Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://fitgirl-repa...

windows10-2004-x64

1

Analysis

  • max time kernel
    51s
  • max time network
    60s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230831-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/09/2023, 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://fitgirl-repacks.site/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://fitgirl-repacks.site/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4796
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://fitgirl-repacks.site/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3464
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.0.1880644916\211569523" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f02e6b1-cab9-45fb-8696-5793c6b351d2} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 1960 23e475daf58 gpu
        3⤵
          PID:32
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.1.1619299574\369882688" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5e44a7c-449d-4315-afea-788a085226db} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 2404 23e470e8f58 socket
          3⤵
            PID:1644
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.2.1710267016\277454239" -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 3132 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d486a7cb-f65c-4df0-8aa9-b40170f8166b} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 3148 23e4b2eaf58 tab
            3⤵
              PID:4712
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.3.1746331287\528141913" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8d082cb-a92f-43ef-9517-59b80eb22463} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 3652 23e4c305f58 tab
              3⤵
                PID:3288
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.6.1025804700\490086176" -childID 5 -isForBrowser -prefsHandle 8232 -prefMapHandle 6108 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77f550f5-c00e-48ed-9aa4-021cb94d1a67} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 8944 23e4ecc5458 tab
                3⤵
                  PID:1100
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.5.893413727\431798175" -childID 4 -isForBrowser -prefsHandle 9032 -prefMapHandle 9028 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f4c09ee-e285-4017-94d4-cd5d168b5c41} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 6328 23e4e4a4758 tab
                  3⤵
                    PID:2192
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.4.993346347\1167466404" -childID 3 -isForBrowser -prefsHandle 7284 -prefMapHandle 5712 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04398b97-c306-4524-805f-0e64a45d1225} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 8232 23e4e4a6b58 tab
                    3⤵
                      PID:2296
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.7.1909588193\45696237" -childID 6 -isForBrowser -prefsHandle 9012 -prefMapHandle 4288 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0975528-6bfb-4ddd-a525-f3722b5c7410} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 5068 23e4e415958 tab
                      3⤵
                        PID:468
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.8.106341039\446818517" -parentBuildID 20221007134813 -prefsHandle 5988 -prefMapHandle 5948 -prefsLen 26577 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa75348d-ba54-4bd0-ac3e-34b194473a5e} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 5944 23e4f5a5558 rdd
                        3⤵
                          PID:3240
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.9.598270828\1483779939" -childID 7 -isForBrowser -prefsHandle 5992 -prefMapHandle 4580 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3841e710-664d-43ef-9e8d-e224f9645dd6} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 4056 23e4d60e058 tab
                          3⤵
                            PID:4256
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.10.614298188\515161450" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5700 -prefMapHandle 4056 -prefsLen 26831 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d079de5-973f-4637-80a8-3c171a1992a0} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 8360 23e4daac258 utility
                            3⤵
                              PID:2716
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.11.374023856\415043779" -childID 8 -isForBrowser -prefsHandle 6232 -prefMapHandle 6300 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2556d307-0733-4de5-a312-5b1652284804} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 6236 23e4a88db58 tab
                              3⤵
                                PID:5096
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3464.12.810320124\28553434" -childID 9 -isForBrowser -prefsHandle 8004 -prefMapHandle 8008 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ba7f482-3aa1-475b-93f9-5b794e6a0619} 3464 "\\.\pipe\gecko-crash-server-pipe.3464" 7992 23e4d543158 tab
                                3⤵
                                  PID:4552

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g2w00o91.default-release\activity-stream.discovery_stream.json.tmp
                              Filesize

                              23KB

                              MD5

                              a221bc2f557912bb7a56b8bdc3d6854d

                              SHA1

                              18a61f37d203ee7bd415d3dfd526898187f55179

                              SHA256

                              2548eec118fbd470f89220af73ea0e82916cb8baf92004d153fe88122a82e7e5

                              SHA512

                              713ee8ad56d7079b44c552aa281b700c91144e7d137e0273d1456baf5b1a2dd63515c9a6e6c906ab1b48d9c616bb2e29f7282656e96a3c574bde6f44833a5f1f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g2w00o91.default-release\cache2\entries\014E875AB6BC033474568179F18884FCD35958D5
                              Filesize

