Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://stats.secureb...

windows10-2004-x64

1

Analysis

  • max time kernel
    36s
  • max time network
    38s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/07/2023, 07:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://stats.securebrowser.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://stats.securebrowser.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5072
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://stats.securebrowser.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1720
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.0.828355382\187857998" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e0c9402-e684-43d5-8e53-a2503ed9ab22} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 1952 1f332508e58 gpu
        3⤵
          PID:4972
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.1.36299671\1495639958" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2332 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a855131d-3d50-4e13-904b-3550b7efd5c1} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 2356 1f3311f2658 socket
          3⤵
          • Checks processor information in registry
          PID:5016
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.2.1740144589\301224882" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 3088 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1fe6f36-c13e-4630-bed5-2476ac2fd815} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 3280 1f334a24958 tab
          3⤵
            PID:3204
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.3.1485663795\108229581" -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a59d1ad-0495-4628-88da-602bc892307f} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 3616 1f324b30858 tab
            3⤵
              PID:3840
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.4.1238236845\739124107" -childID 3 -isForBrowser -prefsHandle 4816 -prefMapHandle 4700 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {677914fa-b5e4-4072-89d7-8e1270207806} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 4728 1f337334b58 tab
              3⤵
                PID:2896
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.5.1622355973\1823158828" -childID 4 -isForBrowser -prefsHandle 3256 -prefMapHandle 3044 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32893e57-efd1-4ebe-ae43-4628d812c476} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 3136 1f336ebf258 tab
                3⤵
                  PID:3500
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.6.2070729317\45742061" -childID 5 -isForBrowser -prefsHandle 5348 -prefMapHandle 5352 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6446a53f-af7f-4c71-9c5b-56828ddef11a} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 5340 1f336ebf558 tab
                  3⤵
                    PID:2464
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.7.172199768\1864708199" -childID 6 -isForBrowser -prefsHandle 5544 -prefMapHandle 5540 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c06e8a45-7995-41c5-9ded-87bd0d177efb} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 5556 1f336ec1f58 tab
                    3⤵
                      PID:1512

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  157KB

                  MD5

                  2efed5422a9f5040911f8fb0c6ace024

                  SHA1

                  eaadbc49d68fece07684e0250f0bb860983b66b5

                  SHA256

                  970a47cd7fc0de02af045b1c16e135e34a0f58803090b414d53a5c693ddaf772

                  SHA512

                  e67f3cc3783e315a5008826916de8eb1d4a97bb0479326bce8cdbf7f8d2974bf3de9975f303d05d7b35223627e70557d54ccd296cf2f0199a00b3f6b2063db6d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  7ed119f785d4a56d25a0fa1c484990f1

                  SHA1

                  47ece01f72a779dc85cc77dc524c7df18f54f6a7

                  SHA256

                  0d2dd78d89a7ade1a06842960c998d457fd1a7bdc319014c8248cc1aba27f329

                  SHA512

                  2a16dc99665e73373c8d92851defe323f1ddfdaa51e2cf3e41499b656a5db7517bb0d23185d500ae7f7b1293efd8e299c72e67fd3026496ef21bbca1698c8613

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  a9c1fa194221ece3a1c3e094cd59d4db

                  SHA1

                  0136bcaf18ec1c66afa9327a8a35a966fcbec31d

                  SHA256

                  b0053180a29b203f5cb2931c2e90f0ae9792584168240b4aa255019a399bb11b

                  SHA512

                  f2f1ed557e5988449bb6d5314bc6e727bb6b80f4593c4c1df5dd851a5b064292f911944ff4ace30a258d470d8cfd847fe0946925105a7be5815957ae10ee4a30

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ezoxz0hs.default-release\sessionstore.jsonlz4
                  Filesize

                  1007B

                  MD5

                  05158e55a1cd68ba3f9a76b9766bbfe2

                  SHA1

                  e2182fc231c2d17d9d9ba5bd3181fa6b956e0e1c

                  SHA256

                  7272eb9857476160d7bedba58fccb4bc95a5858b3b739dc3dbfed8a3fa9f108e

                  SHA512

                  c9e8fdb0da215eb2ef03271d02f28f20d10bfd56ab711ac2e8634e9566b2a3d70ee542a4aefa49baff2f9d6c1ea649db4a910cd8117c4797bbe125d005afe7c7

                  Download Submit