Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

https://wizink.ptlog...

windows10-2004-x64

1

Analysis

  • max time kernel
    103s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    22/11/2023, 15:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://wizink.ptlogin.online

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://wizink.ptlogin.online"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4500
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://wizink.ptlogin.online
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4712
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4712.0.103396403\163242273" -parentBuildID 20221007134813 -prefsHandle 1916 -prefMapHandle 1912 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {951cf43c-0527-4644-b78f-be86134e894d} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" 1996 1b678ad2858 gpu
        3⤵
          PID:2076
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4712.1.1256734716\1011562446" -parentBuildID 20221007134813 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e72afc91-3979-4a9d-81d6-d89105335142} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" 2420 1b664d72858 socket
          3⤵
            PID:1680
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4712.2.1110096276\1864830690" -childID 1 -isForBrowser -prefsHandle 3316 -prefMapHandle 3332 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0339f6bc-d4b1-4a86-a372-0dc8306c0ccd} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" 1728 1b67c1ede58 tab
            3⤵
              PID:3896
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4712.3.423935081\23521516" -childID 2 -isForBrowser -prefsHandle 3592 -prefMapHandle 3588 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {412139da-f1a5-4c3c-a705-25bc6be0518e} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" 3596 1b664d6a858 tab
              3⤵
                PID:1260
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4712.6.1431669316\1327213416" -childID 5 -isForBrowser -prefsHandle 5296 -prefMapHandle 5300 -prefsLen 26671 -prefMapSize 232675 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c8ce595-47bb-4c91-9176-61b4b625b525} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" 5288 1b67f137558 tab
                3⤵
                  PID:64
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4712.5.1341246041\1700564837" -childID 4 -isForBrowser -prefsHandle 5096 -prefMapHandle 5100 -prefsLen 26671 -prefMapSize 232675 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b3ae7e2-f7c0-49fd-8d5a-de49511e779e} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" 4964 1b67f119458 tab
                  3⤵
                    PID:844
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4712.4.1593168201\480309392" -childID 3 -isForBrowser -prefsHandle 5000 -prefMapHandle 4988 -prefsLen 26671 -prefMapSize 232675 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eca43fe-35ac-4005-9c2d-ac3fd720e1a5} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" 5008 1b67ee36d58 tab
                    3⤵
                      PID:2028
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4712.7.2013065553\1442577103" -childID 6 -isForBrowser -prefsHandle 5140 -prefMapHandle 5144 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a66440db-3275-4bf0-80d0-1f33b1c430cc} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" 5132 1b67a381558 tab
                      3⤵
                        PID:2768
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4712.8.568734777\120309273" -childID 7 -isForBrowser -prefsHandle 6008 -prefMapHandle 6004 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bef2966-5756-4f33-ac4d-c9d1f96bfa7c} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" 6016 1b68021fb58 tab
                        3⤵
                          PID:5324
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4712.9.1702877132\457409542" -childID 8 -isForBrowser -prefsHandle 5224 -prefMapHandle 5260 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91e0449c-0a78-41af-a7f9-f14d6ce59463} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" 5588 1b67f629e58 tab
                          3⤵
                            PID:6024
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4712.10.616061830\1122972577" -childID 9 -isForBrowser -prefsHandle 6392 -prefMapHandle 5940 -prefsLen 27391 -prefMapSize 232675 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {997fd8b1-2328-41a1-bafd-63f98b071ab5} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" 6416 1b6828bc458 tab
                            3⤵
                              PID:4148
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4712.11.1750923377\1412601270" -childID 10 -isForBrowser -prefsHandle 3356 -prefMapHandle 5968 -prefsLen 27527 -prefMapSize 232675 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fb037c9-f5f0-4d29-853e-e1f933733075} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" 6048 1b67d964158 tab
                              3⤵
                                PID:1688

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3tq1igo7.default-release\activity-stream.discovery_stream.json
                            Filesize

                            22KB

                            MD5

                            6ed1c5426021a85ad45a4e81506ab97e

                            SHA1

                            afdace7c45f024bcbb42922c8ad4baf6cf7792af

                            SHA256

                            89719e3d7ac3cacdf25d8d1a309dca52826773803158faf320ce497fc4e40e77

                            SHA512

                            727785309fec5dad573b782140bd75c70c23ff207f9b9fe809f10aaf0020992f9d3f31bc1ded70402f10b38eb5121df9ae560c568bf557a5045ea6868e29ad2e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3tq1igo7.default-release\cache2\doomed\11723
                            Filesize

                            8KB

                            MD5

                            ebd2a49d34b0df0d2f070edd1b91ede7

                            SHA1

                            34722dd7b1093c71b545903830157f87a21da5e3

                            SHA256

                            b5e21863730631269794c573e6ba2abc645d8df39a2a17726c36cb73898bf1e5

                            SHA512

                            28ba406422038eae620ae8292aa12eab7fdfabcbdc78c729287f1422a4c7694b5f077bdb841c8f783aa8839aa2cd6bf646d95a275f17af18d21a1718d00742f3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3tq1igo7.default-release\cache2\doomed\8583
                            Filesize

                            15KB

                            MD5

                            a31fa54c8c55560b3f9ae31ea32f10c0

                            SHA1

                            900a3b9f28abeb4685020109a2d619f0433e97ca

                            SHA256

                            e735c48afbfb568c1b900c228d2301716e476954be5150f0e43588c8d490fcf3

                            SHA512

                            94e0e2efc1605db80c496a669d64b72bce8ce82c4ca66675d459fe04c46852a9ac32d00a1699c0afd85968d1d50a93684ec3413b140a7fc1e9ca729d70a897c2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\tmp-h0p.xpi
                            Filesize

