Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

http://ParkingList.e...

windows10-2004-x64

1

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2023, 06:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://ParkingList.exe

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 13 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://ParkingList.exe
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3612
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3612 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:464
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:784
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1672
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.0.262292676\1614423989" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4ad3c8d-f346-49b0-83c4-bf0bc5468d8c} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 1932 1e9c2217758 gpu
        3⤵
          PID:5060
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.1.717700039\181569052" -parentBuildID 20221007134813 -prefsHandle 2316 -prefMapHandle 2320 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d4bd4fc-cbde-4c37-933c-8a3a5a9a6a11} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 2332 1e9b4271c58 socket
          3⤵
          • Checks processor information in registry
          PID:4928
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.2.1654972906\1148271208" -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2920 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26e4c4c6-e83b-447b-98e1-79ec1a30dcea} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 3220 1e9c5051b58 tab
          3⤵
            PID:2384
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.4.2144829424\1217233803" -childID 3 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2545f915-1c20-446f-b608-79bd04eab4b7} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 3556 1e9c2af1558 tab
            3⤵
              PID:4548
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.5.402742101\1429131688" -childID 4 -isForBrowser -prefsHandle 3752 -prefMapHandle 3756 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4685482-bc85-4ce7-b5dc-778e157093e4} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 3832 1e9c2aef458 tab
              3⤵
                PID:4260
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.3.132322264\271674557" -childID 2 -isForBrowser -prefsHandle 3148 -prefMapHandle 3172 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55655dc2-29a7-493e-9274-f79342c53e9b} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 3160 1e9c2af1258 tab
                3⤵
                  PID:1644
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1672.6.1110033570\1951309837" -childID 5 -isForBrowser -prefsHandle 4376 -prefMapHandle 4372 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c81d9e22-8abd-4328-b2ad-1d943d21231f} 1672 "\\.\pipe\gecko-crash-server-pipe.1672" 4436 1e9b4262858 tab
                  3⤵
                    PID:4492

              Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp
                Filesize

                149KB

                MD5

                37dba09477d21182bd6644eff0443a06

                SHA1

                7a49d200c4273901d55fc9d02e8cef0d078e0264

                SHA256

                693a13610d7efbc41db750e7dda11a3fbfacf083a2036df44624d1d21be16225

                SHA512

                41cdcb1a099846604ff6562c5773f7c50c61a87107afbd9e93f896889e4b941a5105a7741586cc391f60e8adf7e87fbb5e580886d4505cb56698476e6b90e4f8

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                Filesize

                6KB

                MD5

                12201eb92cb93259a35fff19a92b63e3

                SHA1

                5e939359edf796397ac55f8795c0a945d6739973

                SHA256

                7d4623642834533a579ec1eea7b96a640fee71af00bc099391bdc035fcedb6b3

                SHA512

                6814089f2fd236af367c5ef2e135d4ef39a64b20cdc7193ab3a90c5d88e99c0258a09a0a97a8276e097644a749fb977fbad9504c473ea22ccbf93ef5a7d48ef7

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                Filesize

                6KB

                MD5

                471980b9c3e2358a4c6e2068dc6475cd

                SHA1

                2d20c4c813aec0c7ec6e0df7163a000028daa594

                SHA256

                4b768eb62d45631bdee565dd7f1aaf21ce886e0c38c09e6d7ccc615dc3b77103

                SHA512

                bdf52fcd03df8d89f179a25bdcec6a8800367d68ce223e3292449de26940c8472981718ce96d6270eb9dd2e7e732a392e0c36a926a88650c5f17e032b47e9884

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                Filesize

                6KB

                MD5

                ba982eb09c08e01da33382536a5b21f0

                SHA1

                c60d81639e69d3449dde3cfa260be0dec841b1b5

                SHA256

                656cf103792d68ba540b52aca5e9c06a256ea1583ce77ace05e93f39ad7762b5

                SHA512

                834c2c3ff09d14565206e29088badc1e4b197b5f7fcee5efe897d2b3e3d949c8fc9626db352854704d2530760d9a12bdc3a4f69fb7db2d176bf1b2c6167cffcb

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js
                Filesize

                6KB

                MD5

                207077fed406e49d74fa19116d2712aa

                SHA1

                3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

                SHA256

                b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

                SHA512

                0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionCheckpoints.json.tmp
                Filesize

                259B

                MD5

                e6c20f53d6714067f2b49d0e9ba8030e

                SHA1

                f516dc1084cdd8302b3e7f7167b905e603b6f04f

                SHA256

                50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

                SHA512

                462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore.jsonlz4
                Filesize

                880B

                MD5

                461dc2e48061fc7fbf16fc1e4967c2a0

                SHA1

                ff96363a0989f8930bef9e934c50aca2a1f76ec2

                SHA256

                525be67ce89127dc93633a1e6777c1c24d9da56489bea60c02edf1c7cd58337c

                SHA512

                1d17b19c0f96b694724e2dbbec617547c52432e43dca08b4552a18e8ddf9f52f5eb7df39941ace1dafe139a5db5838c916407d8d63402a6f1988586e4a444180

                Download Submit