Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.grohe.co...

windows10-2004-x64

1

Resubmissions

03/10/2023, 08:49

231003-kq8g5ahe6y 1

03/10/2023, 08:46

231003-kpdalahe6s 1

Analysis

  • max time kernel
    137s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2023, 08:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.grohe.com/en/corporate/about-grohe.html

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.grohe.com/en/corporate/about-grohe.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.grohe.com/en/corporate/about-grohe.html
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3600
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.0.679088510\1058445818" -parentBuildID 20221007134813 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70cf25e8-18c1-4352-b416-722353b13a88} 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 1992 1e4a85fdc58 gpu
        3⤵
          PID:2928
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.1.875725027\1301771025" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 21676 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee13535e-7c98-429c-b56f-7209d015308a} 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 2412 1e4a7d40e58 socket
          3⤵
            PID:5028
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.2.1323514345\1843374343" -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 21779 -prefMapSize 232645 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d9e3b88-5ae5-4cec-b059-ee462b77e511} 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 2996 1e4a855d658 tab
            3⤵
              PID:4012
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.3.1881010385\1190310489" -childID 2 -isForBrowser -prefsHandle 3908 -prefMapHandle 3904 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {776b1870-952a-4a6f-8a88-301391efa7da} 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 3920 1e49ba6bb58 tab
              3⤵
                PID:4616
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.4.1203522502\2078208376" -childID 3 -isForBrowser -prefsHandle 5056 -prefMapHandle 5060 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1aa45af-8d4b-42d3-95e1-7010c84c41a4} 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 5080 1e4af3f4f58 tab
                3⤵
                  PID:4008
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.5.537696207\54853025" -childID 4 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60a33e5b-4aed-48aa-8569-2587668e84d2} 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 5236 1e4af3f2b58 tab
                  3⤵
                    PID:3548
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.6.2111674039\163540242" -childID 5 -isForBrowser -prefsHandle 5536 -prefMapHandle 5532 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c5174e9-a78c-41a3-b41b-10057001434b} 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 5548 1e4af3f4358 tab
                    3⤵
                      PID:1368

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  1acab054c1ee388c583443677f727114

                  SHA1

                  3c8ba07f0b4c956756f1e2bd83c6ba7f4c668b0e

                  SHA256

                  932d6164259fee7d045ba0a9913b65fe5bbb72b6ef2195141fae43d766c1c2b9

                  SHA512

                  404000de2b32b06e9843fabf7a3b4b36573412421a56edf9433048575e02d380f329b5e49a2b170b5b3b48f7f3e7f8a5c78c86ced57f4f371458a7e1ff63657d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\entries\180089313729568CF6D0CAF9991F0FA4115478F0
                  Filesize

                  13KB

                  MD5

                  0fdec372b903946049518610e2a41dec

                  SHA1

                  33a996b884b514ea7294ff0f2ae8dd3bcecc1244

                  SHA256

                  76098347d294cc64ab172bb70139029e8f129eff6a3b5c53932045d6344b7d3a

                  SHA512

                  bee8f87d79e6f0e994ac0162781ea1f3e7c5e7304faff564e07fcbffafc526f30015e6211d718e72687a784e70dac9bd04c03e329088703c01a34d5f014247b0

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\entries\58A756A796A86993036E1F0F79183245EE2ABF58
                  Filesize

                  13KB

                  MD5

                  49e33fc348bfe3b9a7b35828bfd0f471

                  SHA1

                  c6e3f33aa3073d5e43f08674e47dc681fe0642c0

                  SHA256

                  6e1a96f9855a99a4cce61b5fc1606cd5b631719dbcb24c7350426c82316a8327

                  SHA512

                  67018541040f57743cba222de70479e4762d02974cd1b4e90cfd627e079c7501cfdd1e2b933edc258d884e7d7351bb8e84c37fe3f5f1ed3d58a7a44913fbac8d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll
                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  38d1ee1fd9f5dcff243d35853018ecf9

