Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://js.createsen...

windows10-2004-x64

1

Analysis

  • max time kernel
    73s
  • max time network
    77s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    16/06/2023, 17:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://js.createsend1.com/js/compiled/app/content/emailPreview-iframe.min.js?h=8AF34A3A20210825125555

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://js.createsend1.com/js/compiled/app/content/emailPreview-iframe.min.js?h=8AF34A3A20210825125555
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://js.createsend1.com/js/compiled/app/content/emailPreview-iframe.min.js?h=8AF34A3A20210825125555
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5088
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.0.1758725028\1694897837" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6478bfe-f455-4719-9066-e791c627364b} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 1928 160f272c858 gpu
        3⤵
          PID:2588
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.1.924162170\776614159" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f61d22b6-9783-47ff-8600-2f08bc08f70e} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 2424 160e4775858 socket
          3⤵
            PID:2848
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.2.753390170\1481519237" -childID 1 -isForBrowser -prefsHandle 3084 -prefMapHandle 3180 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6df95ca8-775e-4e75-9934-0a4f5ad07c1e} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 3200 160f5617d58 tab
            3⤵
              PID:1228
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.3.479173871\244568479" -childID 2 -isForBrowser -prefsHandle 4128 -prefMapHandle 4124 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c911fe5-cf71-4dc1-925f-e10650620add} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 4140 160e4764858 tab
              3⤵
                PID:688
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.4.395045155\895627146" -childID 3 -isForBrowser -prefsHandle 4848 -prefMapHandle 4844 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6105ad15-c6ab-4f30-8bc4-8d254f5cd589} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 4856 160e4765b58 tab
                3⤵
                  PID:4516
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.5.1655692870\1736793978" -childID 4 -isForBrowser -prefsHandle 4984 -prefMapHandle 4988 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c73d2df5-edcd-4290-80a8-6a92e70b07b6} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 4796 160e476ed58 tab
                  3⤵
                    PID:1992
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5088.6.1970563842\18735055" -childID 5 -isForBrowser -prefsHandle 5060 -prefMapHandle 5004 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c580e734-8f45-4663-ac5e-e60011a54cdf} 5088 "\\.\pipe\gecko-crash-server-pipe.5088" 5052 160f79f9558 tab
                    3⤵
                      PID:4572

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  149KB

                  MD5

                  1b12ab485b998d0cb346d0d143a1a9d4

                  SHA1

                  59c274fa36e0a0b851f9cb8cf2212e3e46dd8da9

                  SHA256

                  42c876d44d600e4c071a886c7d1e9abfebee22a0cf608059be2369b0a5c0d645

                  SHA512

                  b7b64399a8dcd4afcf8dfa7554b89896d07bde797a0cb7974a0a6d224741c07d9c0ffb3ab297a971ac3feade3262e026d019daab37df551296708faf190514fb

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\safebrowsing-updating\ads-track-digest256-1.vlpset
                  Filesize

                  54KB

                  MD5

                  4f9ef3d3a71d4cb49e623e3f4b7b1162

                  SHA1

                  c2d65973b44b051d043475e9387fa7100514acbd

                  SHA256

                  48ae004f3c542ac764dd5a1e894918ec4b250b5c1f7209256c191cae13106b1f

                  SHA512

                  f7017204ad37ceedbff4e8b58ab4edac75748d2f36693e59ea9d9157f637d29b53c6405d994ac9fc62712f2574013e95c4817ff49229c78dcc23cac805b13ed7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  b29fc9073aa97e198318af29ee6817a2

                  SHA1

                  f59c27762e46ecc307de32df3e8230bdaacc52d9

                  SHA256

                  3dab1fbea9fcbf935de4ae09c5ca08dec9322990a501c0f2469ce5663c3ffad9

                  SHA512

                  4eabf5e6edcc6d7a157d06a66de13a3c4d7f8e1a7ae163dc900f3244491a79ec7302b9b9f328f00a0b30c6d1ad61ec56c8bb607797b1a43906bf0771c70c5203

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  6KB

                  MD5

                  33d8bd53dc34068f94b0e91fc1608c5a

                  SHA1

                  8cb4a55bfdf52e451a623d739acdc869c7599f9b

                  SHA256

                  88fca0abd3987b3d44d85b25a22c9d40229f5428e3ace9669954974ab88c6582

                  SHA512

                  6f2160d02d0891b38d3de2c1bd7cad2d18658f9a05c42f1bc43b81d474fe4a6ec7ee613fafa85e075a9a25a7f57a7df90b6f1d0649a7a608abaf647f213f66f2

                  Download Submit