Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

URLScan

urlscan

1

https://ipfs.io/ipfs...

windows7-x64

1

Analysis

  • max time kernel
    60s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2023, 09:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://ipfs.io/ipfs/bafybeidbsm5grmx2l6hdew4cl4i6ghsht4iibloiklpelfil2y4ttyliiq#[email protected]

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://ipfs.io/ipfs/bafybeidbsm5grmx2l6hdew4cl4i6ghsht4iibloiklpelfil2y4ttyliiq#[email protected]
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://ipfs.io/ipfs/bafybeidbsm5grmx2l6hdew4cl4i6ghsht4iibloiklpelfil2y4ttyliiq#[email protected]
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1652
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1652.0.1019497250\1008945698" -parentBuildID 20221007134813 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4173540f-39e4-401c-966b-8a4a8080c49a} 1652 "\\.\pipe\gecko-crash-server-pipe.1652" 1276 12917858 gpu
        3⤵
          PID:1352
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1652.1.382230187\423510358" -parentBuildID 20221007134813 -prefsHandle 1480 -prefMapHandle 1476 -prefsLen 21751 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67435579-35c5-40a0-bcb3-d8fa2c5c29c0} 1652 "\\.\pipe\gecko-crash-server-pipe.1652" 1492 d70758 socket
          3⤵
            PID:1520
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1652.2.220163012\1560970923" -childID 1 -isForBrowser -prefsHandle 1108 -prefMapHandle 2008 -prefsLen 21899 -prefMapSize 232675 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94977b60-b586-4a1d-beca-8603f63d8697} 1652 "\\.\pipe\gecko-crash-server-pipe.1652" 1840 12b97258 tab
            3⤵
              PID:828
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1652.3.1502244649\1799910715" -childID 2 -isForBrowser -prefsHandle 2900 -prefMapHandle 2896 -prefsLen 26564 -prefMapSize 232675 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e927fd5-d136-454b-aa7b-79b15e1ed9d1} 1652 "\\.\pipe\gecko-crash-server-pipe.1652" 2912 1c2fce58 tab
              3⤵
                PID:540
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1652.4.1470372804\1417194227" -childID 3 -isForBrowser -prefsHandle 3596 -prefMapHandle 3588 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23249913-4843-4bb1-a7d1-7533e2366f8b} 1652 "\\.\pipe\gecko-crash-server-pipe.1652" 3616 1bb18b58 tab
                3⤵
                  PID:2340
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1652.6.547561744\1997773692" -childID 5 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29497510-4c3c-42d2-a541-363192b74f77} 1652 "\\.\pipe\gecko-crash-server-pipe.1652" 3728 1d23d358 tab
                  3⤵
                    PID:2364
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1652.5.1697889983\2046055987" -childID 4 -isForBrowser -prefsHandle 3592 -prefMapHandle 3560 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9b2d6c4-fc2f-4ccb-8c05-0218a7f2d434} 1652 "\\.\pipe\gecko-crash-server-pipe.1652" 3636 1d23e858 tab
                    3⤵
                      PID:2356

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\81ei91hh.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  149KB

                  MD5

                  3534bf97aef3d9b259f952850afac28d

                  SHA1

                  63dafd634e93a7fac55859c41921f36a6fad9b73

                  SHA256

                  14a6020b1ad6ef303abf24acfcb37127abc323583ba5b076535a7bc544318399

                  SHA512

                  9fffe0a32cbee4573a10bdf2c0ef51733f35cd7a405b951a7f771e3a4d3c2c0bc1f5829651bf43155b7756b935f3f9857f5aaa641b85481e686562e1508e8b2a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\81ei91hh.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  287079c0a70882ef8bb416820d8184ad

                  SHA1

                  67f9835b12c37eee8e6d0e00dbc303d8f7d9a772

                  SHA256

                  cdce500c9efcf5aaa92013a70429d0fb43331c7f28472a7186f8079e510b91b1

                  SHA512

                  05048711b5b6c658a6f7c522d33e0260b25f7ba970bd129adba232d68c82ca018fee195022a880972204f5d4566cbb89f2d4063741b0df1aafa8e8bf7d5795b8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\81ei91hh.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  0e980ac224be1303d679c272ab0ebb4a

                  SHA1

                  c13ef4ab764c829005289692acd847f069c2050e

                  SHA256

                  0717f5c478ad2b6082d693e47b5338e0344e2a352a9f50ce6a966a4fefd1c4ff

                  SHA512

                  0f56e0f620414f58cc5c16efe7c7496229cf5a75c6122b510ac8ed608a14ddb57e8dda40e59c4ef4e2aaeb5e34934da26af7f19c91ebf62f79dcd05f64a23e54

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\81ei91hh.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  deb087dff265ffe0de4c6e13e02ee352

                  SHA1

                  96ee30ca94e191bd9530a3354ce9b9a40b5a765c

                  SHA256

                  0390097f13e5bf14195ae8cc48249d854e22862784e67ae24349561b443e20a8

                  SHA512

                  43513d176a84f9d30f562cf7fb92cd4a811335de3f56e9eaa5297e7b7e8e730d50b7ff5dff7e7f08831a7ec9310fd8f29bac1c6927d0c7dc53b7abb2c52ae8c5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\81ei91hh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  fb732ab90ae806de2a908ea466074728

                  SHA1

                  384b71583a2741ec314d2f1a6f04a715ded9dbb0

                  SHA256

                  149d40bd736f752eb14a352c83abf35a2affe987c7f0aa4af0add7b988b49132

                  SHA512

                  b5fe272d713cd5a97bbddcb960cbe068603d67ba1a7ec48dcee80b9495e5cae0a21222df7bf9481fa42c7f5419c1008344aac4680e057d4e62c48566e3754a71

                  Download Submit