Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://www.quickcomt...

windows10-1703-x64

1

Analysis

  • max time kernel
    271s
  • max time network
    286s
  • platform
    windows10-1703_x64
  • resource
    win10-20231020-en
  • resource tags

    arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/12/2023, 08:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.quickcomtel.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://www.quickcomtel.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4372
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://www.quickcomtel.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2868
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.0.107307757\2113854242" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad47be97-c15e-426d-8c8b-a08d21417452} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 1780 25573ed7158 gpu
        3⤵
          PID:1116
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.1.1128505778\664760242" -parentBuildID 20221007134813 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 21797 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {645446b5-0e12-4547-b27c-3e843aca98bd} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 2156 25573e03258 socket
          3⤵
            PID:2920
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.2.247955959\940285619" -childID 1 -isForBrowser -prefsHandle 2844 -prefMapHandle 2864 -prefsLen 21900 -prefMapSize 232675 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05a8c72a-de75-4b21-8f48-4a163994605a} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 3012 25573e60658 tab
            3⤵
              PID:1524
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.3.755456164\588776661" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3488 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aadff40-524c-4df2-8951-83eb73739c01} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 3652 25568f67b58 tab
              3⤵
                PID:4528
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.4.1997666713\1111494541" -childID 3 -isForBrowser -prefsHandle 4900 -prefMapHandle 4896 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {948d58c5-ae6d-4347-aeda-2a05e4645007} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 4924 2557b20e158 tab
                3⤵
                  PID:1344
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.6.71931242\2117094633" -childID 5 -isForBrowser -prefsHandle 5064 -prefMapHandle 4940 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41b3b22b-8092-41dd-96c6-022f0ef2ed85} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 5152 2557b20f358 tab
                  3⤵
                    PID:5040
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.5.1593524367\1906405601" -childID 4 -isForBrowser -prefsHandle 4912 -prefMapHandle 4908 -prefsLen 26620 -prefMapSize 232675 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4909fc7e-82c7-455e-95e5-39e1bd2e9bed} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 4940 2557b20ea58 tab
                    3⤵
                      PID:216

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5699p0ky.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  c8fb12d7a105cb68c4eccca9e5e3a642

                  SHA1

                  a6e253eb086cb4368248200abdc550e51b4cb183

                  SHA256

                  f29f34d4ce9357858893f790d150ff1444ef7754b40561095f2209ca3355bc2b

                  SHA512

                  2796797bc2b610dffc003d22d42521369722464a6eea5a03e48b15909a21ebd972ba9f9943900bd6a61381b38c5d1d6ec71ba0255cdaf9420d8e764edcfe1114

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  1.5MB

                  MD5

                  74233efcd0e58f050938a2a4c83319a7

                  SHA1

                  e77f387a7809e65e4bedbe984a024dd2d7bf3555

                  SHA256

                  ed5fac01bccf4294cb5d92a4cfa3f7814f28fabaad9c8cd07784f8a02091965c

                  SHA512

                  c9e5849c3e7eb809b6625bf04780b69e83a0b92d63d67492580211d66998e31145fe28a6d3ec3e25c64322e2b7c7c23447cc9735e77f75d42ad55eb75222e268

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  7KB

                  MD5

                  095cf5a7ccfd5e42c90fec9846134698

                  SHA1

                  f747ec01f9dcfe0de4b1f7bb310faa84cb2fcbb3

                  SHA256

                  fd5a49864732537ba5ee719c620566464fb27b8d52fc6f54354b67cd648aaf39

                  SHA512

                  f9057536dbe1833a1cd0515d4357a42d1a9fe633fa1a7ad3922c577652377655818e3311864f8b2da28650174514bebafa920e24981c9b61bba985a5ec05bbaf

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\bookmarkbackups\bookmarks-2023-12-12_11_5JnbVfQKpKZFi1LPdKzT4w==.jsonlz4
                  Filesize

                  945B

                  MD5

                  2933a99095057c1cde69f8b0c753f53e

                  SHA1

                  41bd1ae5b152bb7e4d545a02792fdb8fe795c068

                  SHA256

                  f18ec741af855223bd10973e07f5569b4f6e2b2e545ae43eda04fb4d57973d75

                  SHA512

                  eac01edc14d91bf58fc72c6080aedb6577156e252ff90b5bb8f8e99c6cb715b7471e6c8d7536b6ede9edb7d23968b25a27fe9bff250e98ed8724c6a415546794

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\broadcast-listeners.json
                  Filesize

                  204B

                  MD5

                  72c95709e1a3b27919e13d28bbe8e8a2

                  SHA1

                  00892decbee63d627057730bfc0c6a4f13099ee4

                  SHA256

                  9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                  SHA512

                  613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                  Filesize

                  479B

                  MD5

                  49ddb419d96dceb9069018535fb2e2fc

                  SHA1

                  62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                  SHA256

                  2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                  SHA512

                  48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                  Filesize

                  372B

                  MD5

                  8be33af717bb1b67fbd61c3f4b807e9e

                  SHA1

                  7cf17656d174d951957ff36810e874a134dd49e0

                  SHA256

                  e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                  SHA512

                  6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                  Filesize

                  1.8MB

                  MD5

                  d811fa1a3cc8a1a63f9b749b72791bef

                  SHA1

                  ffef444863bbbf9a77ca8dacb7b0ee8b350596d6

                  SHA256

                  c0a71d8ed7f58790805589872040ba50536696b879fbcd9602221fb8b50aa2fe

                  SHA512

                  8038dd7abbf98ec8d13844f6cca7b25e973f86ed2c45144fcd3bf59725f13b892d325cf5ecdb9a8f2e370ea47ab46cf344eeed09902c546d7d5c87a30b485bc5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                  Filesize

