Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://www.walletcon...

windows10-2004-x64

1

Analysis

  • max time kernel
    21s
  • max time network
    21s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    16/06/2023, 17:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.walletconnect.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" http://www.walletconnect.com
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" http://www.walletconnect.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5116
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.0.1588108578\7659784" -parentBuildID 20221007134813 -prefsHandle 1824 -prefMapHandle 1816 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b76bbd7f-20c1-42c6-87b9-874695843015} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 1920 12ee24a8058 gpu
        3⤵
          PID:1224
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.1.234070007\2068293016" -parentBuildID 20221007134813 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cac1188f-55df-4214-9788-e08a87efff1f} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 2408 12ed446fb58 socket
          3⤵
            PID:1600
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.2.1973783764\1300022848" -childID 1 -isForBrowser -prefsHandle 3420 -prefMapHandle 3416 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45910758-386b-4788-8e09-31229fbed81f} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 2960 12ee522cd58 tab
            3⤵
              PID:1124
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.3.1716047870\1707565954" -childID 2 -isForBrowser -prefsHandle 4036 -prefMapHandle 4032 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b9c5222-24ff-447a-874d-244f03ff21a6} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 4044 12ed4461c58 tab
              3⤵
                PID:2180
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.4.2029058678\1763169117" -childID 3 -isForBrowser -prefsHandle 4512 -prefMapHandle 4508 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cc63c55-64b1-4d36-b4b2-b780545a17a8} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 4528 12ee3c84258 tab
                3⤵
                  PID:2996
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.5.1627520593\526729079" -childID 4 -isForBrowser -prefsHandle 3476 -prefMapHandle 3432 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db041607-ac18-40c6-ac1b-a87084593eda} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 3300 12ee522cd58 tab
                  3⤵
                    PID:1396
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.7.543380990\1441762870" -childID 6 -isForBrowser -prefsHandle 3520 -prefMapHandle 3532 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9173b5a-cdec-405e-8442-2dba6dd11621} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 3460 12ee79cd558 tab
                    3⤵
                      PID:3204
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5116.6.1724643237\376582689" -childID 5 -isForBrowser -prefsHandle 3480 -prefMapHandle 3488 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3404561-123c-41a9-ad3a-382b65b2fcbd} 5116 "\\.\pipe\gecko-crash-server-pipe.5116" 5028 12ee81a2d58 tab
                      3⤵
                        PID:5100

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    149KB

                    MD5

                    b5984a3db6f67b16d6aad1c85002cb82

                    SHA1

                    e3badd3d39aa11bf9ed112ca8919230c7c774f18

                    SHA256

                    0ae15a9f1fa2324601c3fd7decf63456c44ba864391230366b243dc88dcc1e91

                    SHA512

                    7db2f9d331d3b200e27af9400db9d8814ec633a0796f7344d623d8397c260aa9937182203edf7974cdb0107b3e07647444a1f8cd1580ccc1f1c8b71eb12a8145

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\safebrowsing-updating\ads-track-digest256-1.vlpset
                    Filesize

                    54KB

                    MD5

                    4f9ef3d3a71d4cb49e623e3f4b7b1162

                    SHA1

                    c2d65973b44b051d043475e9387fa7100514acbd

                    SHA256

                    48ae004f3c542ac764dd5a1e894918ec4b250b5c1f7209256c191cae13106b1f

                    SHA512

                    f7017204ad37ceedbff4e8b58ab4edac75748d2f36693e59ea9d9157f637d29b53c6405d994ac9fc62712f2574013e95c4817ff49229c78dcc23cac805b13ed7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    09b30ea089825340a6b375b4a61b2eb8

                    SHA1

                    e7c77629318419a93a4654949f5bcabd6a7fd70d

                    SHA256

                    5968f6567cd9b52c03e54e8e2946b848ec2066e14bc8dbbcfc066fdd2c1380b5

                    SHA512

                    70cf64682c580907b1ba0287972902d4bae5577af7ec76b672d0875e2af8b5a0b025fb368c3ee3cbdb5df3f724d77eeed694460396e5015ee5750b9e5b368384

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    2KB

                    MD5

                    f896c0159f9eec449a49a83d6832420f

                    SHA1

                    098c57521ab1c2a8a9f1661808ba41f60af8409a

                    SHA256

                    e5d29636fce90040e5766e8a9df68861dd6276a0c714d9df1c2f795bf0165092

                    SHA512

                    66c16904f31ef15ddf506fa6d9bc9ff53ef990a715d6b3c1435186da775223f2c7b8f1f6a259109eec37dc331f72729d455d7d43f2f54f5dc7b9fb7395733bfe

                    Download Submit