Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://virtualyoga.m...

windows10-2004-x64

1

Resubmissions

21/09/2023, 14:57

230921-sb3bkaag75 1

21/09/2023, 14:56

230921-sa2cwaag67 1

Analysis

  • max time kernel
    18s
  • max time network
    27s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/09/2023, 14:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://virtualyoga.mom/Y2w/NTQ3MV9k/Ng/NzMwMTY/MTEx/MTA5/MTUyNTg

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://virtualyoga.mom/Y2w/NTQ3MV9k/Ng/NzMwMTY/MTEx/MTA5/MTUyNTg"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4440
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://virtualyoga.mom/Y2w/NTQ3MV9k/Ng/NzMwMTY/MTEx/MTA5/MTUyNTg
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:228
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="228.0.1023784012\846825979" -parentBuildID 20221007134813 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66424248-d659-4245-ba71-2f7e1860b0e1} 228 "\\.\pipe\gecko-crash-server-pipe.228" 2012 1adbf8e2858 gpu
        3⤵
          PID:3700
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="228.1.1638736611\47787580" -parentBuildID 20221007134813 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8175211d-3270-4296-9319-f9678dbdf1f3} 228 "\\.\pipe\gecko-crash-server-pipe.228" 2456 1adbf3e5258 socket
          3⤵
            PID:4780
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="228.2.1030608277\1746974436" -childID 1 -isForBrowser -prefsHandle 3212 -prefMapHandle 2896 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56b67825-35b8-4ca5-ab73-345610e3c097} 228 "\\.\pipe\gecko-crash-server-pipe.228" 3224 1adc34cd558 tab
            3⤵
              PID:3848
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="228.3.306194604\1954116139" -childID 2 -isForBrowser -prefsHandle 3720 -prefMapHandle 3712 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d44b17aa-245a-463b-9c95-6d126694bd00} 228 "\\.\pipe\gecko-crash-server-pipe.228" 3728 1adc3754858 tab
              3⤵
                PID:1328
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="228.4.1386210128\1814908450" -childID 3 -isForBrowser -prefsHandle 4852 -prefMapHandle 4828 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85fab808-1f5d-45fe-8a67-62e59942ec9c} 228 "\\.\pipe\gecko-crash-server-pipe.228" 4860 1adc57a6c58 tab
                3⤵
                  PID:2224
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="228.6.1796433907\1901303274" -childID 5 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c21c49e-ea73-4b2c-89b1-895069cd8635} 228 "\\.\pipe\gecko-crash-server-pipe.228" 5188 1adc58d3c58 tab
                  3⤵
                    PID:2920
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="228.5.383014321\1850972848" -childID 4 -isForBrowser -prefsHandle 5004 -prefMapHandle 4880 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c3478f3-d331-4799-9d5a-548dc8476d87} 228 "\\.\pipe\gecko-crash-server-pipe.228" 4992 1adc58d1258 tab
                    3⤵
                      PID:4732

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ob75hbeb.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  e8671c57943a5e91325a0f53beb2324f

                  SHA1

                  58c6add98569dfd950d3a1dc00ceaed6d4578873

                  SHA256

                  3b9db0345f1332faafbb7336008d7e6ee5932a5b72f793f7182f2871842288f0

                  SHA512

                  fdb302145c2f14052bb2b2b29ab9b8ef263f746107f3ce2f1957e5a164b16cd6c86f208277ed297e7e08b1328c78088d75ab9bf48751717663afb97368b04d5e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ob75hbeb.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  990B

                  MD5

                  0535929af81ea7f13301c1139fcaeb8a

                  SHA1

                  5e49b87e1973d49ee2da00fa5da9c835bc7f41f1

                  SHA256

                  b8939c92ac8cd3057feb80754f682bfc66480ad44ffb7f21657ce220e4c939f3

                  SHA512

                  b2bfad62321e668f94deade09612268fad25776b7731d699b83009aa0d5d9c02945c5a27efe8045b6424f04e4d57ab2f46c2229a7e4679af656c292643b7964c

                  Download Submit