Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://seeton.pro

windows10-2004-x64

1

Analysis

  • max time kernel
    30s
  • max time network
    32s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/11/2023, 08:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://seeton.pro

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://seeton.pro"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:564
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://seeton.pro
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1716
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.0.1450879800\1619318284" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1864 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ca8e223-20cd-444c-a5c1-fa11f15852f6} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 1964 142d8eed558 gpu
        3⤵
          PID:4008
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.1.932754648\1847764872" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a787987-d3c6-4ef2-9c40-767e1c8b11d3} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 2392 142d8e04758 socket
          3⤵
            PID:1236
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.2.1549488998\726530116" -childID 1 -isForBrowser -prefsHandle 3628 -prefMapHandle 3568 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6386f12a-2a18-44ec-bff6-d3ed43044404} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3460 142dcdd7958 tab
            3⤵
              PID:2128
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.3.857900936\1848648611" -childID 2 -isForBrowser -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2d49003-e1f1-4d05-b731-74d8ad8348bd} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 3020 142cc661f58 tab
              3⤵
                PID:4416
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.6.1051900081\1430020938" -childID 5 -isForBrowser -prefsHandle 5148 -prefMapHandle 5152 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce4462b6-a2e4-42b7-8b95-18a92523399d} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 5136 142df314158 tab
                3⤵
                  PID:3508
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.5.1002036316\769299040" -childID 4 -isForBrowser -prefsHandle 4960 -prefMapHandle 4964 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1dfea3f-ed71-4178-9870-0d227d0a9df6} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 4948 142df015f58 tab
                  3⤵
                    PID:540
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1716.4.145234117\1455718600" -childID 3 -isForBrowser -prefsHandle 4852 -prefMapHandle 4808 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c417ecd2-40c3-436e-a1a2-19cea897d708} 1716 "\\.\pipe\gecko-crash-server-pipe.1716" 4864 142df015658 tab
                    3⤵
                      PID:3688

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3tq1igo7.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  363724b95379367a0489117ed92cfe0c

                  SHA1

                  1d530bd24e76f9d49434011c72f77081c0e33a94

                  SHA256

                  4b57cd94bfe0f4d76f23e353b3ba7af8cdb6f0d6153da3668edb37ae20ae4540

                  SHA512

                  bde3cc9db9b4654730d3e5a759dd8391904abe624d3215e71c6cfe8a7955d6d1b59033763b4aaacc2cee634610a6d80284f33967109ca416a42db31a9a442795

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3tq1igo7.default-release\cache2\doomed\16651
                  Filesize

                  82KB

                  MD5

                  e15756d4a373df1b0ec68eff96cf15f8

                  SHA1

                  9cbb1acca508da6c0a831e1ee6094d46f6663f06

                  SHA256

                  efed91dad6432ca140b66a3841843136b66092dfe9ce1efdd48f42fe33037545

                  SHA512

                  cfd0c24de6324416fd2d790a57fdd481196709cadaebac96a94401f40f2136e6cd72892bc953edcd9c5bfc1f72499bd1181316359032e59ae81713f0e4d8a628

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3tq1igo7.default-release\cache2\entries\02DE2C16B8997D5835CE8476C15398006968D7AA
                  Filesize

                  172KB

                  MD5

                  03a2868d9b577607834f8b6524056504

                  SHA1

                  09b5b9a53e7ff22836a0ad60535cf20c23ea4224

                  SHA256

                  6c972a5a502955ef28d19a6e1dd60f06a9e58d52e0a871e00fe0493031e4c671

                  SHA512

                  dc4c56783ff9ab2a73f309ea904e4d9eb036fd0a88d2f68f34c2db8d9119cf159fb86ead643bc3ba803aadd75768ca8d44fe393a9b213e76cacdcca67f49c195

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3tq1igo7.default-release\cache2\entries\1C47A2F1ADBC9C791F9D3618190802C31FC5D471
                  Filesize

                  18KB

                  MD5

                  13dd89129acfef2224fb879e43d32505

                  SHA1

                  e41915b14b9c28b6734a6ca2826a37ff2bbd39be

                  SHA256

                  facf7821a6e528b8549a4ec9fb1364e4e5c76722310f5faa2ef427a2a9688255

                  SHA512

                  4728faf4a8f932948e3737ae8804fa7ea2abafc1b4fdaa1d083cee4479e9cfc0e2e1b3b4ffc58eed5a0cf941f3a81f9fefa4814e92434be499bbcc2653b22e97

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3tq1igo7.default-release\cache2\entries\358841DBC836F9C271FAADFC09A273C54E486C4A
                  Filesize

                  129KB

                  MD5

                  2a03ab2694afa828613c345ce8cd3094

                  SHA1

                  cbeb028f76b9dce1f901c1ae0d3ce760cd839a22

                  SHA256

                  f2b287708e62cb08097a3c8ff922ae661bb593915bcd2b91a4ef04123d499fc7

                  SHA512

                  19118b20496340cb4e875156fdbd88dce7c26b2a9b1943d99ba85a15752e1e2a6756a3f7e634a6d6ce704d64c777136b0d5878f9a8ead0a9e21fd41866ecb9a0

