Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://sflix.to/

windows10-2004-x64

1

Analysis

  • max time kernel
    4s
  • max time network
    17s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/08/2023, 18:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://sflix.to/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://sflix.to/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1536
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://sflix.to/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4772
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.0.1444942240\1306700651" -parentBuildID 20221007134813 -prefsHandle 1904 -prefMapHandle 1884 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {30d2f674-2b6c-4675-9c5d-391ed30c92c1} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 1984 2d8220e6058 gpu
        3⤵
          PID:3652
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.1.627497295\215702119" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d507be55-3f81-4f8a-9e43-425093f49ef1} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 2432 2d821c40e58 socket
          3⤵
            PID:4856
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.2.1167373611\2009753321" -childID 1 -isForBrowser -prefsHandle 3144 -prefMapHandle 3016 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5189253a-379e-4f6d-87b3-eb41c92c07dd} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 3100 2d82205c658 tab
            3⤵
              PID:3640
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.3.810490893\210223693" -childID 2 -isForBrowser -prefsHandle 3632 -prefMapHandle 3624 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e559401-bc68-42ea-b5c1-739455d25a3c} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 3648 2d815762b58 tab
              3⤵
                PID:1064
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.4.1497084547\553025035" -childID 3 -isForBrowser -prefsHandle 5088 -prefMapHandle 5084 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa6e8299-5b70-496b-88f1-4220c1f54e36} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 5060 2d829163a58 tab
                3⤵
                  PID:4616
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.5.1136567832\235346482" -childID 4 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3506e11-4bf7-4259-805b-47445a5932b3} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 5304 2d829163158 tab
                  3⤵
                    PID:4224
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.6.1322284165\1557598961" -childID 5 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e8a0f2f-a431-46a1-a756-c6ed26a9bdc1} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 5400 2d828bc8b58 tab
                    3⤵
                      PID:3668

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hw21aoqh.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  21KB

                  MD5

                  02d9a64459f2fb2b638605916d2e476b

                  SHA1

                  483f024f1fe421520406a0f21d3f99c7112085f1

                  SHA256

                  00330ff40f0bf1ca47d0b7720df4261d553fdf2b1abc7425e3a212c307f7c9d0

                  SHA512

                  d708721e29a2b1578f7f121b6a9e6b4ee929ae659eeb5c09fbfedb1e48111082d99c1e4ac415d17527b0870654748e5f0419ba5a45de88b55286016ad4ac2612

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  1cb1a3b27f85b9f3bf8c4cf6b73839db

                  SHA1

                  c7c0e047f0b2868480f5516d914ba6f6fa2b7054

                  SHA256

                  b15f20b5a75c419c16379a9475dc715eb115a666aea0358766907bf7aecbd487

                  SHA512

                  9435a3ef05f8bc1948b080c0d065a201d4f87fb5a391a54314c6e5f0da03aea023dc9abfe43b1a45b178a53399ab5ca5ec021b3ea26c909b97b480298930c301

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  58ba4a6eacf851668dbee6415096a337

                  SHA1

                  dfbf44063a2041fa5ec8592ab7ab7c56e977930e

                  SHA256

                  4c321e117678679288f345e4aa1a906876ac3467e950759c2ea66acd773a31b5

                  SHA512

                  39c2c81e6ee3ac3c64649ce564ce466f61d6bf5800db227b24f977bc6250b36b567d8acae97200e3a3304e5b05690b072311614ebb730b8007bbc122427f9572

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\sessionstore.jsonlz4
                  Filesize

                  7KB

                  MD5

                  699a35a62f29648d497758b989887e43

                  SHA1

                  550cf1dc99bf5464401c407110fd493eae381934

                  SHA256

                  60d284fd9f42fa38e4f4528e691c1d1abf165dadaf37394cf5dfb563e1706dec

                  SHA512

                  89b9b17024cf4ca50cde36a3439e79c099dee3433416891a5c0bfff5b722f1ae36c56a01cb65e065cac40c4b5841e9ecee512c430fb661bf108265b7ff7d952d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hw21aoqh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  192KB

                  MD5

                  023bdef3fe94a19c79139b37c80943eb

                  SHA1

                  71f7d361e6afc9b5037f6f660096aa77529e0d7a

                  SHA256

                  03c8e93db6f14e68cb510153cfd92756ce57b48bd5fe85c9c57c438a0af162ea

                  SHA512

                  589813dffe37a0bf1bbc192ecd2fdcd2021bdc25db947c8736ebcd565e56b826f6ae195ff01abb8c33ff5475907cc6e06fb196d9cb2bf258b18445dad06ed921

                  Download Submit