Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

The Repurp...r.html

windows10-2004-x64

1

Analysis

  • max time kernel
    37s
  • max time network
    46s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230824-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/08/2023, 18:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The Repurposing Center/The Repurposing Center.html

  • Size

    17.5MB

  • MD5

    35c081c9ffda87c4d7cd81a7592b15f1

  • SHA1

    196ab6733dda0033d63964cdb631e58f6098cf96

  • SHA256

    d0f69f6f4797edc71606ec64be65e478fd4494e6c4f8de2f505c8fef5b6e5f3e

  • SHA512

    44dbc8b63bea24f2c963e64240e488f24e39850ee8390a7e1ecd66be88892b97ac30eb71626ce4ad4772f9c44429ec04d937c88903d62e209d4801376716684d

  • SSDEEP

    49152:4ouOJs+6HSvpqrv4qtljYBRTdcr80yCjBiKOLWGjN8cP4t88IM/oL/QLQHh4+nG4:pOx/sD

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\The Repurposing Center\The Repurposing Center.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3268
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\The Repurposing Center\The Repurposing Center.html"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4888
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.0.1574294373\1784894570" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a973d3e-0e6a-4b09-8da9-b6f010ecf790} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 1948 283b34dab58 gpu
        3⤵
          PID:4956
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.1.940912355\1391973351" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 21676 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b473c7e-4b8c-4022-8b30-9a3840198ac1} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 2372 283b340a558 socket
          3⤵
            PID:852
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.2.954910782\862243934" -childID 1 -isForBrowser -prefsHandle 3296 -prefMapHandle 3292 -prefsLen 21779 -prefMapSize 232645 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9360b6b2-7173-4574-b206-33cf03eac786} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 2952 283b6fef258 tab
            3⤵
              PID:3124
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.3.1095690865\1378016847" -childID 2 -isForBrowser -prefsHandle 3536 -prefMapHandle 3532 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de6cf214-3ea7-41ba-ba8b-40e1977d3d48} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 3620 283b679e158 tab
              3⤵
                PID:3384
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.4.307007072\2074428677" -childID 3 -isForBrowser -prefsHandle 4648 -prefMapHandle 4644 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60580a0f-a80b-4f30-9108-74592e162486} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 4620 283b8e91158 tab
                3⤵
                  PID:4060
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.5.657542421\2126792820" -childID 4 -isForBrowser -prefsHandle 4660 -prefMapHandle 4656 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f52b683-92c4-4fce-8c92-58831e7f8552} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 4664 283b8e90b58 tab
                  3⤵
                    PID:3368
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.6.1022610159\1086655540" -childID 5 -isForBrowser -prefsHandle 5016 -prefMapHandle 4916 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58b2a101-5c43-4f57-8a52-bc99677d30a6} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 5028 283b8e92358 tab
                    3⤵
                      PID:3308

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iqlm0dqj.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  21KB

                  MD5

                  0e0f8353300559a5acb25637f117f9d8

                  SHA1

                  8acf90156a3096dbe02d06eff44aa473403db052

                  SHA256

                  a72ab65b62bb49b6362b65ffa6fcd03b919ac1058bc28d7d7a803ec96be1cc1f

                  SHA512

                  21dbaaa2e69257632a4dd4c4dd14702bff183bed252650d55f850f4439d379e0c7ab7b5bdc086319984ea012cb8ee259a77a1cbb8fa0e7448810642a2cce8480

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iqlm0dqj.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  98d1e8a0d29fe566460f905f2b30f9e4

                  SHA1

                  b27cf44450d83b548ab35bf88a07b9663d6a4952

                  SHA256

                  d8c1fa154bffd76163eded671637c37ca7be559e4031599e1b9efcdb3740a09c

                  SHA512

                  20dceaa61d5548c4c73cf8f208a7fbd017a3d759ee15505b954167078a3ec5d7ed94eb1e38a910fb7ad9211c1b95e288a575917d142ab002fcf37472ceb119a8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iqlm0dqj.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  d21495473b38ea422c84ebfdc48dc820

                  SHA1

                  a7b124f81dc7a1f05afec7f2cd3e4e3b5ec40441

                  SHA256

                  91fba8534fb749f476f0be224cb5c27397324b0dacb7f58e01e50d6842a7a9e1

                  SHA512

                  84989e1caa43070fc928f995bef5f9dd239d2b17a46683fdcb05463af5c21fe586d882f80c0002909cd648a549474937edaed66470dd1723fb25a78460ae80fe

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iqlm0dqj.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  1d1372aac41837877e6f56bf88ce5581

                  SHA1

                  873de29a634e135db708887b7e35f4fa810e0c65

                  SHA256

                  4b9f180d13640775406bd637cb9104bbf3c13a32cdfa12ff598fd34a4ba8625c

                  SHA512

                  e24be4e62b41de4973f29aa55a4900c91e05600a77f686749b3c52dc1bc80b6d2b29e800a8ce5455900c482e831ea23e804ef55b760c7daae37b1433a304175f

                  Download Submit