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3tq1igo7.default-release\cache2\entries\39B9D7E92958B31E0FD3FCC4EB0DCCAF7FE12E8E
                  Filesize

                  170KB

                  MD5

                  1a03cb0c2a6b0b01653561e9ef29b77e

                  SHA1

                  16dcfebb28c809942524aa6e9b69daddc1b41bd9

                  SHA256

                  accb4d2c0d7d4df1905ade243f01967ee90daf531e91b9ef3e7f8c8d2b1621b2

                  SHA512

                  1dd0cb9e42d35cad04b75c0d0997dcb7688b73326f90d351e8e70d7b7ce9b5bd60f5ddc12f7726b5fad7f5eaf6cea8098a6deb7c5cec2450da1b1890e292d7f9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3tq1igo7.default-release\cache2\entries\440DD7F82158DB8A069A7A2E3DB43BE9EEF23120
                  Filesize

                  38KB

                  MD5

                  0fdf923d30b7df8d564138fc27cf598d

                  SHA1

                  7dd039f3ea6a903ac038360d44fb88cd8ad8bbed

                  SHA256

                  8018f0bb4c2e14d5aa4d3846ed9368a6a31e5ff8b30bb872a1e00a51901c503d

                  SHA512

                  7c904a05c89cc007c3232843846d185838ff6eef983bf61690cc34ad381b4718fda98a1771ac5613dc7734d08dc44771262f10bf55533ee24fbb9cb0dc864465

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3tq1igo7.default-release\cache2\entries\A8FD31D8F4420375895B4FAC44123C510CE2F9C0
                  Filesize

                  169KB

                  MD5

                  fcdb4a4f687f4abd50ba4b249005eff1

                  SHA1

                  b388afd459ff1e0414dadb69dd5fb35c4f4c9942

                  SHA256

                  41e78912666eae61e0d7576bef495cf78bb590e85a575afc2e7c802e53a574df

                  SHA512

                  ba31aeabd21acc453ddb8974cd4bfc7f03213e353a1229bb729aba3389f1de2cf8f95f261263a43f1c3d57971e9ef2cc7069ef6788ed8f8aee48d97fb7a93ab9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3tq1igo7.default-release\cache2\entries\BDB35F67C49502E852D8AC866B0983F623E1C130
                  Filesize

                  171KB

                  MD5

                  d6a7ac37e748fa9f47e1de01d159e702

                  SHA1

                  0ac7884a9d3c229a7aa2b948fe73c0347f174c3f

                  SHA256

                  2e24f5bbf322c34e9fa36ba80b3ea86a2bcdb68cc060ed9f505d8e038ee5760b

                  SHA512

                  91e64aa29655dd012a213c80bee3423d87c56f9108a6cd6d5f3f18338e63ec065a252d7a6137641f846ba9a6fc376d47d4b75aaf8ee92a70c7cc7d1075ee75c1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  9dbbbb74aa376da92c30a5e0fe21f7f7

                  SHA1

                  2a5f243884f168359593d17c1e63d5e96390e219

                  SHA256

                  b97218ac7ce06bd79645039075bfa57a94c5339f21d3c803e80bfdd2d9513313

                  SHA512

                  41f0871c9bbf54f9cc2f37c4afd16189142964220e75613dc28646cb84ad37f39a7f8bf3ced9066054a0f328a0f1994c70ad3177ea0f06757ddb2ecc98815659

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  4797422ebe8b9ab12d538f489638bea0

                  SHA1

                  3805c7cb050b03191c0369d5d4d783a5f0f02f3a

                  SHA256

                  3bc1dcfdbfc5af9090e53882370856472f94fa3b15be00c73975d87b854b4683

                  SHA512

                  d4a5f984877664d2d4441f8ee8d99be129d19c6fcc3a8ed2c785b0e614929ae4b5a90353ac934fdefae61f7fbb0f57a0d48b1b92e8f3228770f4bf140e904e83

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  2KB

                  MD5

                  961108c50bf4b2426e80a9bee726a288

                  SHA1

                  d959a68c8e83c5d691d983bd0c62150bd9d7e08d

                  SHA256

                  9c8f31253747dd65a6b4589d1a20baee49dfd6410649d027e2cfbe4b2bb261d6

                  SHA512

                  3e5bf8c540e1467db86326465b6bd915808ea38b05c049dab79d67429557367635fbf26ce3c56069f77be99980b891aca9319e7ecb31483dc10aa3e4e4292366

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  176KB

                  MD5

                  ec368fcc528eafb8e2af023c57c4a326

                  SHA1

                  53e8e48a6c2bd4d534106c032e6ca6aad37f3a5f

                  SHA256

                  ce7097683cf04296938c4818347dffde6aca3b0c14954faee6fd49b58fc9735e

                  SHA512

                  d6c58683057b63c436711ef703c9a67b9871bef2237cf5840e5bffac031f29c14de4c0fdd48b259b5f6cec2a18c0ac45f07847c2946f9b421e594771a15d533e

                  Download Submit