Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://178.62.225.201

windows10-2004-x64

1

Analysis

  • max time kernel
    35s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2023, 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://178.62.225.201

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" http://178.62.225.201
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3600
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" http://178.62.225.201
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3956
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.0.2059301907\1940789976" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5563e5b2-45e1-4475-87f5-be96e2618e88} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 1936 11c34616b58 gpu
        3⤵
          PID:4148
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.1.1960160763\893459853" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80189beb-b65a-482f-908b-f7fd243a82f2} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 2424 11c26670d58 socket
          3⤵
            PID:3656
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.2.630759450\721764806" -childID 1 -isForBrowser -prefsHandle 3316 -prefMapHandle 3312 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf814506-bacf-4608-9f38-7722f74ca64d} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 3288 11c37305958 tab
            3⤵
              PID:2348
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.3.1519633542\829196480" -childID 2 -isForBrowser -prefsHandle 3968 -prefMapHandle 3964 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3df5d7a5-7d61-4e88-9cab-7eba1d89beb7} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 3980 11c38a6c758 tab
              3⤵
                PID:4816
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.4.916051095\336144397" -childID 3 -isForBrowser -prefsHandle 4824 -prefMapHandle 4896 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02614f3f-6983-4789-9449-ff34149a4e3d} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 4908 11c39237f58 tab
                3⤵
                  PID:4280
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.6.1256280167\941510163" -childID 5 -isForBrowser -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ed9a606-0d18-478d-a7d9-79417955a22f} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 4748 11c39ad7058 tab
                  3⤵
                    PID:1176
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.5.1693963176\21168673" -childID 4 -isForBrowser -prefsHandle 4888 -prefMapHandle 5084 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {211b65bb-410a-4913-9677-31421a2af02d} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 4892 11c26663558 tab
                    3⤵
                      PID:540

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  145KB

                  MD5

                  f0ffc54e4aac53bfe3322d256bba83e5

                  SHA1

                  d3cfde6ed24224530c3da6e072f0a074456e5906

                  SHA256

                  d6a59c95547896d135d543a878bdf16147e86655ff6e245a502fd8922eb09f32

                  SHA512

                  acb4c5b5fb1f5732c5f741b7b021e261f1a0f81791496db894d4be3fc85e8200b7fd18a40311bb638384487f99c29f2aac01d4dc9d2043742569661ba1bfbf25

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  4a5063563b1aa45f65136d816321bbce

                  SHA1

                  89f9a111f71e6e9eaea4cef061f4d66fa7acaa02

                  SHA256

                  fbdb0774ad5c14a09cad1fa8aab3d28f22e8d454781df0e4df611efe2bb4ad56

                  SHA512

                  0ec23d639b809129938da0bb93123326d4f92eb49135092023ec7d58038898bc68bab9cc239a75856c0a9be476e9ec965325d3af948e50a0212b3b111020de0e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  39237f54d40585f2b83cb756b4760d19

                  SHA1

                  d13ff62c7a1d483c81eab4bc12afbf962ffe67b7

                  SHA256

                  3daa21884685f5bdf5919fdb16327eb9e7dff2577f1f0f373f3a59016d62bab0

                  SHA512

                  3090bcf1f05213f6506fce5b32763dbb6363dc24b68543035638c2319db0588329a1af2827f6f84c72a935bb4992f1712e00b3446ff87cf01dbb77473f1942c0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  3c8fd1d9057daeed85dabe207e6d5882

                  SHA1

                  83f5de1d3b97b9cc99753261cb71b7b386d28000

                  SHA256

                  3e5cc95a75851a18e088ebde8bff3f8db12396a909bf1433843ce1c3a8727c3b

                  SHA512

                  303a87f25d5205893d731ab0519f285e69b6e3961066d66962f0db76dc80db0613a3f476e9e411a089fa71987aa69baf1e48533ae6ecd59f319e627daff885d8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  108b97b1ff7efbdb1aecce96d55ff2e5

                  SHA1

                  bb72b2e0c3d859fe5e821632307a32df331b55e1

                  SHA256

                  c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

                  SHA512

                  e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  d0f53e4c732a29e9398f029741ed1a3d

                  SHA1

                  a5468b5e2e83fc8420347460d8a08bdde6ba0e58

                  SHA256

                  9e4ea63a96b6587bb66b4e1574cc6f0f64592e75b69324073ba6e94f665550ee

                  SHA512

                  136c70478865fab2bcb5b665b189cf8e72ebf0b8a7d4fd574a78789d8922899076967325d2f742cf3a1b23af7a9e6690ad6320dba2efb29eea3764c77898edf3

                  Download Submit