Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://chromeenterp...

windows10-1703-x64

1

https://chromeenterp...

windows10-2004-x64

1

Resubmissions

19/05/2023, 14:57

230519-sbvxgsed36 1

19/05/2023, 14:49

230519-r61wjsha9x 1

Analysis

  • max time kernel
    603s
  • max time network
    605s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/05/2023, 14:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://chromeenterprise.google/browser/download/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://chromeenterprise.google/browser/download/
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:8
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://chromeenterprise.google/browser/download/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2284
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.0.413619391\1232428009" -parentBuildID 20221007134813 -prefsHandle 1664 -prefMapHandle 1648 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {913b4fa2-3557-476f-96cb-39bae1beb55c} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 1756 173cc916558 gpu
        3⤵
          PID:4748
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.1.1559291936\233784829" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 21749 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb3492bb-aa11-4cca-a41a-bb1c786d7595} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 2196 173b8f6fb58 socket
          3⤵
            PID:3728
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.2.847074131\1993889060" -childID 1 -isForBrowser -prefsHandle 2704 -prefMapHandle 2940 -prefsLen 21832 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76688d76-5452-40b5-89bc-6d3dd0bb7919} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 2676 173cf857258 tab
            3⤵
              PID:4412
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.3.962328413\129107864" -childID 2 -isForBrowser -prefsHandle 3732 -prefMapHandle 3728 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76c8bee2-1368-43c8-9361-38a725e3ebc7} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 3740 173d0bb2058 tab
              3⤵
                PID:616
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.4.634575622\686644036" -childID 3 -isForBrowser -prefsHandle 4652 -prefMapHandle 4648 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff740529-f66b-47ec-a786-897ef006f1f5} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 4672 173d0bd2758 tab
                3⤵
                  PID:1624
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.6.1152471714\1409704152" -childID 5 -isForBrowser -prefsHandle 5004 -prefMapHandle 5008 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76cb30cc-9817-4cb6-af43-005729fff837} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 4996 173d0bd2158 tab
                  3⤵
                    PID:2000
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.5.573231665\1276482296" -childID 4 -isForBrowser -prefsHandle 4676 -prefMapHandle 4712 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3f5133b-42bc-4c17-b8f5-5fa969237e75} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 4832 173d0bd1258 tab
                    3⤵
                      PID:1640

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\evlzgz75.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  156KB

                  MD5

                  2147ef10db9b08f66a957d6ebf70b605

                  SHA1

                  5d76eb0bb7ecc520eb1b8c37ce875b7f3e36a965

                  SHA256

                  da47649325339f48d034889970cbcb69e4cc0bd6bd68b6cc5db15e222f5e5f04

                  SHA512

                  219a806168e7ad64a4d6699095bab24c7df66082b736375bc1c6bb9d295c826337e3fb8d232dcef9bea8c7ccd8690227f869cea5b0f78d9182ee214b5a8268d4

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  7KB

                  MD5

                  ee81eb0fafed6af54e766c89f46c66c0

                  SHA1

                  e5ae3c617cfa75af95088331d9a64e896b4ef6c8

                  SHA256

                  849b088fb53596769262fd5ffb8ee8e0b65e344969404461efb1bba37d9e2d45

                  SHA512

                  3994b5cd8068236a58274980a062f0935d6d1ad81514558960b5720262b1482f35b7e981f7252a39d1cc4088efb26c08a08302d12bda7f7f46bc62afbbd90003

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\bookmarkbackups\bookmarks-2023-05-19_11_yyzQT6zYKGzzlFbJAldNzg==.jsonlz4
                  Filesize

                  944B

                  MD5

                  6e888dd6fcaf9594a8c4264b6803875b

                  SHA1

                  b2437376c810d15fd5bab09673a2d2ede1c088bd

                  SHA256

                  26e32f944b43b35bb48ccab93e4b9e63d490da27e0f8c26afe10a193a21b03e1

                  SHA512

                  cc88f691a29b9a30abaed808025cfbccaa251a2d71b32fccac292930142f0b8450cfd2e4a14a6e65fd7d3f4dee562bcde642648e0affe0763b08d34c1f699a84

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\broadcast-listeners.json
                  Filesize

                  204B

                  MD5

                  72c95709e1a3b27919e13d28bbe8e8a2

                  SHA1

                  00892decbee63d627057730bfc0c6a4f13099ee4

                  SHA256

                  9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                  SHA512

                  613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\cert9.db
                  Filesize

                  224KB

                  MD5

                  1ab35f1b91658a26051f2d81bcbab34c

                  SHA1

                  b70d47c0d5d1c58c870e333c880e16e4d94641df

                  SHA256

                  a2fdbab42556277fece6c7a18a8f9c8bfba4d2bb45cfd335a99d82a56f533824

                  SHA512

                  e00bdaf556ef177a61feb347601e06231ea165006df18fbe1b61466da09f895d3b3f65f0edbd21a7982be2d3d1ef0f9a7c58664bddde8c03bed5194dccf1a403

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll
                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  f843fc3b858888d342076c7199266348

                  SHA1

                  97dea7b7d8486f03cc085ef488fda80fe53515a0

                  SHA256

                  19b6e95d7e0e109333b648d994d42f1f8552467f8f43a4570f84dc5c5e2189a4

                  SHA512

                  9b25cfb2a279bda5827e7d4c3446c75cb5057e7a886e23b7f3eb44d3a2fbb04d19249ff423c821cc41ea7a6d8585fafb0b4f9ae8d54274883250c4a4a1c7c1f7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  98611d1abcbebb2edf97bae6c1247f83

                  SHA1

                  1cb9fa4c1165465e4b094c4a8acbd6c2773720ee

                  SHA256

                  00cf0e6e323154f3b446a577efdfb68f1e63f115b6981601abb3f4701e447256

                  SHA512

                  9ac4c95aa88294d34088302ad2519468afd407a8ff305915231b86dac827493d81fd288d85d4def675c9a9fcb6108f455debeb82d4aaf3fe504b3a76d02ffa14

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1022B

                  MD5

                  b24b2605b10cf5b5fff19c2fdbccb424

                  SHA1

                  d4dfb8965471aca8b46a21c0ed434bd583a26d79

                  SHA256

                  c0229688f3e3ed523eb0f252d2956b2b0866f0c0a2f2b1ddb2dc8adbcc036708

                  SHA512

                  d31b86f2c3c32ca43864c168dd20b3033dfedd97e4792d0bb2854c664f3a2361298efccea8f4b188334a5f505fd7b073c9c015960bd1673a9270e9f7e6175046

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  13f4ea7224417985aabae4a2f59fc2ba

                  SHA1

                  2d20752d98ce84d37a69d349d2c008e302748b59

                  SHA256

                  929688d666a67a627252819b523a1a80c92a092a94b155728b8ae603ec370c4f

                  SHA512

                  0cf9e68368fff17491537a97f62cd1dc0ac9d1d7330cb2ad3f3e252ad973097fd53e416c70e9c0abb7a5cf97ac92e58f364fa96c47c95c071df71aca94dd8501

                  Download Submit