Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://folders.earl...

windows10-2004-x64

1

Resubmissions

28/05/2023, 08:53

230528-ktpjeseg32 1

28/05/2023, 08:47

230528-kqa7mafb71 1

Analysis

  • max time kernel
    42s
  • max time network
    43s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2023, 08:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://folders.earlybird.rocks/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://folders.earlybird.rocks/
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3120
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://folders.earlybird.rocks/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4732
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4732.0.1869305204\1307506017" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52fe007c-0970-4333-82a3-c6cd1cf4f48f} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" 1924 20d18f18558 gpu
        3⤵
          PID:4924
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4732.1.1640666816\534781423" -parentBuildID 20221007134813 -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67200049-856b-4ec0-837e-c803c2b719b0} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" 2464 20d0af6f858 socket
          3⤵
            PID:2112
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4732.2.413860988\1659727659" -childID 1 -isForBrowser -prefsHandle 3232 -prefMapHandle 3192 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bf413c2-d04d-4f62-9878-86537c15aeed} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" 3104 20d1be1d758 tab
            3⤵
              PID:3632
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4732.3.62270368\491671949" -childID 2 -isForBrowser -prefsHandle 4104 -prefMapHandle 4100 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4eb5103d-ca01-4c61-b3fb-028431374881} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" 4116 20d0af62858 tab
              3⤵
                PID:2448
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4732.6.100294975\928068528" -childID 5 -isForBrowser -prefsHandle 5276 -prefMapHandle 5272 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3bc6f5a-dec3-4a6f-88b8-5be70f3456d2} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" 5188 20d1e9f4f58 tab
                3⤵
                  PID:3536
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4732.5.1530152237\1052731018" -childID 4 -isForBrowser -prefsHandle 5004 -prefMapHandle 5008 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09f2a0be-09ad-48db-bc3b-dfab48dec091} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" 4868 20d1e9f2558 tab
                  3⤵
                    PID:2632
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4732.4.1428895362\1728964820" -childID 3 -isForBrowser -prefsHandle 4836 -prefMapHandle 4620 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc724f1e-438c-4075-b4e1-2087d20960d7} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" 4848 20d1e927258 tab
                    3⤵
                      PID:2136
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4732.7.2050764368\523536184" -childID 6 -isForBrowser -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e402cebf-f668-4ffa-87e3-6e7f6f47b701} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" 2220 20d0af68758 tab
                      3⤵
                        PID:544

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    151KB

                    MD5

                    701bc033bf9b2bc077ebdc2e75a81ffa

                    SHA1

                    b89ed446ed01faa282f2e4b86088ae216c19fe3e

                    SHA256

                    d2abbe0a05f2fd0939697c43c06362b1ce1790d701fa435eb8d8c533e6b36ac3

                    SHA512

                    45ee11e3be149a6fb40bfef949e19e237ba61192398aa8775a21d7ce0ae4406fb0522303edfcd1d78d2c46f660257b0b89dc150f4ee78d548c37f967d9baff0e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    dad265da399242e1def07cb3981534e4

                    SHA1

                    0d48a4321706c3c3dcc59ff2f895d36357624d27

                    SHA256

                    e04bdae7d6204622c9511bd234d6d9a3bd2ffec6c9b86855b30407b45941e365

                    SHA512

                    6d311989f7e97a8abe2d2c00f971b879dd332e26fb62840542e8e0b8dee56e6db12263824641a479da028df2507d6914c50cc653c9b674888b956d4cbd024c1d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    1cf0d5a5a91a719966024557e381f571

                    SHA1

                    eccb4c0f7af1e7b7ee3df24f6e7c60cf1e8d3277

                    SHA256

                    8ef54442b9c8aaaf8535e2dbe054dfac17ddde2f2711acb1bafef1399634bca7

                    SHA512

                    d77e2dfff6813be11b668dfcb77059518ef6c6fe27a9aedb9f49bdffebe7fb1fba4047bdadaa61a10b63a600c11b5c9cee63458f7b937a75b5327e57dadc5148

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    8daaaa69a5f81f5ccd447c32cab96ac5

                    SHA1

                    8a4d97bf860da2e67dc00d1d5f5a4393bf401caf

                    SHA256

                    90aa55b370192de3070a3143815a7eb9b445fea6a3610f8f4ecf2f794f067737

                    SHA512

                    ed3e8d24c7646210c78392bfcdd3897e5361dd6692362781455ff105707eff32ba28f6682dcafd49a7ca3ea4aa368e0569c0db89621ef08fc968e9d335aa16e2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    108b97b1ff7efbdb1aecce96d55ff2e5

                    SHA1

                    bb72b2e0c3d859fe5e821632307a32df331b55e1

                    SHA256

                    c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

                    SHA512

                    e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    3KB

                    MD5

                    a1674273fa258fea4ed47235b8a51abb

                    SHA1

                    1974377118e38af2c799cb676d4b132ab1499512

                    SHA256

                    831773fa4716bb860dad073b05f9cf78bc6109964af2302d87590a8cf2411112

                    SHA512

                    0f032a1bc15cd92f3ecef7c1dffedd8970e6ca0da29e49d56c956238dd7de2951a9cb57f3fde188e424b0aad027adc6557e0d8d2a42bc83a5d1bb700430c53b5

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    3a83fdaba03b33051fcdfb0e1a114f00

                    SHA1

                    71fa87eec55c0f2e71424c19c94768f33630e1b8

                    SHA256

                    6a3c40569b0b379b4c80b6c6700170606e636ff657220c561c5131cd65080aa2

                    SHA512

                    41288bbc00ce45555d0165095d755b7c926967a6dc000a06665a97598d8513c70726267f13abce253a379eab5d8ffec51c2b41f6a66be7b8b7ab0a8f251c3049

                    Download Submit