                            4.0MB

                            MD5

                            f439f88456dc553ca7871203fb7b03b9

                            SHA1

                            45cd8c836288dde7174dc2ae7809dfd528f419e8

                            SHA256

                            5ce7249f2ab820879190fcb057631ad104840049432de9165f79e4815a47807d

                            SHA512

                            79723007a143529cf8e24e39038f5f7c0c8916640eb86f3a40983107c4aa48f2cd2db403a300e0f269de733e269a398f6d1ca69630627f231936d9bb10fbd9d2

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            44c682c138fcf6dfa6050ac2df6b32ec

                            SHA1

                            a200dc6e49ab21d1ecc4a7146a118a310dc695c4

                            SHA256

                            74dbcdb1e382477b25ad4c548f44b7ca8810624021d7c0e7948760757ca6e6b6

                            SHA512

                            c93c7a6eb2e581c7aff6cb209e72d92f44224a40e6366d95a1df2367256aa58a504f9e18104d26b43984ee0e7510fc52c2cf1518f3b589a5345948d7746608a5

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\prefs-1.js
                            Filesize

                            7KB

                            MD5

                            3536d029977b3499fd5cf488b9a4383c

                            SHA1

                            6eb0059ce6aa6b4f7ac245139c4b531a448ba7e8

                            SHA256

                            7f539b28a1a9cd7d55232ba346528cc53a4e6d7c7c3367514bcd7ee4829c0378

                            SHA512

                            eb028c78c763f8635e1812cbcc09d202c0f9bd20c0c244b9cbc8c338c72e6a379b845aaacd077c5d6c0a7603b36016772bdc918676ff3b974b048d63e6fb9cdb

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            75234164def636f508742a9e556f5339

                            SHA1

                            bee41c26315d2ce4b8a584b46dcb0b80cd2b055b

                            SHA256

                            66f70e484b68b329956ada1ca67c836b1e636ba2116e5a393a22bbe21145094a

                            SHA512

                            127dfe764a6cbd17582c60bfdf5bb1e96edabc9fb78e327f41dcd65574c5d0cea33ee01a281cb1a5ec68054419f5e669a604178272912c7de3637be5ddbf874f

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            5KB

                            MD5

                            23b079acb2a992f5e4c3f041bf3b2a88

                            SHA1

                            27071b9892fb5af9858755ad8e6782a5de0afe81

                            SHA256

                            0fd64e8d0be8fcecf8bb7751f314e563731d2cde80c4642b64ef9e8eb40370ad

                            SHA512

                            9320134db2a25e06fe6e9dea22592ae5a8c31e11e317828a395642daca36a87321b82a90bea352d57242a4c154bd1c4fcd88f63fef65763286ea185d96078019

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            989B

                            MD5

                            9951553d2ac6dd416a1ae308d05ae0af

                            SHA1

                            b0a18e692163aa7206b8379f93150c53fcc09fc1

                            SHA256

                            9e9a331ebf93aa9cdc8ce887074a06f771f46bb6e9c6c4aebf926edca85506e0

                            SHA512

                            0de5a9675de4a95b38f5ec60bfbc6cb1b3563c33c6a2bc3d2c3ff6d705bec3df201532c053891cae02ac3fe3ea5800bcba08facdbe75ac8d06762f4000d41632

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            5KB

                            MD5

                            e8cadd43865d6387260f5f616fa910dd

                            SHA1

                            51b79246a8cda4031790d43b976f5f72f3b57c50

                            SHA256

                            5d5f993ae300d040ecc5c15e505944d1299efba89c7ed716e9085aca9e5cf7d6

                            SHA512

                            4956bfec4ea0111ac1c42ab0f3b0d0a7c747a5d8306a93325973ef8763f9b172f9ba433073c78f42a90982bbb9cfb2cf82cb55f4bcd631bb030bd8304b37a9ea

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            6KB

                            MD5

                            b3b5ec023167b9d1d89893962e49f6d0

                            SHA1

                            25bed56f7e2387c2803ca4d41d3e1efeee2dc2d8

                            SHA256

                            a5f687181704b27b5f99a007d0b6dba0a597fc4e76866e0fac9890f09d9c634f

                            SHA512

                            3ea097dca3583dcd5e66a470644c99faba03355e2b36b57b5c288f59a160ecbd8c24d6905cc9af3075f1aaee4491b87aca21bb28eef4c4877ad5ba9ffccc5c79

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\storage\default\https+++addons.mozilla.org\idb\1310459950addndeotnnso-rf.sqlite
                            Filesize

                            48KB

                            MD5

                            376928d564b97ff3ecd123747874fba1

                            SHA1

                            bf94a3156c70022962cd3962486576f0fd76d628

                            SHA256

                            ce3574f735da77930b9d18d8f9a1abc98ecfb291b969dfad53813843e315ef66

                            SHA512

                            af5e50427f957304aa9892561c1d369fbe309d6b5e3b163c78bd608f2e71c8ad341c2de387a86473e0992e403f7e258a17806c313019056e65ace56fbccffe9e

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3tq1igo7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                            Filesize

                            176KB

                            MD5

                            ec368fcc528eafb8e2af023c57c4a326

                            SHA1

                            53e8e48a6c2bd4d534106c032e6ca6aad37f3a5f

                            SHA256

                            ce7097683cf04296938c4818347dffde6aca3b0c14954faee6fd49b58fc9735e

                            SHA512

                            d6c58683057b63c436711ef703c9a67b9871bef2237cf5840e5bffac031f29c14de4c0fdd48b259b5f6cec2a18c0ac45f07847c2946f9b421e594771a15d533e

                            Download Submit