Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://xn.net

windows10-1703-x64

1

Analysis

  • max time kernel
    21s
  • max time network
    25s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24/07/2023, 09:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://xn.net

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://xn.net"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://xn.net
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1144
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.0.1296838897\1062440230" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1688 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8e7a532-82f8-4206-a928-8299cadd31b9} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 1792 1d0da8bce58 gpu
        3⤵
          PID:4464
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.1.1684397049\1592536234" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21797 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11c8255f-c715-40d2-a3c7-aa5ed712668a} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 2168 1d0da7e5258 socket
          3⤵
            PID:3016
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.2.709890211\695291189" -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 3108 -prefsLen 21835 -prefMapSize 232675 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c9373be-0e9a-43e0-b1fc-4b990cb0691a} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 3124 1d0de9cd958 tab
            3⤵
              PID:4844
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.3.1927353737\112813310" -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbdf9e2a-1960-491c-be95-152b50d6f9c3} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 3656 1d0dfabd658 tab
              3⤵
                PID:4912
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.4.1359588409\1494804340" -childID 3 -isForBrowser -prefsHandle 4408 -prefMapHandle 4452 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cea30d2-f14b-4ee7-9859-c3fd6ccdc151} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 4460 1d0e0b8d658 tab
                3⤵
                  PID:1156
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.6.1432120584\540974720" -childID 5 -isForBrowser -prefsHandle 4844 -prefMapHandle 4832 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {223a3766-3542-4a13-b089-6feaafbc4e37} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 4888 1d0e0fbfd58 tab
                  3⤵
                    PID:2920
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.5.1544472034\887976864" -childID 4 -isForBrowser -prefsHandle 4324 -prefMapHandle 2960 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f90773ac-8fad-41ac-9495-5c64f34106ed} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 4840 1d0e0fbfa58 tab
                    3⤵
                      PID:4776
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1144.7.952190566\1887915051" -childID 6 -isForBrowser -prefsHandle 3312 -prefMapHandle 3024 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3cb2fbf-d4a0-4bb4-bc0c-706e00a35a6b} 1144 "\\.\pipe\gecko-crash-server-pipe.1144" 3048 1d0e0a6c558 tab
                      3⤵
                        PID:4908

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    148KB

                    MD5

                    1b3d7a2f52f554c9b219139f0d0f0b4e

                    SHA1

                    b2ce7947a2189ef40d623ba914a5de355dd9d963

                    SHA256

                    dd19a8aedf0a2a2593d0a6d99f265bf7e3d9b0e1c742ef09086994e04b05e11c

                    SHA512

                    d5ef25b4a6fb7948c00d1d9d687bba0c3fb3b5cdf39268fdf458ab50d5296e00bb3ab464fd229c8c62c269ea434f553dd3cb4e2e048afda10dcb5396df676dc2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    1d14c4c624bac520a6e5d05cf1140690

                    SHA1

                    1f7810208a12c0232db2b304f6f39abbc8bd9318

                    SHA256

                    e2e5bdf61d3913da22323e460018300067fb735163f4f52d664b2af69639a94a

                    SHA512

                    ecf0be04f9cdff9d88ecf2e842f46f485ebf4060d460226601e9b7ad54178f729171be3c5f57e4a62d9c82d6dc91fe6fa220ff355ee6b6014ace9f1de8b75b6f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xcsgzdt0.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    fa9b6f65d79bbf534d3be2681a44c40a

                    SHA1

                    ae3bc569de273477644abf153ffa143a2bfb0708

                    SHA256

                    b4ac212a76e9c3e71cb0b8039a190335dcf9bb2b826ad91ec89f5b507611c813

                    SHA512

                    b931e362d1caffdcd07c58e219383ecf5b8856bd5fb760eb6283b7a0b389eaca04e4a5171f10cf774d0ae0733e5553932dfef9ddde1e8237afa535611b6f5c4c

                    Download Submit