Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://e.customerio...

windows7-x64

1

https://e.customerio...

windows10-2004-x64

1

Analysis

  • max time kernel
    240s
  • max time network
    289s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2023, 22:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://e.customeriomail.com/e/c/eyJlbWFpbF9pZCI6ImRnVEFvUWNCQU9TdkYtT3ZGd0dNc2dNM2dtVWxnZnBoSTVqRDVPZz0iLCJocmVmIjoiaHR0cHM6Ly9oZWxwLmdvZ2V0LmNvbS5hdS9lbi8_dXRtX2NhbXBhaWduPURyaXZlciUzQStBcHBsaWNhdGlvbitSZWplY3RlZFx1MDAyNnV0bV9jb250ZW50PUFwcGxpY2F0aW9uK3JlamVjdGVkXHUwMDI2dXRtX21lZGl1bT1lbWFpbF9hY3Rpb25cdTAwMjZ1dG1fc291cmNlPWN1c3RvbWVyLmlvIiwiaW50ZXJuYWwiOiJjMGExMDcwY2EzYjMwMWU0YWYxNyIsImxpbmtfaWQiOjd9/70136c0b5712a2c3b847339f42900a91aa2b37288545d58f501c580773ea84c4

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://e.customeriomail.com/e/c/eyJlbWFpbF9pZCI6ImRnVEFvUWNCQU9TdkYtT3ZGd0dNc2dNM2dtVWxnZnBoSTVqRDVPZz0iLCJocmVmIjoiaHR0cHM6Ly9oZWxwLmdvZ2V0LmNvbS5hdS9lbi8_dXRtX2NhbXBhaWduPURyaXZlciUzQStBcHBsaWNhdGlvbitSZWplY3RlZFx1MDAyNnV0bV9jb250ZW50PUFwcGxpY2F0aW9uK3JlamVjdGVkXHUwMDI2dXRtX21lZGl1bT1lbWFpbF9hY3Rpb25cdTAwMjZ1dG1fc291cmNlPWN1c3RvbWVyLmlvIiwiaW50ZXJuYWwiOiJjMGExMDcwY2EzYjMwMWU0YWYxNyIsImxpbmtfaWQiOjd9/70136c0b5712a2c3b847339f42900a91aa2b37288545d58f501c580773ea84c4"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://e.customeriomail.com/e/c/eyJlbWFpbF9pZCI6ImRnVEFvUWNCQU9TdkYtT3ZGd0dNc2dNM2dtVWxnZnBoSTVqRDVPZz0iLCJocmVmIjoiaHR0cHM6Ly9oZWxwLmdvZ2V0LmNvbS5hdS9lbi8_dXRtX2NhbXBhaWduPURyaXZlciUzQStBcHBsaWNhdGlvbitSZWplY3RlZFx1MDAyNnV0bV9jb250ZW50PUFwcGxpY2F0aW9uK3JlamVjdGVkXHUwMDI2dXRtX21lZGl1bT1lbWFpbF9hY3Rpb25cdTAwMjZ1dG1fc291cmNlPWN1c3RvbWVyLmlvIiwiaW50ZXJuYWwiOiJjMGExMDcwY2EzYjMwMWU0YWYxNyIsImxpbmtfaWQiOjd9/70136c0b5712a2c3b847339f42900a91aa2b37288545d58f501c580773ea84c4
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1548
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.0.1753553535\653638627" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1220 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abfaf465-2943-4f09-9748-61dc3bf8c363} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 1292 123d8358 gpu
        3⤵
          PID:2944
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.1.2063360372\1558038998" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f1e516e-9fb3-44f7-a7a8-ec0dd61fe924} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 1508 e88b58 socket
          3⤵
            PID:2176
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.2.1306644597\1763345208" -childID 1 -isForBrowser -prefsHandle 2100 -prefMapHandle 2096 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60fa406d-053d-4439-9ddb-b53badf9378f} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 2112 1adb3d58 tab
            3⤵
              PID:2872
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.3.799461865\409210268" -childID 2 -isForBrowser -prefsHandle 2824 -prefMapHandle 2820 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b34d86b3-60fe-47a5-ba02-67d95c5fa7cf} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 2836 1d274b58 tab
              3⤵
                PID:1236
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.6.1941844999\1331014836" -childID 5 -isForBrowser -prefsHandle 3852 -prefMapHandle 3856 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1625b66f-4727-4fd8-801c-f043e2e86b30} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 3840 1d38f858 tab
                3⤵
                  PID:960
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.5.570422335\1651304740" -childID 4 -isForBrowser -prefsHandle 3688 -prefMapHandle 3692 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dcf6983-8afa-4f02-b067-a302c5d36e26} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 3676 1d38ec58 tab
                  3⤵
                    PID:1876
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.4.2039669800\985849105" -childID 3 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2304b1b6-d09d-480c-b624-aed09165b120} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 3580 1d38e958 tab
                    3⤵
                      PID:1696
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.7.661967704\364477023" -childID 6 -isForBrowser -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2742a096-9879-4870-b48b-88206c4eb18c} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 2196 1af45558 tab
                      3⤵
                        PID:2272
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.8.958676509\613027422" -childID 7 -isForBrowser -prefsHandle 4252 -prefMapHandle 4248 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {403c29b5-f8ca-4b8c-8639-c6dbcfd7a737} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 4268 21aa7058 tab
                        3⤵
                          PID:2232
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.9.641583100\1426467315" -childID 8 -isForBrowser -prefsHandle 3784 -prefMapHandle 3792 -prefsLen 27382 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63b2503b-b789-40c1-a0ef-b77cc41f4bea} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 3460 21991e58 tab
                          3⤵
                            PID:2912
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.10.705924862\1723862097" -childID 9 -isForBrowser -prefsHandle 3608 -prefMapHandle 3592 -prefsLen 27382 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c54d3f8d-c93b-4d59-b2a0-5b5bef92e270} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 3652 1fdfa958 tab
                            3⤵
                              PID:2520

