:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://links.leal.co/a/click?_t=b30e3a6a70214f419bee3d5a00dd917f&_m=06d7ad9276884dd39009f822b949eecf&_e=tjmVgAWQJu0951SGXTCG5UDLEDsVjccPmJcwAIoKngFwAZ6FhCuYxqUQBioWC1vkHkWFBGw3A76PJ7HIg_6mrWUmeqOYDHf6NiNHhh-__z1-m7Jb-8dRwCJZvl8dyDoCup6vgAhapb-zbMsg-UBuDftrLTUbhzOT9d_77qVb_lEI_HgScK4x8V-jrnQL9F7_f4x7WgfdqkR3ASuOh4g3MA%3D%3D

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://links.leal.co/a/click?_t=b30e3a6a70214f419bee3d5a00dd917f&_m=06d7ad9276884dd39009f822b949eecf&_e=tjmVgAWQJu0951SGXTCG5UDLEDsVjccPmJcwAIoKngFwAZ6FhCuYxqUQBioWC1vkHkWFBGw3A76PJ7HIg_6mrWUmeqOYDHf6NiNHhh-__z1-m7Jb-8dRwCJZvl8dyDoCup6vgAhapb-zbMsg-UBuDftrLTUbhzOT9d_77qVb_lEI_HgScK4x8V-jrnQL9F7_f4x7WgfdqkR3ASuOh4g3MA%3D%3D
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4536
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://links.leal.co/a/click?_t=b30e3a6a70214f419bee3d5a00dd917f&_m=06d7ad9276884dd39009f822b949eecf&_e=tjmVgAWQJu0951SGXTCG5UDLEDsVjccPmJcwAIoKngFwAZ6FhCuYxqUQBioWC1vkHkWFBGw3A76PJ7HIg_6mrWUmeqOYDHf6NiNHhh-__z1-m7Jb-8dRwCJZvl8dyDoCup6vgAhapb-zbMsg-UBuDftrLTUbhzOT9d_77qVb_lEI_HgScK4x8V-jrnQL9F7_f4x7WgfdqkR3ASuOh4g3MA%3D%3D
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1292
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1292.0.648884589\1904682948" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {163a73b8-13ee-4a17-8151-e39a42b6591e} 1292 "\\.\pipe\gecko-crash-server-pipe.1292" 1932 21374116758 gpu
        3⤵
          PID:3220
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1292.1.1477115395\242421716" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b249483-a180-4346-adf3-11f8c56f579b} 1292 "\\.\pipe\gecko-crash-server-pipe.1292" 2424 21373006558 socket
          3⤵
            PID:3988
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1292.2.1172301833\1858570586" -childID 1 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef4eb09c-cc60-4a61-b576-bcfbe291280f} 1292 "\\.\pipe\gecko-crash-server-pipe.1292" 3500 21376ef1858 tab
            3⤵
              PID:4460
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1292.3.818040113\1418126072" -childID 2 -isForBrowser -prefsHandle 4052 -prefMapHandle 4048 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {129fb485-af97-4d87-9463-e80d98fae3ca} 1292 "\\.\pipe\gecko-crash-server-pipe.1292" 4064 2136615d058 tab
              3⤵
                PID:540
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1292.4.1560054260\703331327" -childID 3 -isForBrowser -prefsHandle 4828 -prefMapHandle 4864 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61516f56-f3f4-4947-8622-342d231c4f67} 1292 "\\.\pipe\gecko-crash-server-pipe.1292" 4840 213798a5858 tab
                3⤵
                  PID:3180
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1292.6.977153588\1836353821" -childID 5 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {663f7358-d905-45f9-87cd-e662493045b4} 1292 "\\.\pipe\gecko-crash-server-pipe.1292" 5188 213798a6d58 tab
                  3⤵
                    PID:2388
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1292.5.861181420\1314680980" -childID 4 -isForBrowser -prefsHandle 5008 -prefMapHandle 5012 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c195df0-d1df-45f2-8ff5-17e906a94c37} 1292 "\\.\pipe\gecko-crash-server-pipe.1292" 4996 213798a5b58 tab
                    3⤵
                      PID:4880

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  145KB

                  MD5

                  df8a40e58f33684bcaf29a073bd9da51

                  SHA1

                  0354866176475bbbd58737fbc1c540c9e53735bc

                  SHA256

                  4092f4b39483c0e630944d26a3a6a9ae8bd4e5618f8b2e905e36698613ad56e8

                  SHA512

                  2b713cd9af9f658dc0415029a7dec59cb44e248922415f4f2ae0ab14a759b13080822424969129542c1f1a65ffc7d37892cbcc7e34a8036b041b65c2b61c8986

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  9343492b2a1c13516cb8806691d55a98

                  SHA1

                  b37be2fd192809db1fd1a3abdb84e6dc080f79ea

                  SHA256

                  71d8c4c281d47ff844bdf1ee2ec31734f49cf8580b90f2072eccc62af052f440

                  SHA512

                  aa8bfec6156ffc99e6afffa83f23d0bf8c453cc5d636015136482f17962a4177dcfd531203ad3c0b7ea9c02a4c198b19ee78711807107a7b103d299166743020

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  69efe2589bf11a7ed2e20daa2bf2a484

                  SHA1

                  1553deaebc9673d2e8d0051a2f5b58f6d774c82d

                  SHA256

                  75e8ecd12c2a35b808f4e71e078ec748c25d3ceace34000c8952dc45497d565d

                  SHA512

                  c335dd865be2ad65f434fc49f67815fb27de46ebbdb947ed3c4c1c0b2612aa4a9cb2ffbfc220049ab0405d676a4aed85b3ed61cdbb7638220a7a74e24f68e1bf

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  fcd5f37e5e4066f7cffe8eb106b6ce19

                  SHA1

                  b0a1c4d3d5c96271429fb09cb71055d177c13402

                  SHA256

                  38dbdb91f24f8e138803d71d0f7e4758fbb78e7f657208325fe30a501e225c67

                  SHA512

                  afdf7697bc784c3c85f30a8a1e4caa32459cf7f19c1ffacde04f62f089218ff1899ffe69fc465677d719546c8f91bea0d04807b13d58096f79aeba8eef0a0a15

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  2KB

                  MD5

                  19f53a66d92a0dd9bad3a559f0d2ea0d

                  SHA1

                  12d3a55f1a3c35abc74dd04812fb908d7bf0b6e5

                  SHA256

                  631934dcb63fd7be61616dc58efcc65c5b6a744a519f234165c470a7c0f8f22a

                  SHA512

                  2a7c52f85e8f077a31579f183935ee28b9daf8b3c3ad3d8c8f66e91a6ef633aacb425020441501208deee6e6ac54c6b21b2995d4a4205603e41d065766e30d45

                  Download Submit