Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

6

Resubmissions

22/09/2023, 22:03

230922-1yf1vace63 6

22/09/2023, 22:00

230922-1wqghaae7t 6

Analysis

  • max time kernel
    167s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/09/2023, 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1qQ2TG_KrIuu9SNB33WF1kt5edp9opHWL/view?usp=drive_web

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/1qQ2TG_KrIuu9SNB33WF1kt5edp9opHWL/view?usp=drive_web"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/1qQ2TG_KrIuu9SNB33WF1kt5edp9opHWL/view?usp=drive_web
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2220
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.0.99469164\197322029" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8e32afc-98b4-4ad2-9dce-5e596587be1b} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 1964 1a8280cf858 gpu
        3⤵
          PID:4356
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.1.1978241706\1305682121" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 21676 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60c5d4bf-8085-431f-8b3e-c830867d18e5} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 2384 1a814570458 socket
          3⤵
            PID:1208
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.2.222379296\1116033286" -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 21779 -prefMapSize 232645 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ab4e91e-1b5b-4cf3-b1c5-622f23c5a4fb} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 3112 1a82c1dcf58 tab
            3⤵
              PID:2336
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.3.1928264831\159209691" -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c948780c-8ddb-4b92-a74a-c2b66c789abc} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 3656 1a814562858 tab
              3⤵
                PID:3680
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.4.1868827427\2099359968" -childID 3 -isForBrowser -prefsHandle 4740 -prefMapHandle 3920 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75548d61-666d-4494-ad5c-60c932243d9f} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 4776 1a82dfd9558 tab
                3⤵
                  PID:1524
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.6.1494219992\923047797" -childID 5 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f405ff60-69a7-4bf5-a1bb-b2d16c9accfa} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 5112 1a82dfdcb58 tab
                  3⤵
                    PID:3048
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.5.2054022101\651512980" -childID 4 -isForBrowser -prefsHandle 4904 -prefMapHandle 4908 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {765c1736-dd2f-4cbc-a7c2-abd47cb987d0} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 4888 1a82dfda758 tab
                    3⤵
                      PID:2340
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.7.1958174609\214502674" -childID 6 -isForBrowser -prefsHandle 5700 -prefMapHandle 5668 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8176b55a-64ec-4816-b7f7-16d4abe0b816} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 5712 1a82c13d558 tab
                      3⤵
                        PID:4160
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.8.1506677630\774838828" -childID 7 -isForBrowser -prefsHandle 2936 -prefMapHandle 2952 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30b6b76e-8182-4402-9974-6d9e18849bd3} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 5224 1a82e9a1c58 tab
                        3⤵
                          PID:5104
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.9.165892918\839928309" -childID 8 -isForBrowser -prefsHandle 4752 -prefMapHandle 4700 -prefsLen 28271 -prefMapSize 232645 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66ee54d6-41b9-4837-9129-e60a1480ae73} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 4708 1a82ac0af58 tab
                          3⤵
                            PID:5672
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.10.1660984443\170294967" -childID 9 -isForBrowser -prefsHandle 1564 -prefMapHandle 3068 -prefsLen 28271 -prefMapSize 232645 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2da58ba-6ae2-4ebc-befd-021dc97094ca} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 10020 1a82f57d858 tab
                            3⤵
                              PID:1508
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.11.929153520\1879317441" -childID 10 -isForBrowser -prefsHandle 4344 -prefMapHandle 5724 -prefsLen 28271 -prefMapSize 232645 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87a522a7-fcea-44ad-99a1-bc4207967b36} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 5852 1a830bf7758 tab
                              3⤵
                                PID:5384
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.12.760956590\663218430" -childID 11 -isForBrowser -prefsHandle 9496 -prefMapHandle 6108 -prefsLen 28271 -prefMapSize 232645 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09846fcf-4688-4536-b7f3-39a878a6dd08} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 8568 1a8299a5858 tab
                                3⤵
                                  PID:4868
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.13.1073634350\1493110793" -childID 12 -isForBrowser -prefsHandle 9824 -prefMapHandle 4236 -prefsLen 28271 -prefMapSize 232645 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b273063f-0bba-434d-b33a-23a33935f0c2} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 9856 1a8318e1f58 tab
                                  3⤵
                                    PID:5596
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2220.14.623482208\2019704721" -childID 13 -isForBrowser -prefsHandle 8584 -prefMapHandle 10028 -prefsLen 28271 -prefMapSize 232645 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fadb5258-afe3-406f-965d-db5716fd2c8f} 2220 "\\.\pipe\gecko-crash-server-pipe.2220" 10040 1a82f57d858 tab
                                    3⤵
                                      PID:2876

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\activity-stream.discovery_stream.json.tmp
                                  Filesize

                                  22KB

                                  MD5

                                  fe41441d01ca927b89a8d77575ebd544

                                  SHA1

                                  b77591639c82294981614e0c31505c8a5a5463c0

                                  SHA256

                                  6025fb614b869a91b511eef514c8382d9ded09287a838daa29efaf9dc488fe31

                                  SHA512

                                  35dff5cc61ac065b8cea9edf7946a5b3504dfb3d14cf6bdb801207b0ab10f69ef5bf1de15683a04c1f3c1fdeab06882295d4cf615539d709f6ba50238cb891cb

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\doomed\15057
                                  Filesize

                                  63KB

                                  MD5

                                  ea2412180b00c81fab3ebc71b61b85d5

                                  SHA1

                                  399a2e05ae3024737626194a0bd698b080bfb6f7

                                  SHA256

                                  67f1d893f330fa8d4a8339d20ee088660c314d93a9d21d698bf5942f4c10b6b4

                                  SHA512

                                  de0a98f5a82a719485d80504d7511c67dd1c8ddc885a076b9556d4ec3a90ac4bad675c0ed9f7d754e3b086cf004f09f5404add827e6c5b444aaeaab256b53924

