Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://3d.csm.ai/de...

windows10-2004-x64

1

Analysis

  • max time kernel
    182s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/10/2023, 18:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://3d.csm.ai/detail/SESSION_1696698055_1322418

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://3d.csm.ai/detail/SESSION_1696698055_1322418"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://3d.csm.ai/detail/SESSION_1696698055_1322418
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3904
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.0.1127839412\1012862684" -parentBuildID 20221007134813 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a03ef510-a67d-4e28-a48f-860e6202284a} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 1992 24aeb803e58 gpu
        3⤵
          PID:4128
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.1.223905839\824492322" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2388 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {deb34d51-2b6f-4d30-a5a3-d68017257f68} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 2412 24aea141158 socket
          3⤵
            PID:5084
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.2.191528509\149143877" -childID 1 -isForBrowser -prefsHandle 3300 -prefMapHandle 3316 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be0306de-c141-412e-83fc-8536afc48125} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 3288 24aea95c658 tab
            3⤵
              PID:3636
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.3.909642824\181921466" -childID 2 -isForBrowser -prefsHandle 4032 -prefMapHandle 4028 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e4070b5-09b2-4ea3-9f1a-8d1efce566ec} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 4044 24aef96da58 tab
              3⤵
                PID:3136
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.4.2132049233\1346664074" -childID 3 -isForBrowser -prefsHandle 4764 -prefMapHandle 4060 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41d7e442-fa10-4d55-a33e-ee63708b97fb} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 4752 24aeeef3858 tab
                3⤵
                  PID:4288
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.6.618227621\223030680" -childID 5 -isForBrowser -prefsHandle 4996 -prefMapHandle 5000 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94c9e63c-aa78-4b66-9595-8ccb53e91b85} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 4980 24aebf54058 tab
                  3⤵
                    PID:396
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.5.1741321238\1281574531" -childID 4 -isForBrowser -prefsHandle 4704 -prefMapHandle 4060 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eeab9eba-a2ff-4ce9-a167-1e2a909e703b} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 4916 24aebf53a58 tab
                    3⤵
                      PID:232
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.7.585723628\471290699" -childID 6 -isForBrowser -prefsHandle 5708 -prefMapHandle 5704 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {203077b3-8ae7-4752-aea1-d6e4d55caeea} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 5560 24aed1e0b58 tab
                      3⤵
                        PID:4968
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.8.893283013\1718424867" -childID 7 -isForBrowser -prefsHandle 5496 -prefMapHandle 5560 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cac83dd4-961c-48df-99ac-30a382f1eaad} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 5832 24aee74b858 tab
                        3⤵
                          PID:976

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      22KB

                      MD5

                      bedf27ea5556922e0f1af8915f60caf2

                      SHA1

                      704033de72780889134a77b590632abc95739c47

                      SHA256

                      a180c90ef23aa84dcd89a86e899594bccbfe5c4ff1aabc68ab298b064f03c839

                      SHA512

                      26bae420e64ab341cd88289b8e0123fa42b042bafb0259630f6350a87fbefbfbc1cdccab11e6a203b0fe835dc6081d34f394d18e8f3df9b8d8c015c610c5240f

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\180089313729568CF6D0CAF9991F0FA4115478F0
                      Filesize

                      13KB

                      MD5

                      999774235ea2f847769114dabff2612e

                      SHA1

                      a577cef4064c24e7c280ce06004de4a82c40856c

                      SHA256

                      0b02f4e7fb9f16aa4c1944bcdf4a97ea1d329a87deec4c696693e39b529f67d6

                      SHA512

                      35d0d569ffed165ce0b979a55add0cdd022a6df9c24335051275b9ffcecbb9d24a0c7c8a7e1763b1496f8d47f6bdfb1ef35ce35f7cd835ca3337e7560f17c71a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                      Filesize

                      442KB

                      MD5

                      85430baed3398695717b0263807cf97c

                      SHA1

                      fffbee923cea216f50fce5d54219a188a5100f41

                      SHA256

                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                      SHA512