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                          Filesize

                          2KB

                          MD5

                          1cc4ded43f92e9f6914e40c322271c2a

                          SHA1

                          8493699d89f9cf3fb3b9f1add04c51fb982c2571

                          SHA256

                          5a996cd2c4c0529c2a762e5ccbcb459660dd5c884ef977e0633f3de664bd9435

                          SHA512

                          67931219b366b9d5d3e7723f6a1426aaae7bc3118534d6e4a3d1425e08524c2b366e51f92251cce9d7a1c2c1a00013fe11af8aacb9e71592a8f48ddcd92a2885

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\db\data.safe.bin
                          Filesize

                          2KB

                          MD5

                          b656261578797a1173f8a5566dda1f6a

                          SHA1

                          67a406762ef241997c159be9be545a7b2ea5582e

                          SHA256

                          1c54980d7b0243ace6138c9a2ce634e89e1cb7d0f02412499e400a7fe0915dbf

                          SHA512

                          31383ec24895634f26cb4a552ca79659de59bcc102d9412035b9d46c32903f6dae22ef016940f3729737ca65a9ec23c9f48c8771b0a473291d051382cd7db737

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\pending_pings\c77889ab-d437-45de-909b-a99ea6f711e8
                          Filesize

                          12KB

                          MD5

                          88a5d4be8c33fc928f380d9ed7634351

                          SHA1

                          47aff7b3815bda5a01ccd8ac95f2c851f91f0f5d

                          SHA256

                          a35a567889a8e39316b406ae8c87fc27faa55dee7324ca07da36c006646d4234

                          SHA512

                          e4e852f48b79ef3aa1c622752182458a262b079de4f0a2f8c853267ed0a60b2765413915dfa72c5c2ea86c777ec723741fb876c766115418ab1364e3ca4e2753

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\pending_pings\e6c9dca0-70d9-4c82-b305-cf402f08b1cc
                          Filesize

                          745B

                          MD5

                          5eb3f68fcea08f351762928d23dd1037

                          SHA1

                          bac06475e2a076ad07b1c2ee65f036c94d13960b

                          SHA256

                          f0bb861b832cb35fb9a78a7832b90aa942778e51e38ebb036585003ba7d2e41e

                          SHA512

                          56983c7482a18eb176eac591cfba80d87510cbaa0fc0468919ddba03174bb592088c62e368d876dd5cf3dde249f84a84179dc4d29fe5b9ed308713f1efc1b774

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          ea08a6c10f697b72729a64bea9caea9a

                          SHA1

                          19bbf93db0003911ea9485f5ca5a298d61b13cf0

                          SHA256

                          1b140c779c0b5a4859e3210774b9467b64a14f954f6624bcdfebb33449f0c520

                          SHA512

                          b89aa42b3495ff5c6bb1ed3192027d6efcfac3d525e55d3e160541dc404ccb2ad8e44dc44f90e1aa3609a2049e8f635521236e1acf8a3b27663d64b1919f562f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          d9494b798eea56d0f47b04c7a90e27e1

                          SHA1

                          34f0730c282f246fc79ddae6b644a76ff955d776

                          SHA256

                          3108b2deaded39517f6fe0bf1d9fc6f50f9770efd4466b8a7bb01bc68fc8b537

                          SHA512

                          c6fe7f5bfa0169df52250b90f7453766a2dc359068d06d5b55d449c49ab91ce3684161333751d3b53ae001d4012de7b4fef7156e5ef6b136cceb09601ff62b9d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          168KB

                          MD5

                          dc00c2da2f2ec72d74b8473c95983d3f

                          SHA1

                          66228e6e37daa3f05e1ca8f6ea604a9c98d82d9d

                          SHA256

                          1a81de21d80ab64d7646df13286e7ad2f6974a81f285b60c10dd91fc95c82431

                          SHA512

                          b0c16af9e6512c258873da9db180a6a5bfb567d16c79b597c5c1526cc9cae24324e747bcdd12d9470c9f8683b138c1ff3fbc153d4325e259f0fa78b7d562dd20

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          164KB

                          MD5

                          75862f7c8f3c782b99eb0a94ca64131a

                          SHA1

                          0361ab92bd260df352d4429ac129eefd260f3723

                          SHA256

                          1e896f3f317d07d0c80b9e0e5c45841114117705ce615f823fece3b4ccb095f6

                          SHA512

                          83e559ee64f99c7c6ba4e84107e17ee3102bdbc9a134d48a6b15d79d69b8525ac08efbc9c030a2141ef1bef08baa687904327a28d0c12a1385c0b76501751327

                          Download Submit