Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://login.umbrel...

windows10-2004-x64

1

Analysis

  • max time kernel
    131s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 10:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://login.umbrella.com/sso/okta

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://login.umbrella.com/sso/okta"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4360
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://login.umbrella.com/sso/okta
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4392
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4392.0.799758008\2109856254" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b684d794-ba3f-45a7-80ed-6bb61d6e63b7} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" 1748 17fffeeae58 gpu
        3⤵
          PID:2132
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4392.1.1091448578\861202243" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9334c258-26c6-4a32-bac9-9f82c6550e4a} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" 2392 17f888ce258 socket
          3⤵
            PID:1168
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4392.2.1782912187\124589986" -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 3116 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20cca439-37fb-428c-a41e-267c639a5b6c} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" 3092 17f8ba04758 tab
            3⤵
              PID:1084
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4392.3.1781805342\369883198" -childID 2 -isForBrowser -prefsHandle 3344 -prefMapHandle 3340 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a34158a-602d-477a-8843-9b8e6f7c6827} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" 3332 17f8a285058 tab
              3⤵
                PID:3368
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4392.4.1540659100\1323867156" -childID 3 -isForBrowser -prefsHandle 5092 -prefMapHandle 5060 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc1a1b5a-bdd3-4949-a2ef-1fcf7900bbe3} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" 5100 17f8d852858 tab
                3⤵
                  PID:2168
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4392.5.1279443979\1475541779" -childID 4 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4005ab54-b806-4917-a2e3-b179709ad65c} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" 5220 17f8dd40d58 tab
                  3⤵
                    PID:3624
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4392.6.1336865708\893668180" -childID 5 -isForBrowser -prefsHandle 5424 -prefMapHandle 5428 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {306e71e8-aa1c-4b8f-bf8e-764c9e0b5208} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" 5412 17f8dd42558 tab
                    3⤵
                      PID:4292
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4392.7.572527773\792181997" -parentBuildID 20221007134813 -prefsHandle 5084 -prefMapHandle 5252 -prefsLen 26577 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f16d1c86-1bc8-4755-83d7-dae10ab29c7d} 4392 "\\.\pipe\gecko-crash-server-pipe.4392" 5076 17f8ebc8958 rdd
                      3⤵
                        PID:3288

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    22KB

                    MD5

                    8fa9ac5adfcb15e19ea95c2aa60c7da0

                    SHA1

                    1a4a0d59c91024b7f20538a41a5242d4c963d5bc

                    SHA256

                    32fc8b1169a82542d8af0f22322b23f617cb8bbf71ce6107b2af1279dd7c5f5a

                    SHA512

                    11f1cef1514d2175fc7355ebc576cf5c4a77132a6215b508e4de30c325bbf9900879bad8880b0edc93a7207e36fa9facbcfe0cda375e5885c074576c6872fc01

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\cache2\entries\180089313729568CF6D0CAF9991F0FA4115478F0
                    Filesize

                    13KB

                    MD5

                    5f8177607dd5f017bd64a55be9e44534

                    SHA1

                    c48f4ce81acb891f310d6191603fbe5cf1d012d0

                    SHA256

                    16ee0885e25cca645cc38ba6ac57a3a4340493a10ea34b8153376b4a3b558a46

                    SHA512

                    c81e1bea8883ebc36b02f6c83dce2f09abeebdb871daf6e26599dc46e7966c5d52392d0f2c8acb7d2dec2ca5ee68631dae3f2c30b61c11df7800ce507d4753cb

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    442KB

                    MD5

                    85430baed3398695717b0263807cf97c

                    SHA1

                    fffbee923cea216f50fce5d54219a188a5100f41

                    SHA256

                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                    SHA512

                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                    Filesize

                    997KB

                    MD5

                    fe3355639648c417e8307c6d051e3e37

                    SHA1

                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                    SHA256

                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                    SHA512

                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    3d33cdc0b3d281e67dd52e14435dd04f

                    SHA1

                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                    SHA256

                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                    SHA512

                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    790bf5e768c6bc0721fe812224a871dc

                    SHA1

                    a40bb685bbadb6be4321c4c08a82a55a18b7cbc4

                    SHA256

                    cc16941468ca676852e7ae04cc8ab3fe255ac6f38e721a8052723dc99dd5e3ad

                    SHA512

                    311a29d0fd7b7322d705c3e96eb4241f1900a917b46c83711c36040ba7050c91aa2985d31faa599971a7e5116530c81666807a4cb5cac6c45f22798990310e12

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    2c7964f331e9c385a2f191691538c0d6

                    SHA1

                    04bcf75c68b748b5d43f93503dc22363ec399d9f

                    SHA256

                    2b2c1fc0d17c98fc2506d9be1482314f2752b5c88e4f027b6fabc4d35d6d612f

                    SHA512

                    08306b302fc0dc96ad8a9d829e39d67b7216e302b560ff739d287c28554d3d123101680cfd93dd44639b38e5a436313c63b9f84c389d80d88f06f07b08e9b2b3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    8KB

                    MD5

                    b88f0ef5212d3c1ab35057712f8b0dd5

                    SHA1

                    741d7d376c64167b3f2cf1c35e89f344ba11c30a

                    SHA256

                    0822ede585f9689a1c4cfdc42bb9e36fb09f165e8458f40053720257aa0b8a29

                    SHA512

                    8696aa454af3c32210f6462af4f194002a2eb3f3f8d1f231fe00f39d4c233c7fb6ee39e20f9d2045d664da563b62f70518e120dcbc53d9e96617324e85197c8b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    8KB

                    MD5

                    602d702052cc733305f480c0bddd7005

                    SHA1

                    5339753ce5e0885f02126941a9768bd2c2b9116e

                    SHA256

                    0b44f69df3ecc964012bb09a6580a781a1372d1f12b38a7cbc25ed4efba2939e

                    SHA512

                    5c7d992569ed85f13786576b2b7d20c8bd8e4cc78fe51e9ca47f4a76c170a9680c695edeaf83408a35f8bd12dbaf343dc9e683206864e099023ef7d3f599ba1d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    8KB

                    MD5

                    615608dee3f363864cb6f518f104dd5d

                    SHA1

                    82f50d796a80b19c9e48ffb7b14e058427cd52a0

                    SHA256

                    756ecb56c2ee3bb990269f7db595b364d52c0aa213b65c2e403c4d8b02c79222

                    SHA512

                    186424b320274ad40ee2618e48e2edef748d89b047d69be291cc025a38b49e6af41a99251e760a82395088aeef9d04756a2ab2dc51da6ab2793ba3690ebf7faf

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    1.3MB

                    MD5

                    d756bda4924fdbe173e0d9306b64ace6

                    SHA1

                    a0b0b9da4ee7bbc64bf74e23f3cbafb0dd373f70

                    SHA256

                    36ef62c2f2d87e1f8159095afaffdb918d6361f2c4727b57b5d3897d3cba60c9

                    SHA512

                    c04222afd145e7b194ebdcdeb7857365761aa9a508ba3cd080434a4645dfefa2740ae31e4c29d4bf0c95d0c8f3a694e506fff1247cb2821379e1144eb6fa63a7

                    Download Submit