Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://www.aposcente...

windows10-1703-x64

1

Analysis

  • max time kernel
    32s
  • max time network
    40s
  • platform
    windows10-1703_x64
  • resource
    win10-20231025-de
  • resource tags

    arch:x64arch:x86image:win10-20231025-delocale:de-deos:windows10-1703-x64systemwindows
  • submitted
    12/11/2023, 23:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.aposcenter.xyz

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://www.aposcenter.xyz"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:560
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://www.aposcenter.xyz
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1920
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1920.0.1874943368\1152942392" -parentBuildID 20221007134813 -prefsHandle 1676 -prefMapHandle 1672 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33273847-b79b-45ff-9fa9-1afcb971ef3d} 1920 "\\.\pipe\gecko-crash-server-pipe.1920" 1792 20ea44cc858 gpu
        3⤵
          PID:4084
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1920.1.1694296252\1472017396" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21797 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f0151d5-a9ad-4945-b90b-3f3bbb5d8993} 1920 "\\.\pipe\gecko-crash-server-pipe.1920" 2168 20ea4404d58 socket
          3⤵
            PID:3576
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1920.2.572682182\1422740236" -childID 1 -isForBrowser -prefsHandle 2904 -prefMapHandle 2880 -prefsLen 21900 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4628bfb-68db-452a-bfe2-fc0df93d5c12} 1920 "\\.\pipe\gecko-crash-server-pipe.1920" 2936 20ea445c258 tab
            3⤵
              PID:4728
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1920.3.1614681672\1383954409" -childID 2 -isForBrowser -prefsHandle 3536 -prefMapHandle 3532 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3212c48a-c8a6-42d6-9ba9-2953c8c13158} 1920 "\\.\pipe\gecko-crash-server-pipe.1920" 3548 20e92168458 tab
              3⤵
                PID:4672
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1920.4.1027198117\164080469" -childID 3 -isForBrowser -prefsHandle 4684 -prefMapHandle 4536 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04fa3887-9bf3-4e97-a6b0-fe5869152ed3} 1920 "\\.\pipe\gecko-crash-server-pipe.1920" 4720 20e92168158 tab
                3⤵
                  PID:3120
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1920.5.180374861\1878375739" -childID 4 -isForBrowser -prefsHandle 4864 -prefMapHandle 4868 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21e8f781-2c81-4989-ac10-d744e0c9eb89} 1920 "\\.\pipe\gecko-crash-server-pipe.1920" 4856 20eaae3c258 tab
                  3⤵
                    PID:3648
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1920.6.1947195391\1731427991" -childID 5 -isForBrowser -prefsHandle 5068 -prefMapHandle 5072 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a893504-6137-4c55-bd0a-862245364d45} 1920 "\\.\pipe\gecko-crash-server-pipe.1920" 5056 20eaae3c558 tab
                    3⤵
                      PID:4508
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1920.7.1227378117\663552661" -childID 6 -isForBrowser -prefsHandle 2960 -prefMapHandle 2384 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc31ef49-481b-47a7-8742-dbe7da663ae2} 1920 "\\.\pipe\gecko-crash-server-pipe.1920" 3348 20ea886de58 tab
                      3⤵
                        PID:2548

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9byymrt6.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    22KB

                    MD5

                    1af9b15a6f6ca2d6716f7b03f6e8db6f

                    SHA1

                    33808e380710c5fdac8ab8518cb9a56f34c490bc

                    SHA256

                    f6ef5e3f6e0b3c7984731b4fb8789267918d5465b92b9b07ff4ba4dfa79bc802

                    SHA512

                    11b928a5f0e673f48db8b3a0d562c607ff0897669c249d9011c7765a23246f1d8cc28365de65c7f8d7d5e3bb152146581a643b4bceebd984122cda00683f0c25

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9byymrt6.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    de6ac331eeae149bbc09bc3b1713755f

                    SHA1

                    f1040b36b347f5e941290fca5849b55bd3b58520

                    SHA256

                    9c06ae487d99852ef132d21de3fbef746ff4cd21356583ec19be66e3f7053c4f

                    SHA512

                    30aa1fcd0ade2292fafaddf508aff1d83d0b49eddf1e65c3fb4b2705ab3a0fc90f5baa53580aa095799ad52a777048a5b938a2009f10f76ac96c2aaa0da11a44

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9byymrt6.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    83a3e36e8c543c74b0bf0e64066bafef

                    SHA1

                    9f36c0ebdafec414d290b686597da8a4c5023b52

                    SHA256

                    fc62296434665bf7584d824e81f5e6568aec704d3d9759235e4849094d0b7033

                    SHA512

                    5b53b2030bad507504c6e79b4ecdc0326167f1af9039f295c1fa61ec84ea2136c78f96141a982ee77a29c5592989ea9b5c412aaaf9131a12108476e37c9304ec

                    Download Submit