Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://americanafoo...

windows10-2004-x64

1

Analysis

  • max time kernel
    139s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/10/2023, 12:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://americanafood-my.sharepoint.com/:x:/r/personal/kwccsuper_americanafood_onmicrosoft_com/_layouts/15/guestaccess.aspx?e=hNpmrL&share=EWbEtS9kfwVAqFirgTAOSacBIrHVvcUQSsfIDuPjg1OeKA

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://americanafood-my.sharepoint.com/:x:/r/personal/kwccsuper_americanafood_onmicrosoft_com/_layouts/15/guestaccess.aspx?e=hNpmrL&share=EWbEtS9kfwVAqFirgTAOSacBIrHVvcUQSsfIDuPjg1OeKA"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:456
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://americanafood-my.sharepoint.com/:x:/r/personal/kwccsuper_americanafood_onmicrosoft_com/_layouts/15/guestaccess.aspx?e=hNpmrL&share=EWbEtS9kfwVAqFirgTAOSacBIrHVvcUQSsfIDuPjg1OeKA
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4884
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4884.0.1407942527\1765838851" -parentBuildID 20221007134813 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c284b493-0f1a-4c39-baf2-18dfe533a1c4} 4884 "\\.\pipe\gecko-crash-server-pipe.4884" 1992 116909da158 gpu
        3⤵
          PID:4796
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4884.1.905484128\1081677729" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aefef85-1fc6-4431-b80c-2288dc22ac5e} 4884 "\\.\pipe\gecko-crash-server-pipe.4884" 2404 11683e77858 socket
          3⤵
            PID:2212
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4884.2.602885861\1591467027" -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 3132 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0031f115-beee-4dc0-8d3f-6dd9e00beb28} 4884 "\\.\pipe\gecko-crash-server-pipe.4884" 3124 11694af1358 tab
            3⤵
              PID:5044
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4884.3.1721819038\1654014933" -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b420b511-6a3b-4c2c-9270-251cb8e243af} 4884 "\\.\pipe\gecko-crash-server-pipe.4884" 3664 11695874858 tab
              3⤵
                PID:540
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4884.4.1821618497\421819359" -childID 3 -isForBrowser -prefsHandle 5080 -prefMapHandle 5088 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c27e0d7-ec08-469b-bb75-6e8ced9aa504} 4884 "\\.\pipe\gecko-crash-server-pipe.4884" 5108 11683e6df58 tab
                3⤵
                  PID:748
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4884.5.1657184521\859541926" -childID 4 -isForBrowser -prefsHandle 5252 -prefMapHandle 5244 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8504759a-5406-4494-890d-367568093008} 4884 "\\.\pipe\gecko-crash-server-pipe.4884" 5048 11697124558 tab
                  3⤵
                    PID:4256
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4884.6.76567568\1180569401" -childID 5 -isForBrowser -prefsHandle 5276 -prefMapHandle 5412 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57b51622-f412-416c-8a45-492c0b7e4619} 4884 "\\.\pipe\gecko-crash-server-pipe.4884" 5400 11697851b58 tab
                    3⤵
                      PID:4840

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\snaxaw5u.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  be21ebc83e74362cb79cae794b552743

                  SHA1

                  45ec9d1deed314b6bb55b28a63b966ec5f144b07

                  SHA256

                  445c9eb363b8d3fb8627bd32546375bd03447a919df62fc5632da51b5a304cde

                  SHA512

                  2bba40a52e5b527ffd9f84930ca043c4f04f82187f325133ab66cef53fbcf443dcf759ec120af0c983675c5ab0a2938953bdd4f18fbfdc0f187ab1e0498c7cd2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\snaxaw5u.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  209bc0b9be8ffc07df16ff36cb79db9e

                  SHA1

                  dd1b98c5ff8e459c4350a4498491bf4d7b7bb2a4

                  SHA256

                  7523c520e7aacdc2d4571e48c1570c51a3b25801ca6d2beae8f5f6d654215eee

                  SHA512

                  91ab968afffbc0af8d85777be20021a800e77d252902f5c36ae11a3797deb4145235b9f5d68483fb293d820fce7d162c13dda7ad1ba73ea786323d53b0ac10b5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\snaxaw5u.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  1f2c002aef21b33cca22f14385d250c7

                  SHA1

                  2841244aebec0979d17bcee3b5fc8248449b8b2a

                  SHA256

                  759b998a403accb8ffe72effab7aac25e904eaea210cbbb70ba6ec9de5a1ad4d

                  SHA512

                  4b4936389e34bc0b9c11ddbb605138db16c869fa6ecc8f2ecf67eb4fd2c9ae1f42aeed477adfb1e69390bb54f7209f9c4e09b518d82bb067e7c40b6a781ad16a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\snaxaw5u.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  4KB

                  MD5

                  188072564dd6d98acde46d33a1e83947

                  SHA1

                  58eaa9b23cffcd8a38b227192d33976806cf7f29

                  SHA256

                  447f966aca175d711d519519538c979f46ce9eb1f02cff7c88db3aa7c96145ed

                  SHA512

                  bddf1f82619c0e14fa946126544e94a79491ecbe522cc30978d9e651c982a1e6c9adb8d347116b85e377435e9a6993ecda4d391707e213fd96dd0ae9c7cec20c

                  Download Submit