Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://www.smore.co...

windows10-2004-x64

6

Analysis

  • max time kernel
    39s
  • max time network
    41s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2023, 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.smore.com/4jdvn

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.smore.com/4jdvn
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:372
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.smore.com/4jdvn
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2056
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.0.975419011\48984653" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03810759-e335-46ee-82fb-22117051baa6} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1924 2560cce9558 gpu
        3⤵
          PID:3264
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.1.744030313\635057338" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21628 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f02d7c52-8fe4-427a-8e48-d521d57b0bec} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2424 2560c146e58 socket
          3⤵
            PID:4444
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.2.1492753166\1881203537" -childID 1 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 21711 -prefMapSize 232645 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ce8656d-609a-47a6-8ef3-698d9a2cd256} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3208 25610bda658 tab
            3⤵
              PID:2264
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.3.1325992551\1148920596" -childID 2 -isForBrowser -prefsHandle 3992 -prefMapHandle 3988 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21a2c156-4ec3-4b87-a26b-bc497cdf1a4a} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4004 25611cfc358 tab
              3⤵
                PID:1372
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.4.953177855\1890711318" -childID 3 -isForBrowser -prefsHandle 5060 -prefMapHandle 4904 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fa74816-b8a5-423f-aea5-bfc2f4746a11} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 5084 25613b14d58 tab
                3⤵
                  PID:1116
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.5.1185090692\1512486622" -childID 4 -isForBrowser -prefsHandle 4912 -prefMapHandle 5068 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97517554-6ddf-42c3-856d-8c2d0e0e3932} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 5112 25613b93258 tab
                  3⤵
                    PID:3780
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.6.89796846\842006248" -childID 5 -isForBrowser -prefsHandle 5340 -prefMapHandle 5336 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8b8e324-b9b9-4522-9f3a-5fb4d41105e4} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 5348 25613b16b58 tab
                    3⤵
                      PID:4432
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.7.1532413178\1970180912" -parentBuildID 20221007134813 -prefsHandle 5668 -prefMapHandle 4912 -prefsLen 26500 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9ecbdd8-66b9-4c19-b698-dc3458137a86} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 5444 25613b95f58 rdd
                      3⤵
                        PID:3232
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.8.580176083\1772348290" -childID 6 -isForBrowser -prefsHandle 5832 -prefMapHandle 5768 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fa2cbf0-5c9a-4ac0-9cc0-25238063be80} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 5812 25613150d58 tab
                        3⤵
                          PID:2152
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.9.1925617956\770363388" -childID 7 -isForBrowser -prefsHandle 9268 -prefMapHandle 9272 -prefsLen 26692 -prefMapSize 232645 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5032bb9e-3fa3-4e61-a73a-a5daf7891674} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 9260 25612b56f58 tab
                          3⤵
                            PID:3444

                      Network

                      MITRE ATT&CK Enterprise v6

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        150KB

                        MD5

                        3a85737b1e812ac6b1056ac66a0f3462

                        SHA1

                        8aa07a4e521d8f23c5b097926551429dfe82ddd6

                        SHA256

                        e656db578c4c8af95f20265237a823b6c63963b5896cfa3dfe8c55fdb9426747

                        SHA512

                        646237ce508eed29bbf1610265c7fe6c8ee363e598f67a68f8dcd66f5c0517b81450142f96b7d7e829be27822df4771d1f794d6eb24e253902328a4ebb6f49a6

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\B3C098F68A69A21EAC5881B3CCF210FFC2D3F8FE
                        Filesize

                        17KB

                        MD5

                        35128a21b647bd915c6600ae26a6c451

                        SHA1

                        77d74bbd082c756366608a68e6b2f3519c70bb7a

                        SHA256

                        9afce7f6329219be7fb6909732341e7675c425bab19f10db8f6db10d63456aab

                        SHA512

                        e729f4b9fd816648f17dd86ba2e78eb5ec0bca54aca63baec7e84d775a1143f202f4e357b98a262b646794991a732ec3ce5d08f31c0cacdc8f7aaf829a042eba

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        2483e59ba294d67c0bfdd41dc97a7a1e

                        SHA1

                        39dc1a2f147c3db0c1493d9d65cf7373ade1b113

                        SHA256

                        4300b442f12802b9e754eb14c73d69157e5d4bb33e635e38cb34d50ff0e4610d

                        SHA512

                        baa226e80c865517db0731c95b7441f261320fb484aa932de4a8ba9be6924a0ce7b74f8e058878e96df67e4a0e54343a09ef65bea5375089caae93ddc9de1ed7

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        ec2e4be723c3e9a03ab21a9f7916521a

                        SHA1

                        e71f868724b605c484f1e6494dcf19733ccc1914

                        SHA256

                        9fcad0a769558ae0f62e34e82380b6603258ec43acbc8c8c59ddce8ff18ae826

                        SHA512

                        18cb0a1f042c670cda61fe38e3e4ac1fc6b11af90109c9cb9d4e5386f192f4237d5f89911f52d8ae8d996d5d6234356f1f5b3193666567002c9c4d01a12567be

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        fc3859a8b9e85f8fb40be030c98fd05d

                        SHA1

                        b8197dcad9b11e268d57ddee70784212aa21564d

                        SHA256

                        a7465b8c0b350b044b8312b4f30210831056fd5b34a28e26852539318ed06e2d

                        SHA512

                        2011e42f1b4a8f7ee78557f14e850e9aff86c444cccdb8e3074899cccd271379337767fa05f6fab6b53f0c07225a3118c68d069dcd751a4413c084da124e283e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        fc0d7b2595d37cb3862f2090fc22d16c

                        SHA1

                        38e29d6fdc719fc5cbe883cd0c286105ecac9ab2

                        SHA256

                        b7e1cc6dfee01e50c9d55e632f4e9bcf2feed7a025f453deba300461f4c044bf

                        SHA512

                        50e578bcdffdc36bce261da1e9473757aa4e2380ee7b1e011ed0fa75ccb2e0368bcabb82f371fb6d3b919b443ddc6f4382dd0a71f6f0929bbc81a89311a577de

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        9971fa8fa89a208685d3e30835832fb5

                        SHA1

                        5d9972a3bdbd4c18b3648597d2fd9f9fd6e30300

                        SHA256

                        13417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084

                        SHA512

                        02b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        2KB

                        MD5

                        e4df74e1029420cf64c5b0ae5b40ad84

                        SHA1

                        9cb211a0b1007bdbf406aa342fbf4519e8f9d091

                        SHA256

                        0af9a1e62356b0e52b0fa17f6d29f0335648fe325ec045610938a0c74da95ad0

                        SHA512

                        3f5e98847debc781baa5c651cc824875e42b2c8bbf0cf98c4283d52ba929d689d882b24950ba2e1a0da3deaf2a875b8ae5188cb58bbd4402019d5d22b62e642f

                        Download Submit