Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://www.xnxx.dev

windows10-1703-x64

1

Analysis

  • max time kernel
    29s
  • max time network
    33s
  • platform
    windows10-1703_x64
  • resource
    win10-20231020-en
  • resource tags

    arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/11/2023, 13:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.xnxx.dev

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://www.xnxx.dev"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://www.xnxx.dev
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3164
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.0.383976833\1198119926" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1688 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e018a3f4-d68b-43c1-985f-e3f4557cae86} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 1608 1dde77deb58 gpu
        3⤵
          PID:2596
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.1.1627780535\1966389926" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21797 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa3ae398-384d-463a-91e4-1e2c04494d96} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 2140 1ddd5172b58 socket
          3⤵
            PID:4768
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.2.1060563765\1588798602" -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 2904 -prefsLen 21900 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {617e6f8c-d87c-4a40-a40d-6d54acd1171b} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 2920 1ddeb8d3c58 tab
            3⤵
              PID:1308
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.3.402757750\54202977" -childID 2 -isForBrowser -prefsHandle 3504 -prefMapHandle 3500 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83764937-3b8c-42c0-8857-a4d8651a8a31} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 3512 1ddd5169058 tab
              3⤵
                PID:3408
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.4.2108989085\1337212489" -childID 3 -isForBrowser -prefsHandle 4700 -prefMapHandle 4708 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b9955df-b869-4e6e-83fe-bafd3fdbaa76} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 4684 1ddee10b858 tab
                3⤵
                  PID:4908
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.6.1968529307\1381573670" -childID 5 -isForBrowser -prefsHandle 5048 -prefMapHandle 5052 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f88e8e9-e6f8-48b0-bf68-01b7bac054d6} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 4772 1ddee10b558 tab
                  3⤵
                    PID:4864
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.5.654115104\1615894759" -childID 4 -isForBrowser -prefsHandle 4800 -prefMapHandle 4544 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4cfcdcc-f5f2-429b-8b08-7b496ad9192c} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 4792 1ddee10a658 tab
                    3⤵
                      PID:3916
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.7.549424638\989457639" -childID 6 -isForBrowser -prefsHandle 5380 -prefMapHandle 5376 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f66669d8-bbb5-4f74-9c0c-5509bf01946e} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 5388 1ddeb858958 tab
                      3⤵
                        PID:4828
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.8.12048563\726794161" -parentBuildID 20221007134813 -prefsHandle 5348 -prefMapHandle 3840 -prefsLen 26620 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed007821-8b37-490c-8ac7-9cb5d12052e4} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 9612 1ddeb9aba58 rdd
                        3⤵
                          PID:1636

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5699p0ky.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      22KB

                      MD5

                      47d66450c39b576f66f4a351d97a106f

                      SHA1

                      e9819f0577c09a1e89cd5905f031b8dde968ba1e

                      SHA256

                      7797feb1a76d33063c1aba19f75d795303f6fcccb7bb2d724e1d68613dbfba13

                      SHA512

                      e1c111d16788370592dfd693979567b5fcf18ff8738c0a8f64af76e39939e327558c2f125b27e2fffc645e232281ce70a5e66b549153820c212dc3d3b61f16a4

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5699p0ky.default-release\cache2\doomed\30633
                      Filesize

                      11KB

                      MD5

                      9581875e2ee5961bc9c59815bf15ca22

                      SHA1

                      fa19438f868c476cfe022012012381b353f80fa5

                      SHA256

                      1f5c9664784805ef51863d16c2a58bd2b90426df27da85fde6b37313a89e07a4

                      SHA512

                      dfc6da1ddfc5143a849440ca6ea1c204d2f5785efff0a5df6a70eba9c72b2de0f1636c24e54d9f802f1378318b449d5d474290a81d34eeadbc7e293f0c9c6715

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      4bb395949992c8e1fd1994839f865d48

                      SHA1

                      fdd77267d339e0d872aed3bf4edcc2f992f9c3ff

                      SHA256

                      5d420d9da08dd862aa31fdf9826f71db5a33958ec5adfbb629c0a48f3cedcc38

                      SHA512

                      73f688f291a1b9daf8d0eb74a55649d3f54ab2064526c4234dd450b5b0325bbd00dd35e8acedc50b4117d1a11123f28ea7fe5f0b83909cb8261dd3ea7c77b8c1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      9771f25456bf942180e3a9454218e851

                      SHA1

                      761a9150fabd970bab62c25864c2503204c190a5

                      SHA256

                      f0c2684bb95fb2effaa60501ed8a4928315c77ece147e73d3eafcc74341b5b11

                      SHA512

                      2637b2ad9de9db3f9f8d8f83f7b690cd046b78d29766ea66292e80c24ae57c0be2d7f12642ae8b76047e1706b8fe99cbfb2ec36def367103c7b4dea53964db5c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\storage\default\https+++www.xnxx.dev\idb\2135660075ientParvi.sqlite
                      Filesize

                      48KB

                      MD5

                      9b13bd93f5ba9d32bd397e0d4b669818

                      SHA1

                      3a7f3e808a3556a1a654f76906f3039ac08ebf41

                      SHA256

                      3cd58348121114d0b07afcd4f45f0cceea6fe9ea088d56224f7e6e990c8ef901

                      SHA512

                      1295b8ff04976774d7366603363b3f2dd6c09e96b0ddb95e6d18ac3fa8b8cf0312c28a37ee3c335c7004a526c6553eac31e95bfb0e44c48e2ca2fd4524e04a00

                      Download Submit