                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      182B

                      MD5

                      c58234a092f9d899f0a623e28a4ab9db

                      SHA1

                      7398261b70453661c8b84df12e2bde7cbc07474b

                      SHA256

                      eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

                      SHA512

                      ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                      Filesize

                      997KB

                      MD5

                      fe3355639648c417e8307c6d051e3e37

                      SHA1

                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                      SHA256

                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                      SHA512

                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                      Filesize

                      116B

                      MD5

                      3d33cdc0b3d281e67dd52e14435dd04f

                      SHA1

                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                      SHA256

                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                      SHA512

                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      e3583647ce7590212de2cefe4f8f3180

                      SHA1

                      4de61c0803c59191bf398fc7296926f233ed7ba1

                      SHA256

                      6ba55b481f7f14970fc0e06ee011f16f854831ae0b8ff8182b8de624de6c3a56

                      SHA512

                      6fd0f7b45a37794cfc87cb6ecaf33cd353371c1a38211221ae1dfb5c2c916b9349422cd7b0c8c1c86236a7a9aa5c9e6cb5b61f28208a2d43382e0d42befce083

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js
                      Filesize

                      8KB

                      MD5

                      9b3a2912f5dfa97a23c7aaa4e1407e51

                      SHA1

                      5ff275def0f84b61f7e388e24b424c74c354e584

                      SHA256

                      65cbd947013718f215e3b2f2162b8470e8cd7f7d5531c694d23bbf888291ac6a

                      SHA512

                      c888058088a91efd9467e2311297fd2b6650b1e85af5d712d128e96be1322f172bd12f1ca600c543378f0d496c09639e681aacab12623831a2123fa83c45c1b7

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      a746028038a5d15be8d10d79fba3c692

                      SHA1

                      25d1ec9ed84d306ef6edf57725f756b6ce6e672a

                      SHA256

                      0b5257a887ce217a4573631d1a2a78675470d1125527e264613637e20eb11a90

                      SHA512

                      37c772ddc70e912eae3e4ce76e2b8f8cd162111b6f06f77d70c98a7221ad2717fd6d116999cfa20b561762aa7b6d07f5983e8633b2f1d363bafaa8cdc6c1d568

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js
                      Filesize

                      10KB

                      MD5

                      f01b3e9337605e098c1336651241ac77

                      SHA1

                      9a488d468d4b75e41d375026137bc4ae783028fd

                      SHA256

                      4a8bd2c42801f8fdb2028d9f9703477cb4c74580a778a0f2ca5009b1567d5e7d

                      SHA512

                      b56ae217fbd7381298c2074970741da7ea1fe9dbb8c9fc05378020149ed2451319691543102fbc3d64aef0bd7a9223394dd69bf76dbea2fad078e37e698b556e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      10KB

                      MD5

                      3b272ceda91c57535f2aacf38accfefe

                      SHA1

                      d5d43625b7985fd7dc5b5333dea2b28c1055f810

                      SHA256

                      96ecbba5b2b1ae9ff1ec6a8e8e24eab7488a41dbcf4028ab0fcedd7b25288045

                      SHA512

                      f83f0f07898a8008998d45791c6cf5a0b41f6bf1aba987ad8fcebc8ea7ca7f231d24c9ccf2366a01060456117dd991a449a1d1ad443cd48597b549a5863669f0

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      10KB

                      MD5

                      03692870c28f5c4334dfee0bf763a067

                      SHA1

                      ae26888edc5d44a2a52c963bd883a94ca298d0e5

                      SHA256

                      d22bc4ede9d4fcc5acb6d17da7f3b1350b1e051aae411b6c941c93e09e7c6be2

                      SHA512

                      7d282d11019354e93e6d9ff41af58c340ccf7aea317d794483040d9a6609857e016217530eb34096da0fbc3807f3ab0d375a706275102cc4c2d6c37d61306b77

                      Download Submit