Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://elamigos.sit...

windows10-2004-x64

1

Analysis

  • max time kernel
    50s
  • max time network
    38s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2023, 13:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://elamigos.site/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://elamigos.site/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4724
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://elamigos.site/
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4868
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.0.1156789920\240007312" -parentBuildID 20221007134813 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d979d478-4dee-4214-ba7d-7034c1dd269d} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 1988 1b9cc1d8e58 gpu
        3⤵
          PID:3564
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.1.1854257952\131484705" -parentBuildID 20221007134813 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ef161b8-5407-4a83-b3a5-921711dd9b7a} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 2416 1b9cbd47858 socket
          3⤵
            PID:3928
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.2.2089084556\1036620534" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 2964 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f47aa840-7a6c-4464-bd03-177ba00bc753} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 3208 1b9cc15c958 tab
            3⤵
              PID:2488
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.3.594650936\1433994972" -childID 2 -isForBrowser -prefsHandle 3864 -prefMapHandle 3860 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9804e998-b5c4-4378-9de7-28e213dde7d2} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 3876 1b9cedcdb58 tab
              3⤵
                PID:1104
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.5.998466372\538347378" -childID 4 -isForBrowser -prefsHandle 4924 -prefMapHandle 4916 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {562a885b-45fc-4acb-99f8-a6372812a136} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 5056 1b9d2cd4258 tab
                3⤵
                  PID:4704
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.6.180842350\840851752" -childID 5 -isForBrowser -prefsHandle 5356 -prefMapHandle 5364 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cf08c0b-80a4-4f74-8d6c-2455bf10d8fa} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 5460 1b9d2cd4b58 tab
                  3⤵
                    PID:1944
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.4.1438298757\1772844650" -childID 3 -isForBrowser -prefsHandle 4892 -prefMapHandle 4852 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e4a1e25-5aca-4b06-9cf0-5ae4ca07e009} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 5100 1b9d2cd2a58 tab
                    3⤵
                      PID:4364

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x00o19f5.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  21KB

                  MD5

                  b73ed339871d37a291880e70f792f43c

                  SHA1

                  e15984c1676744abb478c212b69cf7954b590b0a

                  SHA256

                  82312b2b4dba59532dac038b283d6181c7c2e143065d2d9d2539199c51f993d9

                  SHA512

                  b167c08c5a4d11966b14e70194bc6c71d6f13fd342e884d10d13a8fe5273191fd7cffed5da2d29eb6f62dc1ec35152b96974279d0f03c766267488030dfb8b76

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  4c14565791c4d47163a34cf436bf0e7d

                  SHA1

                  93694380e3c19d4e2be3e149700f925f0c09cf81

                  SHA256

                  cab0b336c4bc7a8338de909ab9d2d3c43b25cc2820f5c97f4df497580dc60c73

                  SHA512

                  80f0a5534077f038228f73b7513418ba11039e5f79edb0760671a940af6292989fc71fecae20fbaa4deb8b2b64bff2197060396aa27bf5bc8258c3d19fff45ba

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  eaa50ab1b5aa59030fac4a47a4d673ae

                  SHA1

                  2859956a60b5987bcd5ddaab0b663536ec55ab55

                  SHA256

                  3083509f5e868b16ee8b6c5f4b01a2e61a3568dd4267267a4095963d5750bee5

                  SHA512

                  0eae7ab2a873548171e67db8c76b4c6572c03e4a974dc7b687ce8532214ebbe4749959ad38dd0c9c8c715573c620e5d85d308e44e53096a9d9778809e8cbcf54

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  2KB

                  MD5

                  739acae9d2ab331b1880a5090e6d7377

                  SHA1

                  09264dc2a1659cbdaa4901ff7315d9afc6ea4652

                  SHA256

                  34483d5a823859ea1d7620dff6a3766d19abbe483e5524ad6818487103d7f306

                  SHA512

                  6b197aacf3f7ce91b2974a22a82f5f5853c0c5c23d1c495fa06a5d3334193758ff7a39b13552254cefe3c38d3a8f26b79c430ffd8a85a7dd0c256dc9609e107b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  2KB

                  MD5

                  14d8ee8bb593501efc67eeae5b0c1ce4

                  SHA1

                  d67b12291ad103bbb2a197fb47a99b0685335cc8

                  SHA256

                  5a34d591a8711e1c37a4fa27c9417cad6055b7c2dba5caa2d6e8455f6b67f196

                  SHA512

                  857aeee5262071f0c89784b01007b2718d7380bf2304cf97730fe8ea4fd91ba8ed223739eaa1a8ded9f3f4adcf13d7527dfa404380aacdaa9f616afcd22e297b

                  Download Submit