                              9.7MB

                              MD5

                              1aa2acb1243f99e13680e3b823fba8de

                              SHA1

                              c4c64f33591b2ba72805d636debf71e2defaad9b

                              SHA256

                              b882c8b65c2ae7b2aabe6b1a47dd4467ca1b8869a020c6d1fbe4f0de03075e6d

                              SHA512

                              7e01c45d061123b8f45d52341a97dad9cf056aefca0254d87ebef8753f30169cda5763c81d99adf6c216a84d8c9e1509958b181b420e7fcfd68ee5e53c8804d1

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g2w00o91.default-release\cache2\entries\0A2A8C898CCC4219299D9B66FA68306569BA5437
                              Filesize

                              217KB

                              MD5

                              cf2178ae30f89572ec9e1fd0ff19330e

                              SHA1

                              f3c09c8230213289047ac745b83c22d3fd8746c7

                              SHA256

                              0f3667a17ebe8e1385a4727f7f47f5bfa4ba3689dfe553ba03c30ae0ed8ab579

                              SHA512

                              9024d64982d1291aaeaee06d5d6214d1e62423e28e1579abc78957b48ac99065e55df756c242f31f6f232fb6d154e287e968a018c025b098e8e58e49e84314fa

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g2w00o91.default-release\cache2\entries\2679881610408803C3BF3065544651AFEABA36E3
                              Filesize

                              24KB

                              MD5

                              992f6ac28e9e9e5dd255d9c7b81444e4

                              SHA1

                              886ef8dea845c2598b13b3bdec175f088882afdd

                              SHA256

                              739cfa1fc20e82d0be453850951ee5593c0780afd681df923f2439dbd5fc6b18

                              SHA512

                              2d99ebe06ce7054128e17d7c26d4e67ba4728b08206330e7d2220ab456b254a03ff3ce270c23a2542063380b7a588673ed504ad5671a92825167de607414154c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g2w00o91.default-release\cache2\entries\4410924B84E1BE03128C4D88EAA666038C2C047D
                              Filesize

                              1.4MB

                              MD5

                              beaa683e3a2845c3efb9fabfb8b1907e

                              SHA1

                              ed3245df8422600e77640ed6f6de648c91629e85

                              SHA256

                              42121f1b7db7a35125cf5afae00e08f45f62cb5012c5bf23fb7fab7716de07ea

                              SHA512

                              b3c06d7cbcf4e901e01ab4b65b30c6fde2112707cf3b3f81b83da998fd2f24dabae3e3af51fad46ffde364577acca9f929e06ba613d284fbac11d7df960f04a8

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g2w00o91.default-release\cache2\entries\66B0BDC320124E0305026D2A3E23E4F6A86A3E70
                              Filesize

                              101KB

                              MD5

                              4f769175d1cc7fc4e93258c92840b243

                              SHA1

                              e031c3dc7088d9ada8c8c99a2028e1ef3db3be18

                              SHA256

                              0bd0c569f02f2a0fd71e1d2e965eb159782117457aa80865a87c6b4e2923e097

                              SHA512

                              83fe620a47be569f23112806fb26aa6ab3754a483e9509c60ccd92c4a09e5e003fa00869dbe20d5892e1138e54c5f57da0ddba000fc5a864701b9f46c484ebbf

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g2w00o91.default-release\cache2\entries\B57CCE1A2B5CA4515275CBFCF8D11B5DC073334D
                              Filesize

                              545KB

                              MD5

                              2aac65a5784099e47df6974b67a5e21f

                              SHA1

                              3346c87e2eb9bcb9d7cd81dc175d0c8eafe69bc0

                              SHA256

                              454777f2c1ef3399e5e00930eac8ff5dc20ed9ecd8621466bc4197d8a85d98f3

                              SHA512

                              ebce7d76ad5a00bcce4771e72c384a3c46f9cc89eccdc153057b56fc90618e8087eaa3afb5afb632da80a46187068b013d6b3148e406c4603207b3969479d517

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g2w00o91.default-release\cache2\entries\D05E0DA9C38C303B2006DB7C5D1D134A10912417
                              Filesize

                              24KB

                              MD5

                              5824c596c69e0ae5ae9fc1993f5fc112

                              SHA1

                              e8ec105e0339f9a19c2259563c5608ee4a814339

                              SHA256

                              bf2cbf4843ffba444d30f9366dca02b74a568a9c81e2afe7d0f39f9f21251651

                              SHA512

                              d61f7dfb7178d5f4d9b7bc66475cccc761c13afb89c7eaad3219fd02083e35ae303c84a29ef1d40e481af238a57212708e785adf6792b42a3d901bae7b742aaa