                  1KB

                  MD5

                  688bed3676d2104e7f17ae1cd2c59404

                  SHA1

                  952b2cdf783ac72fcb98338723e9afd38d47ad8e

                  SHA256

                  33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                  SHA512

                  7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                  Filesize

                  1KB

                  MD5

                  937326fead5fd401f6cca9118bd9ade9

                  SHA1

                  4526a57d4ae14ed29b37632c72aef3c408189d91

                  SHA256

                  68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                  SHA512

                  b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  d2ca1be2aba91a88799fcb3c6b7de21f

                  SHA1

                  000ff62af4ef84c689cb1ca19ae8bd9a1056a706

                  SHA256

                  0f65e1bdf1e8c8cc6b05da40473e0a45c81db6c3e4573f238362ef24055f7e62

                  SHA512

                  ffd4e27b51f19d1c521532e303cd70e3591d05acca196af12cb88ca0bd62d7a13b31aa6ac67bd06de9da3c318fea40ca816547e8acdabcf12f7bfa8e38b57aaa

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  91406dbc622f5686f3c8b4dec5346a2a

                  SHA1

                  1f651ba26b20ebe90ee6ca59098da072b45734ff

                  SHA256

                  45359222f2bfb03557f363c4d06e88da2996794114d889f73aa71d3b278780e6

                  SHA512

                  59c6f0a715efba020b9bf02b50f86aa066bacd01ca4f1d01aee211727a97f26f3db7d82dd990fd07955107a8cd62e8b3e99f4a7516b74ccb3594c79bf5897565

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  b79c94b818c42174df720f30e6054468

                  SHA1

                  57441c3ef226cbbdc8937c3567648859bf22976d

                  SHA256

                  db8bdfc5728b4908567f4ab38110f5fc59a73470d57f7219095cc2903ecc8f05

                  SHA512

                  70274df6cee4f8fc2a2ee318abc17663497a9aac9110eb1b7409650cfa9712025f833b300447a0582f4780c362707130606b10a059838e8be847d7aa155d7b30

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\prefs.js
                  Filesize

                  7KB

                  MD5

                  62d71d0d9662ddff7f5420404a09c6a8

                  SHA1

                  58d56aa40c9d9a3c3cfc7a426d452497139cd3a8

                  SHA256

                  fdad3af7428f9ab8cbf8241af2e959ad806ce702522ba6197f5b41a2e71b798a

                  SHA512

                  7101a1351edd46a388f29e9df133e5bc4f7cebf05d7e3d26bd34fd015a45400cb50e9a92639f13ba23efacaca92998de4f137d1f87e3cd65425f84625ece6e3f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\sessionCheckpoints.json
                  Filesize

                  90B

                  MD5

                  c4ab2ee59ca41b6d6a6ea911f35bdc00

                  SHA1

                  5942cd6505fc8a9daba403b082067e1cdefdfbc4

                  SHA256

                  00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                  SHA512

                  71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  5KB

                  MD5

                  957d82a63cc45f6bc93a199348ef1a4f

                  SHA1

                  42374a4acb94d222adfacfe51f4b7ceb91ee7f6a

                  SHA256

                  4908f305055972f38ccd9109581cf37c3efa0d38c7bbaa0c674bd2f98bd653e5

                  SHA512

                  6b68443a147d522fae3d5c26c126beb3197151756ee68083b593f625d1891c1139f2a8589f16b7a28b66a4d86e204ba4cfe9a825f480078e99ffd653aa4d77b8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  5KB

                  MD5

                  8b1df9e6514aa74f04a9232150e59cd6

                  SHA1

                  5ef2a88482457022a5b3fb7f27906752d840897e

                  SHA256

                  b1a9389173461024f30ba5f15a5c51669fd30993b4ab3e049408ede371c71bab

                  SHA512

                  500df3c48fbe8d50683a38e749de01a4839a2c3ed60348422a71a521f4b3c36e1ecd0c8dd792f097cb3f71e16bec79e8ebd1322c8e151699760fa5488ea2cc50

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  192KB

                  MD5

                  d44e21be747dad3072613e95626ed4d2

                  SHA1

                  2d0f4f49591d810f041bdab0f25457b95c670edd

                  SHA256

                  53724dbf942bf852a51649f2b6fef191303079fa68a5d2a45756b7f3289da43a

                  SHA512

                  7e92a0ec4a1ce269debfb2add4d9d18f117ba5f3f35761106a42b81fe904b86a05fd9218c0f9fd17f1d07b6b1d2e7bcdaccedb0ac29a48323522bdf470d49ea7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  176KB

                  MD5

                  e3839b778f67486a0c428f6478275dee

                  SHA1

                  428ea021e2d72fcab1ff3df7b620f7b62e83af14

                  SHA256

                  c58a1213811ea2698ffc324ba29182ac8f6f6bc3bf3ac015d3660161ceb0cd7f

                  SHA512

                  92cea668782cfeb9bcc2566bb2f7e6e45fddc7d9f09012b7bea3f878adf025588d6df9e38a4ff5d6ead99dc7b7354bbe1a6d3ea0dda748f8fd092f3a151512e5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5699p0ky.default-release\targeting.snapshot.json
                  Filesize

                  4KB

                  MD5

                  6a6c572e9b9b4821a9b9c275277a98f3

                  SHA1

                  8811d1487c84341761617ecc7aa06ce02ff3fee3

                  SHA256

                  25a6252ea1cc3b7de8f46460b0c421d373ce1150d2876efaddc6e1d88499cf8f

                  SHA512

                  76928d9fafde494e960a92ef57ef324a7dbaea334e5296f235325cdcc34ff99662482dc6567687075e96edd43cf620741c01b848718c0a7aacd67720814691e5

                  Download Submit