Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

https://github.com/i...

windows10-2004-x64

1

Analysis

  • max time kernel
    53s
  • max time network
    48s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2023, 15:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/isolationisbest/little_tittes/archive/refs/heads/main.zip

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/isolationisbest/little_tittes/archive/refs/heads/main.zip"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3488
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/isolationisbest/little_tittes/archive/refs/heads/main.zip
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1540
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1540.0.701724218\1406536409" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1f07b78-daea-447c-ae4b-fcaa1e2c5c9d} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" 1944 20510fd7b58 gpu
        3⤵
          PID:3828
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1540.1.1203268677\1811782257" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 21676 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fd88db1-2adb-4130-a2d0-e898a7afe318} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" 2368 20510efcf58 socket
          3⤵
            PID:2848
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1540.2.1843076236\934569054" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 3312 -prefsLen 21714 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d499ce5e-89fa-4be8-ae33-b3fd5982f863} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" 3252 20514ff3c58 tab
            3⤵
              PID:3376
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1540.3.681369442\452561306" -childID 2 -isForBrowser -prefsHandle 3896 -prefMapHandle 3892 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eac609c3-269a-4452-9fb4-e667f4631ef0} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" 3924 205143c5d58 tab
              3⤵
                PID:400
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1540.4.2141030679\1986146656" -childID 3 -isForBrowser -prefsHandle 4916 -prefMapHandle 4912 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce0927b2-9095-40d2-9a87-d88068c5f9fe} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" 4824 20517a37b58 tab
                3⤵
                  PID:2212
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1540.6.1499202018\1963239729" -childID 5 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfbd1830-ebe9-4b18-8cb0-f7bcebcad9ab} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" 5232 20517a38458 tab
                  3⤵
                    PID:2784
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1540.5.2036574838\769709988" -childID 4 -isForBrowser -prefsHandle 5052 -prefMapHandle 5056 -prefsLen 26593 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {befb3f85-bf8e-45d3-8764-88eff061c67f} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" 5040 20517a39358 tab
                    3⤵
                      PID:3872
                • C:\Windows\system32\LogonUI.exe
                  "LogonUI.exe" /flags:0x4 /state0:0xa3963855 /state1:0x41c64e6d
                  1⤵
                  • Modifies data under HKEY_USERS
                  • Suspicious use of SetWindowsHookEx
                  PID:5324

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uzw33i5d.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  6a34ba4b58079dc90afbaf66b0383c35

                  SHA1

                  3456783a00c73a7a49eabaed6431418b811bc7a8

                  SHA256

                  db37ab8fb24ad0c940e84a25c1b7777e0f5309b236b3472cd6ca325e16bff950

                  SHA512

                  2ec2086f66e1f13e59b38669a26339a944b33ae39e2588f628351a53a0e95b7732e2e3ce2e8dcbdfed742fb3282fbce26a961cf18704705a06ea84f98bd3b447

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  d83e08f37a23472bb150d3b72f4cd8db

                  SHA1

                  761177a5370e274a634629bda41178c2638b78d9

                  SHA256

                  81077f0cf861c02fa3051162688bd71e6c1b54538cb44e9384d4c483807d05db

                  SHA512

                  4d0a5dc8a65ed1e7fd649a52a8db9a8006c9fdb27b27ad1e680d25982661e4b734a7553ff53276a919f87b1c29685b96d128f8853aaa2c247f7477cf54bea387

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  b6b5d4d7df93ba96ddc66a6fa32b3b1f

                  SHA1

                  052b41eb378c06d5615e7fc6935b62a250c163ca

                  SHA256

                  e3ec7ce212c45476af3634b1e5af19592c925db233ce18b9e8547dc3cfaf6023

                  SHA512

                  a80341ccef0b7a26513394056398f1a459312ba3a62b998c77cc68cdb4978a0b8e871803740adf0d5c1a7b0c5891fd69ec486624afe5f54d7c5913a0abd9aa06

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\prefs.js
                  Filesize

                  7KB

                  MD5

                  f5bb9a7e354bb27cde9ebf078b7ca1b4

                  SHA1

                  c6a3d2044097a19c141ee95439dbef39370b873e

                  SHA256

                  49bad9e5574eac54454921533b56e6521c156d6bad76447f5addefbeda3492eb

                  SHA512

                  9843d4dbe5a3bd6a6170f94b2387b78a69ce07a081a2f79c5efd0f0452782f2e05fb275e4790cec343c576ae27235533fb252a85fa23306f08ec1487792a214b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  e63e7e8f39975ae250eb88c76235fd05

                  SHA1

                  72144819a274e7fedfa75742d205b5faa70b829e

                  SHA256

                  354887450ad5ffc73667ff380a9fe851e49f08fa3cb0fc05663ffb90d0aeee8a

                  SHA512

                  703402e103f5c39280740f33e016c38592b9affac68fc1f9d555359c737b6ce9783a377abb985f8737d696f7165ac88f5aa2c6cad94c6eb0a330e2799cc3d2ba

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  5a4481d9c56cca6f954e1752f774ceda

                  SHA1

                  ea05f989c40d58e43ee988a73d24ad8fb495c5d2

                  SHA256

                  8092018c0ce87710d3b5aa4721a4621efd28591f1634748f94075a840b6fc63a

                  SHA512

                  16e4905dabec826f9dabe8e9c95292753e8bd07ccf2fa7fd9ff4a95fc4dd08f25d73a8a8bc0263303655d2381faf64ffed3bfc585170287bc39fca444fba637f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\sessionCheckpoints.json.tmp
                  Filesize

                  288B

                  MD5

                  362985746d24dbb2b166089f30cd1bb7

                  SHA1

                  6520fc33381879a120165ede6a0f8aadf9013d3b

                  SHA256

                  b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

                  SHA512

                  0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  3KB

                  MD5

                  7e364b014f11d21cf1f52a1bbe65d498

                  SHA1

                  0f892e0bf34590eba08cc1c901f469650be58203

                  SHA256

                  7ca925acb710cd639f67f43162268862b03b94704bf68c0c61d40cc0fba498f5

                  SHA512

                  c920bf2f446a513adda603d0d0a39f4adaa6c4aa5f23872d1f98d113f932e5552a2f85781b9db8678f638d61c9260574072a61a83b51fe0a0a459ce66bc11386

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  2KB

                  MD5

                  08ef38a632b208e255f0803665f55cbc

                  SHA1

                  21f27c7bedba13cae223abc876f430353eabb8b7

                  SHA256

                  4ea11dafd46bd69dfc280268e518acdc76ad7f3807a1d61c191e7802ec9d3abf

                  SHA512

                  b861a3de4a1d1f91009baca4f1b8d4429b05632aa2461f7749779a469b4cd446e64f8e5dddff0c77e2f06c25cfada19e1e5e0609da2b8e804be14a3b6aa1962a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzw33i5d.default-release\sessionstore.jsonlz4
                  Filesize

                  2KB

                  MD5

                  c955f903c89b30302bf71b072d220cfe

                  SHA1

                  aa9073cea2177417bc5d39bdd62552e8ab608cb8

                  SHA256

                  157f21d1cf889414592b4659a7574a642cd8908716e918bf7c63c6c5c060e5a4

                  SHA512

                  d3fde4467f26bd14d6fa02aca9189f7550ff08a605690d87cbd2cbfe6c1c5efb7677d937de4cd22a8e0cca6405e1148546b70ccb8b1e6872f974aa9ee9ca26bc

                  Download Submit