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g2w00o91.default-release\cache2\entries\E60B9BD4DBC486130F50AECFEBA70A537A92204D
                              Filesize

                              15KB

                              MD5

                              01e61be9b6619545a59ac5d13748b6df

                              SHA1

                              f0a777eaf183b46e8e3a5071ab8f24d5d48247f2

                              SHA256

                              2815f520c7dd799ecc3a822a1e694ce112979c7a0c90410f7dbfaf32a00f33d1

                              SHA512

                              1e69b6144e891c2ed1ab2c46cf22f04ed932d67908bc932b5bea038c70b6dc3db15f51aa3d655be09fca3236567a45c78eadf229e4aac0285fc216c6f2530e72

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g2w00o91.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              1c47d2c2df030dae11dea6a4159caae4

                              SHA1

                              e4c3ed3d529ca932c3ab186490fb7aa1d74241cf

                              SHA256

                              9bbb708f94355928d3eb677725baf2cbac4f3648031f8bc0696cad76a55b16c8

                              SHA512

                              93def538b1be1bb5cbbf2b444c93776cb6e5b69d838f0b16044904b0efd7c72bf518066af4f05ffcc1e8df4d09b78338eb834b8644319af40db4f2100970ba89

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g2w00o91.default-release\prefs-1.js
                              Filesize

                              7KB

                              MD5

                              c8e797f4cb8eddfc533ed08b1f887e32

                              SHA1

                              e03ce46a43161b949673e87423b03142b5a86898

                              SHA256

                              6f5238cbc9f492a1db3e3ec6f6b7afa4b1d760e88c88678438756e08a5e7f6c3

                              SHA512

                              7c9cf59da782081436f62142f3426649d366a6257fe35bd9ed819d033483d82bfdae870a2b2ac3a9dd1c1a38125fbe35787fb08f750483a12c3dc6d0a3b3c1bc

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g2w00o91.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              3KB

                              MD5

                              a1164cb8f17e0bad6ff49047ba951dcf

                              SHA1

                              d31c8ead4617c6c7f11bdd9d31778f046b05f896

                              SHA256

                              b0ff515ac0519bd2e350f282a30bd6cf646eed8fe10288380c5230086c8aeb15

                              SHA512

                              977108ce221a06782cb128ddd2bb6410883526e798dc04269e4cdc71916c9d9475bd1ca2cc17835f4229bd483eed3253543846a53f23a4de4cdea1758336f1d2

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g2w00o91.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              3KB

                              MD5

                              0bb7df4360d7fe1acd302bb2b53c0785

                              SHA1

                              28f58f8468bc43e8453594c05f6cc8cfc1f62c96

                              SHA256

                              5306482d0f17f430335ee2dc3986e159e3ce1c1105190ba50e89fad502992fc4

                              SHA512

                              f7ca5ac486ec6716450a800df93d553450ec87cf9f2c473efff31d91c9f108ddc0d84786191a5e6a736d7f2464a8c5c6b011e6b8d699fb456f138959db57769e

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g2w00o91.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              4KB

                              MD5

                              e4d1869c134a88883a0684e2ff0cee09

                              SHA1

                              0c6203a7f55d73578f61770b584423c3d2eb4d6c

                              SHA256

                              71ca994dec9e23ab32cf5798bad1b6962f8d8b1b240fdf3993c6eb12b6a0ea0a

                              SHA512

                              bbe0fc61f45e48ae0f36aa63c26b145dbfa18189c127d3db33684ab732daed0632a2e61ab9d1822e5042c8773b7de2bba1a28bc1738ab6bc543edbffa0283ce2

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g2w00o91.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cfitgirl-repacks.site%29\idb\271096083LCo7g%sCD7a%t2a3beaas.sqlite
                              Filesize

                              48KB

                              MD5

                              38e3b95c00c6672bc7f3c604cb110925

                              SHA1

                              085921f7c2147f18f21529451685195015645a9d

                              SHA256

                              8c1cbce05658e177f22a2127bd799b17595419794468876acb126bbe053e827d

                              SHA512

                              d8a7f3314685126fec9329d00f1a62804fd0ee22066794c17f0a728289b2500c251cf4c3d57ad5c7905e93312a744ec84ef739e8477417832b1468c01dd517ad

                              Download Submit