                  SHA1

                  593999587b27e662b43155b3cb8bf21c2ffd9502

                  SHA256

                  1b5fa2d70bff7bb6b0bad1239a961c8a34bddb34614bc0722343ca69a134542f

                  SHA512

                  53b1345fe3a50932d430d89ad006eb9a50b40d193c99d0a4652f65ac973478c7f261976ce4e41a099a77ead77003c3f7a5edb675ce8b06900e2ba8b2dc6f962e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  1d4a10d807b8d2378c39206c60f575a0

                  SHA1

                  c0944e9fc6b2fec9e6196a5d5dfe5ba5e7c23854

                  SHA256

                  e9ada33c8c51e2999e31e6e3957a916518977ae78a07ae1229a2bc36941065f4

                  SHA512

                  ff81041c46889c0df7bc62bf1b0c189fb8030a294ebc0ae413d0c9152d361900e3f58373d1f8adf337701cff383aa11d8e1f2045d35cb1736688de4e21b7f837

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  0459120adb9dc3666758bf693332f16c

                  SHA1

                  898ba286f3fba78e8d16bce4890c42dfc96ccba1

                  SHA256

                  04bae6ce3296666fa01618988235713b76cb95d482349c6eb8e4eb0196be5547

                  SHA512

                  a0b6d86518b576724b7b4a261c2b8164d1a74250c5c352d5f79f76181c63f7a321b5951bc5ec9280ada72206458aa3c13243fc3c002df10fbf57dd282117aafd

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  3KB

                  MD5

                  5a6081884478e56d5031ebed7e5d0363

                  SHA1

                  c9af3684beffd39393a405fd96c8ba7032186718

                  SHA256

                  70681fbbe9918b806795eb17339e08ca0a324d6fdd2ce7e61c640b3adc37c602

                  SHA512

                  e940f50056e910a10fe6233d835cba37949bd72965822f2d88db63bcc551caa6bf3c05f1830ec4e4c27b242b1c4f5aef711f7410750e41b5184a52ed6894744e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  2KB

                  MD5

                  e8ee56258520e056e57c4ce14f0bc11e

                  SHA1

                  2fd244e7901c39d3ecafae1599d95749536810ca

                  SHA256

                  8fdb9aca41e98815b8e7a1d550e65b3d393c7b6f1522acf9c7b78140f786c3ff

                  SHA512

                  2fe537f60040205226e73937e5afeea68f5929c6b42272d6c0c6cdf070686dadc6d2c70810d0e4a03038c06c0f86774b380ed9069f965beb74689810acb70e47

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  3KB

                  MD5

                  25fd7334a4705c07b5d428cba3366001

                  SHA1

                  400849877baece5bf34863c662365dd22158559b

                  SHA256

                  a0edb8457faee7e2d78b6d624875a7e1dd4a68d02e1361b6edaca20a383794f1

                  SHA512

                  2049174bd646ca13ae0c4b73fcba0a3de56dab5c8b4e26e2d3096223ade43c6c4ef33779bd97dc1a343e342685bdabd39a1037ae9cc35476f15cb5b54e60f690

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  2KB

                  MD5

                  f8a81903fcd098bee8d49195f568363d

                  SHA1

                  b08f00556cd2f1f35b2f3e04462b730b53086523

                  SHA256

                  0027e920c1220e4cca2188b876a00801d1b579b94d032717b8e6b404a2587543

                  SHA512

                  344e3a5d86a67c15c2b1a0662ff44afc72948d1db7fd03ee5ff668fcdf8cbb0ddb36ee69e21edaadbc937783d60a82c6017f128ace8e0c09541f2561c9ee5ce0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  1.4MB

                  MD5

                  36d4445f4767ec923fd087d35da95907

                  SHA1

                  bd333ad264de61f7e34fadbb082d5a94dcb57e68

                  SHA256

                  edba8fe5b69369c4ab4760243bfc15a7461e3642c25d8d79c3ec9556a23d222c

                  SHA512

                  599d8a14cb435b9237fb36769a611fd1769e46b64f35b93e96b8b076833fa7f8ad752e3742528a74261870c479541ee5131ce9c83b2b86453dd7ae7c771dfcd2

                  Download Submit