Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://fastklick.biz

windows10-2004-x64

1

Analysis

  • max time kernel
    69s
  • max time network
    74s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2023, 22:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://fastklick.biz

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" http://fastklick.biz
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1340
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" http://fastklick.biz
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2136
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.0.1957046879\1356729216" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c149159e-6213-48b8-8ecb-b990dc104640} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 1932 24cfb716858 gpu
        3⤵
          PID:1964
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.1.828544376\1238092170" -parentBuildID 20221007134813 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0878357-ad79-4eb4-be97-79ed9927f120} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 2440 24ced872b58 socket
          3⤵
            PID:4676
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.2.2064828099\1291744016" -childID 1 -isForBrowser -prefsHandle 3116 -prefMapHandle 3132 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a07c3d9a-97c0-4525-b577-fa60d1892e8e} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 3092 24cfe610d58 tab
            3⤵
              PID:2884
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.3.410457779\1965942640" -childID 2 -isForBrowser -prefsHandle 4052 -prefMapHandle 4048 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cf5c16b-205b-4d63-a55b-467b3032e5fa} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 4064 24ced85d958 tab
              3⤵
                PID:1916
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.4.735813345\183559958" -childID 3 -isForBrowser -prefsHandle 4340 -prefMapHandle 4308 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a605ef7-8a2e-46e3-91b3-8a43c3038d07} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 4352 24d00258958 tab
                3⤵
                  PID:4240
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.5.1167641375\831474230" -childID 4 -isForBrowser -prefsHandle 4976 -prefMapHandle 4988 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21e73729-4f16-42e4-a920-8c217e05e97e} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 4984 24ced865958 tab
                  3⤵
                    PID:2396
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.6.1820962104\2008508528" -childID 5 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48f7a942-d40f-4671-aad1-95c6a1c36004} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 5008 24d0256c558 tab
                    3⤵
                      PID:2672
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.7.714510713\188521097" -childID 6 -isForBrowser -prefsHandle 5336 -prefMapHandle 5104 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5c25aa6-ec5c-42a5-9187-a519e73c9545} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 4980 24d0256a758 tab
                      3⤵
                        PID:2944

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g6h1qcgn.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    157KB

                    MD5

                    7b65328b2ceee525006e8bc5b4f6ffd4

                    SHA1

                    5889ffeba6dd91e5d6b8d0173ef61ee02daf453d

                    SHA256

                    fb72d562d37d719816175bd66fe71eb6e879044e75d0d4ced51958145bd6d812

                    SHA512

                    20fbc8b74f5ecd8deddc79f35ec51961c4d47e8ae79ccaa09012864699e96ae524b5ccf5744f7c740e2daaa1a99b1caf06bbae85e9b2d655fe5f9aeb33d3f8ce

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g6h1qcgn.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    b414263809c7cc4e2509f097949f9726

                    SHA1

                    391a61ae7b95a8cbec30d05231dc972852897408

                    SHA256

                    0538e7931c2a5053eb25ecfc8e3550d96df46e6a56bb4eadc15d3ce32efc51b5

                    SHA512

                    3fc94d774b2e325ea4aa3fc6417627c55cc43c525b047d1a8e4b34411f24ae8618c40c4625c9e3584a99f0aba34f380a60f453d21aab82fe19669346c3976e51

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g6h1qcgn.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    970b9f78b8118a3e03fa56f7dbe414b5

                    SHA1

                    fea8eb3a0c6423d59d31d8a364d3da63b6692d8f

                    SHA256

                    c8db8e52d16672f4b84e482e21c8609e44e4d0381520680faeac8100ccc06533

                    SHA512

                    503665ffad167815e97f136d71781de4dce83ecbc5dfb80b2cdabb772c5bdda7af1a963a219d2811fe7ac6f4e82e8e071fb08a86462a9d0babf3c74224ba616b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g6h1qcgn.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    c19fba0f4645ac50e10b93d705c9f401

                    SHA1

                    209f1b8a5d12be7c50f77e0206a76c3dfb2df234

                    SHA256

                    680167132202b2c177a169f3145c62a433d71f847ec58fff55420f52c0a86385

                    SHA512

                    1dce16206b6fbb81420c426fc4c5e620d5cfca1c4f960d1a587d3f7bc69536190e0b484899d290b57ae8d1be7cc4f19425a9de8bdac30344320179617f1c0564

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g6h1qcgn.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    03a34f096d598454c3817a1780e45e9d

                    SHA1

                    4297b2052bf8d869454bffbbb73f202ac7eae0a2

                    SHA256

                    14e913f2d79c14951145ffcef9cbdff6e1041fdd8bcef57ec9ccc6827e1ea5aa

                    SHA512

                    5786752afeb5b6579f4aa38f81fb61acdef8106b17dbd46bf2f9b8f8e55f27af98b4a09061158df176e4e1e3f271b7f05aa49521576a679bfcf78f338cb91884

                    Download Submit