Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
56s -
max time network
59s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-es -
resource tags
-
submitted
12/06/2023, 02:49
General
-
Target
https://exploretheworlst1718857.vercel.app/posts/teamthanh6-el-perro-que-nace-con-deformidades-sin-cuello-y-nalga-rompe-estereotipos-y-abraza-la-vida-al-maximo
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://exploretheworlst1718857.vercel.app/posts/teamthanh6-el-perro-que-nace-con-deformidades-sin-cuello-y-nalga-rompe-estereotipos-y-abraza-la-vida-al-maximo1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://exploretheworlst1718857.vercel.app/posts/teamthanh6-el-perro-que-nace-con-deformidades-sin-cuello-y-nalga-rompe-estereotipos-y-abraza-la-vida-al-maximo2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3200.0.1294156312\296977873" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f15e4381-444f-4368-aab8-394324ca4e7a} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" 1916 2ac372fee58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3200.1.700589611\76296728" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62f3b40f-0ee2-470a-9eb6-44d002892759} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" 2424 2ac2a374e58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3200.2.914564463\432107772" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 3172 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f8f42cc-3fd2-448a-8faa-e46d108259ac} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" 2996 2ac3b0f9c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3200.3.1577015154\1860033909" -childID 2 -isForBrowser -prefsHandle 4044 -prefMapHandle 4040 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3ec65a9-66e0-445f-92b8-e56905497e37} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" 4056 2ac3c2b2858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3200.4.1567949907\533010094" -childID 3 -isForBrowser -prefsHandle 4568 -prefMapHandle 1656 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17ee7670-a994-4e2e-b388-d40e394f7a5f} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" 4768 2ac3d919a58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3200.6.391457400\1314491382" -childID 5 -isForBrowser -prefsHandle 5116 -prefMapHandle 4896 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8b03fe7-504a-454c-901d-905a53b35bb4} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" 5104 2ac3db0e858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3200.5.814009904\345725054" -childID 4 -isForBrowser -prefsHandle 4988 -prefMapHandle 4984 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66af3df8-6cab-437c-8abb-c82604697423} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" 4896 2ac3db0d958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3200.7.763145742\786936435" -childID 6 -isForBrowser -prefsHandle 5472 -prefMapHandle 5468 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb0a04da-f2cf-456b-8139-f391338cf0d8} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" 5480 2ac3e5ec758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3200.8.1749043775\337818165" -parentBuildID 20221007134813 -prefsHandle 5772 -prefMapHandle 5672 -prefsLen 26578 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46f89480-a1e3-4bc0-8ee6-ccae8430a4ef} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" 5448 2ac39764d58 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3200.9.1063333427\230393478" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5924 -prefMapHandle 5952 -prefsLen 26753 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa100b56-d9ee-4dbf-810d-7721862b53e4} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" 5892 2ac3eaca258 utility3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
149KB
MD5bc347e22ee8b08d006176eaaed24be21
SHA12d493378e309d18cd152f795aa7cbfb5e6720450
SHA256f61ace65f4edc3f52f079773d8c779827e983d1dbb2422a23a38271ba1f61a63
SHA512d54210997db557584f6ab4241f52a48c1c0b832222aeb73d0d94aee173cb04dc2a7eb649ec81a77c1bd2d615e6d46f5ce03d191597e6a12be225cee23aac021d
-
Filesize
6KB
MD5ddbe7c365cd12be45ca94a9d97641ba2
SHA14b7651a9bf1f3ce8045f643c7c63a4255fa8c8da
SHA25654188ac27dfc1ca26134f05174b494d7fd5dc9e0d0bd1bea7c53acea94b0a960
SHA5122e51818469588c52091401e886d2353967f51775e4c4ea81ddbebb70d4a415622d00c1118899fbe22e390af91cffb76e858c259395429102bba03b5e219d3387
-
Filesize
6KB
MD575a5620e59b799bc31294527a0a3bd76
SHA1757bdf77957c031e5d6c47ad0b75ed0ce410b304
SHA2560552566dd2dc3fb80bff4c963d282e7e8ef8e032ec1032626d5a8f86ce0cec81
SHA5127b5342bd9f60ce1bf484222a31333aeabc7374ebde337c385a300cefd0bfa738c7b756b585841e473935cbc4c0a2d0df169567b1fd1e338f7b8670d43e7d560f
-
Filesize
7KB
MD5331fd22714cbe877db2065fb86c1035f
SHA1ee4e419677e5d98b776a63e39938f47998f16a61
SHA256b83579ff014140dafd7fa7544edf36bb1007c4df39c11aa3e23ea0ee05c802aa
SHA5129055635c6d390693948a793ca21b96ccd206e7457115233c1f954f61f566c27cdc2d823e7fd593393e68766167a9e1b387066ef9b0cb22420dc64946e76d8d9e
-
Filesize
6KB
MD52ca68eec3c1fdbaa1ae996ee759fc3c8
SHA154363409a7393613ff528d0488d1cc16796ef2d8
SHA2564fe10ac0c622a99629804d64c89b59339a12a63ffb0b56132bfe39ec9b25aa1a
SHA512e2fdc625ee7d3e54c1cca72810eccccc3f493253319dad56693d77904692830302564897d7d9c33b876f645bfcd1a5498be9be81bb18932e3333d00ca3408c12
-
Filesize
16KB
MD5b33adb7e91c6301216c4572d3acb2b00
SHA17a85dbdcdbbac73713f4c6cf2ec638df6502ac45
SHA256de2e5676936a0765c2ffb9e9c3b37b0f62796505b7d62238170cf7847327749e
SHA512297869ef7153757a7d350e276e105ca8b073b3b7efa70f6d4bb578275cfc271d30f2685a2f62297b28c1508f05c7167c8e91c63496f7966f37d95e7e3ce02906
-
Filesize
16KB
MD5dcaf5a73a0b6ff73eac388f1a5f6f362
SHA1bec3d901b61411d3013afee332536d8f9438f90e
SHA25683884b53327ff7e0fa6430f984e19cb29ee8bf170aca85388a8156e4426b8bc7
SHA512dd18f28508eade708a3294d01074120d07cee6a52563bd073db2412082594c53727690c212bbe52d93625311b3e220dda1231acf41ac6007f3a4e39138850be0