Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://yieldtrk.com...

windows10-2004-x64

1

Analysis

  • max time kernel
    34s
  • max time network
    40s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2023, 10:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://yieldtrk.com/en/230a785a-3c28-43d6-8317-6137027c622d/?fl=Rescue.iso%20...

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://yieldtrk.com/en/230a785a-3c28-43d6-8317-6137027c622d/?fl=Rescue.iso%20...
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://yieldtrk.com/en/230a785a-3c28-43d6-8317-6137027c622d/?fl=Rescue.iso%20...
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4620
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.0.1234197322\1311320168" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c929e72-9bde-4ece-afbb-95a2fb4d5828} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 1960 1f24f9fae58 gpu
        3⤵
          PID:3552
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.1.1062493296\797478511" -parentBuildID 20221007134813 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1f159a4-120a-42bb-9076-baa4f31319fd} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 2400 1f24f4e3858 socket
          3⤵
            PID:4072
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.2.1523126890\1571572745" -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 3200 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {715e088d-2697-4388-855c-5ff8739a2f91} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 3244 1f2533d9b58 tab
            3⤵
              PID:3036
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.3.1623320265\1290499287" -childID 2 -isForBrowser -prefsHandle 3584 -prefMapHandle 3580 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30e382dc-2126-452f-9bed-36e99c6bcc76} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 3592 1f242d61c58 tab
              3⤵
                PID:436
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.4.67272721\1486976426" -childID 3 -isForBrowser -prefsHandle 5020 -prefMapHandle 5112 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69f8c51e-1d34-457f-8ad7-ae7e266820fe} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 5136 1f256603858 tab
                3⤵
                  PID:4236
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.6.184314189\1376461561" -childID 5 -isForBrowser -prefsHandle 5316 -prefMapHandle 5184 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c3f98a3-5cab-4fc5-b6bc-89738b36feff} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 5404 1f256605958 tab
                  3⤵
                    PID:3184
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.5.316331471\1972785275" -childID 4 -isForBrowser -prefsHandle 5148 -prefMapHandle 5144 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a175157-497f-4182-be3f-480998a0ac83} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 5184 1f256606b58 tab
                    3⤵
                      PID:2084

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\05ypapi5.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  153KB

                  MD5

                  b880ff6614e4b377b80569a614711a9f

                  SHA1

                  6e60e6143d7405f7c19cfdc989b2bd86c6173c19

                  SHA256

                  447192861bad1de2ae6fb8c9929a45fc4aa2c2a9697d301c87a128cd4048fc14

                  SHA512

                  67628ab13ba478969c7dba9db81d5f2715040fd1dd1279db83c30a4484f9488dca14d41e7a3665c69f3f3d211a709c71ad32867c5fce81f9a8d17340452cf462

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  b389c170ee95b6455b7bbbfbd0fc5ee0

                  SHA1

                  ba3d01e52d32aa3ebe3329fcfa7b9d34463600cb

                  SHA256

                  e7934d33f797c3b743bf66579a06aa52270389cc43ce81b4abf11c8bfab3c46e

                  SHA512

                  769f6b2e7efa9a9b43b425fc8357a08bfe960b1813ccbd369331a8580c1e7c2444a0f178ee9aa661133f60a661bb92be4520055a1e339e7528b1f9d25cc4137f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  bb013b08e2e624ae851088914895cacd

                  SHA1

                  f929a2c7e83b715ba7109938d0e3e0a9e303a05a

                  SHA256

                  46b733e5512e509f92cd0b4eabeb848d6effc6517f4c2c0bd892b6238bccd9b6

                  SHA512

                  dbcd62abf0f2109a8f60a080e3ace23be9d0ae96a9ce08c15772ff8122b7374256d3fc5a6140af7efcb27c3792e2d6b9b49739e6405e5136979891790bbc7b20

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\05ypapi5.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  58f5cb4c8d978cd547f24955f19b73aa

                  SHA1

                  ca6df2ca4cb2b1003d28bddbb54861ea763525c5

                  SHA256

                  09ed23e4455aa9b3129812df9c37ad3a74c11cf110a94e0f6f08dc8098f17c20

                  SHA512

                  7fcf9f64369162487518a893ef2f86d3e224a1731bdea5c0815edf1e179452e6018b12ea7852f8fe3793f53802c5c2ed5426b0a64d91f5e99e3619db8149fb26

                  Download Submit