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\doomed\16012
                                  Filesize

                                  15KB

                                  MD5

                                  d9c1ca0822f439244278ba1d815d91bf

                                  SHA1

                                  2b1e72f3dd9c1999189df2ed4098ca72b82140fb

                                  SHA256

                                  aa6b2f7bc6f761701063e050e5e006083355d59f536dc62ae33377e775fca479

                                  SHA512

                                  3ae14080c5ef0eab0c5c92e6316b85a0127bf47445c9fa25d116046a5393f6f56cf19fb6950b9486fe0f1c2667eb5849c55512a3ea3502cdf9102c89ccec55e7

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\doomed\17638
                                  Filesize

                                  9KB

                                  MD5

                                  b32cdaefeabda45d81eb0fd2151419c7

                                  SHA1

                                  2eb3c9fc3e63d87a3594b8551b1ab6b5c81aedd4

                                  SHA256

                                  a3cd18b1ee5f632e7cbf8ca5a1207585fd72e30d319a26f716e7f1f693313166

                                  SHA512

                                  d397aa40b765870733419da082f6cfffaa52fc9f72153bcf2b528059efcdfdca4c8fbed3087e2a2d0660497f3deea6a4ddf38c4d4d350a3ee5ec2374dcb8247d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\doomed\3663
                                  Filesize

                                  29KB

                                  MD5

                                  cd08006804b840cdd1964e4767621428

                                  SHA1

                                  08bcdd7b56282257ce6ac9ebd5f0dea7f6dbf87c

                                  SHA256

                                  b9dde4870d6e13665cb79bc7260338b8f7d41f2722e1aceddffb37ea6a01b58c

                                  SHA512

                                  4d5bda58d66dbdf841450a7d2787dbf5becccd5c48815d2122212eb4305fc2615ebceb63c38b6783056076b9f4fd7d2c8a3f89e7d0a5df9542e77dab8f99d00a

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js
                                  Filesize

                                  6KB

                                  MD5

                                  005af5ecf8fcd462f330a1d83cf7ca30

                                  SHA1

                                  1970544d66f2a2efb7649d9163351c983836b707

                                  SHA256

                                  f5fcff6fa4200816b129ed0dcc4b1532c6d7f56d7be9cdb0f44e3be27fd7f1ea

                                  SHA512

                                  9fa8ffa7768230f8cbf593f1493378c61d7c90b3f1aea484bd5e71428226577f9fd9f398db86867db6621bad4deee103caad037e3f03dbd24750a8035ae66baa

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js
                                  Filesize

                                  6KB

                                  MD5

                                  10c1ab0f523711434e2efbf8f39407bb

                                  SHA1

                                  ae2c6c908b0ba855b9da2c900c4f1e05aad61d4f

                                  SHA256

                                  028a8216a3593f4d91ae94638f3c7d20b7ca8c0d96817cd6cd7e718923a0c74b

                                  SHA512

                                  5d19ae00fe5c937673b04428db8e23e7884fc8e3e7d393c6900d5d12ffe8ec8da2f044f61c1fe5c3329f71879249b7e744adce1ad7c43f4eb43005c4aa695263

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs.js
                                  Filesize

                                  6KB

                                  MD5

                                  a4295b574d495b2090ec380bebbab21e

                                  SHA1

                                  35fa80caa42fc40bbf4fecf0c80d132f940eee07

                                  SHA256

                                  e3744bce39f5abd608bc62ee799de79af8396d96192ec3e5e979771f219b6eb3

                                  SHA512

                                  300f953d63cf6930f71018428eb299c9bb440db683c9ace56e8ac278b6e79711e9929744aef048d2efc2fe1052105690ac503ce88df286e9fe6d56a8e50967e4

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs.js
                                  Filesize

                                  6KB

                                  MD5

                                  e2f4471cdb2ae9045782d84e6b2f2398

                                  SHA1

                                  fa7ffcaf3f95f2fb59745990c40121c45397387f

                                  SHA256

                                  30ebd528eaa381bb145b907f88139ae5e1be8fa3813a16f0ff6bc4789938b42e

                                  SHA512

                                  2e0928ff561c42b6bb9c313b9151243ffe359ef5fe290d9168ea56ac52c55e8d4ab297a2e71649c529757332d64b4ddb1217d03ec419b5c485c40364fcd405ac

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  2KB

                                  MD5

                                  b47c69414b295154ea8755f2354f9c48

                                  SHA1

                                  15914bfa712a57a1ca50ab72c2bc7587cbc31faa

                                  SHA256

                                  919c34550f24abea287979ca57c8c3f175e39551271717e2e0921af60afb2a41

                                  SHA512

                                  24358809bd8bf964977c0c0b5952559d50a51de950632b6028d08c6eac6709614b0a0d72b1cf9cb616601f6568c69ee7e5bc590f295f66ac3a2c216aeb5ebdbe

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4
                                  Filesize

                                  3KB

                                  MD5

                                  7b21bf4873626df6645ed68acdcf1bf0

                                  SHA1

                                  3d7bd50a0d1273ed0b0144f65277ebe1bf177efe

                                  SHA256

                                  e7ada33924c28482e59e1a6894bfa86cf5cd0a6a34e273429a281705c1ca5cfa

                                  SHA512

                                  ecaf9a43fd3f129d2c99196bf192a7a0dc35a91f8f4be761571a09b1af20f2a430cbdfd8958f459180e0ae621ac5f028ef370ee15ece48ecefca788c03511bf6

                                  Download Submit