Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://tinyurl.com/5...

windows7-x64

1

http://tinyurl.com/5...

windows10-2004-x64

1

Resubmissions

30/12/2023, 15:22

231230-ssb6pscec6 1

30/12/2023, 15:19

231230-sqaj4acec3 1

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 15:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://tinyurl.com/53rrc6nh

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://tinyurl.com/53rrc6nh"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4540
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://tinyurl.com/53rrc6nh
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4756
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.0.1608117346\572834993" -parentBuildID 20221007134813 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11875e47-7e8c-4a09-bab1-4f78f5d1b6ff} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 2004 1af7edd1658 gpu
        3⤵
          PID:2044
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.1.1436024375\859582893" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a4cfe51-7730-40b8-acec-2dc557ae9541} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 2428 1af7eaf0a58 socket
          3⤵
            PID:212
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.2.1388574507\652888352" -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 3080 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f700b6f7-c92f-4da2-8d3b-26ad470bdc7b} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 3292 1af7ed61b58 tab
            3⤵
              PID:1036
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.3.82939476\517790983" -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3600 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc461892-8211-4651-b4da-6969859bcf1c} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 3616 1af79c61f58 tab
              3⤵
                PID:1548
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.5.1270035425\1140409754" -childID 4 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71538f6a-28ce-4623-8264-00a1f99bffa3} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 4996 1af0c96a558 tab
                3⤵
                  PID:5072
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.6.764514535\522188616" -childID 5 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64863ae2-1f1b-459f-aaca-37dc6de8095c} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 5304 1af0d776258 tab
                  3⤵
                    PID:3232
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.4.1189147143\1738183988" -childID 3 -isForBrowser -prefsHandle 4872 -prefMapHandle 4964 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d8031b5-7055-424a-80ec-2609130a983c} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 4956 1af0c0eca58 tab
                    3⤵
                      PID:3100
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.7.863387217\2131777969" -childID 6 -isForBrowser -prefsHandle 5628 -prefMapHandle 3176 -prefsLen 29439 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6168b585-34df-48a3-8c33-87eb1637f3fa} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 3124 1af10929758 tab
                      3⤵
                        PID:5572

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\B573808F9B4F64D3E5F0B069BDAA48EF4086E712
                    Filesize

                    13KB

                    MD5

                    75effc2ea5bf9b9398c1ed871e22c471

                    SHA1

                    ca855a9e2af35455d73b9a07b63570a43ddeb685

                    SHA256

                    7d6ab3c6b677daadf367198ca85e9100f739a00fb0a7f60626bc33f6b3e90892

                    SHA512

                    31712a5f45e66d6420c11d506ae539de8eba59800470ae0cc9115cdde57e54ab4d45d27d6c9491b943b020b472dbc0e892e089facb40005e216b8cb96db97963

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    116KB

                    MD5

                    04abf015a7f44336e18a857ea1f1ce11

                    SHA1

                    5e40328d73cc33112d1ad4c61d6ac458b51280b3

                    SHA256

                    3d06c4027eb94fd17f0ce601655ab3f3ad6043ca0b850c0f41d250fb7f6c6911

                    SHA512

                    0bf053366b1e2dcfc67fba93366c31f4bea7f98ae5b4a4bf6741a64f2b1d48d13f75d8418500e1bfe7712565cfb5c5ecbc67996310684deca8194e3bdd64d3b7

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    388KB

                    MD5

                    918d6e0b9acc143f86d8a4f18477d4db

                    SHA1

                    efe5e787fbb9c4d8b31e6eaef2c4f52bd297db6d

                    SHA256

                    d5d722aa42675fa3cc0767eeb3f5a9fa9082bfe059a385ad899c877baf36cac4

                    SHA512

                    f0e2b1704e426fc0b2c1a9a073273986c8a28a570e197a145ea515381daacbfa4e9713a5f7e29f1cae800687ceb2470491a0d6cb85211cb808a4b1205a475a2f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    facda1c144ea11e6d32f9cd5cd07f06a

                    SHA1

                    1b3197613ac4204cd30295fb59f29cec953bb333

                    SHA256

                    de97ce8ad72d53c30b4754217de2b0ff3b28eee784b9da114a94a093648718f5

                    SHA512

                    5457db780f83f0c7ec3d4a7acb459ae28d95b657326c62f31b695005169835e12105ed46128078c03dae74f9c051c82d9ae03dcfd269e57599a0062f3b133841

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\151cacd4-bc2d-480d-bb49-ed6c45ff3b3b
                    Filesize

                    12KB

                    MD5

                    a76d2193cc26259d4891a5d2df9742ab

                    SHA1

                    a692a356cce4b7b4494afee10c49a90f794a9fc6

                    SHA256

                    6c8f36fd70d89ff0ebd48c55ac2a135b9926bd96dc639e82c0f33760b096658f

                    SHA512

                    ce8d0158387a1d2d76cc46736cc7a2fa274b5a2e425471e9d0edf055c828c40ed514a9aa6383754dfdaa2b049802b6d4c7e91eb872c4ecaf5fb1be60636e262c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\e025d740-0d7a-47d6-87d7-f28f89f5cd75
                    Filesize

                    746B

                    MD5

                    23f61a0857fa5a4915c75b372be4b36b

                    SHA1

                    287f9747a268f78d01d626c6f6ddba2eac02c4f4

                    SHA256

                    80c8fe93e47b87487796269b177ed5bf4eb54e7700e5da55a992fb24d5ca5275

                    SHA512

                    63d2bfc671ef33836636da8aa79233b3c21f9d78542ef3d970e51ddb943dbb818f0aa24d798a88c9335c16c3094cf7bcbe992762f97228a344e62f0453e5da50

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                    Filesize

                    997KB

                    MD5

                    fe3355639648c417e8307c6d051e3e37

                    SHA1

                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                    SHA256

                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                    SHA512

                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    3d33cdc0b3d281e67dd52e14435dd04f

                    SHA1

                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                    SHA256

                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                    SHA512

                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                    Filesize

                    479B

                    MD5

                    49ddb419d96dceb9069018535fb2e2fc

                    SHA1

                    62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                    SHA256

                    2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                    SHA512

                    48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                    Filesize

                    372B

                    MD5

                    8be33af717bb1b67fbd61c3f4b807e9e

                    SHA1

                    7cf17656d174d951957ff36810e874a134dd49e0

                    SHA256

                    e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                    SHA512

                    6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                    Filesize

                    475KB

                    MD5

                    6263a16e295899ca48fbde14ffdb1026

                    SHA1

                    5a266e5e0f846b33cb4b0becbc9385000895aca0

                    SHA256

                    c6fa4c43145c05b0fefeaf46e7426ffae261718d566a40d5ccf5940a3ab3b1ed

                    SHA512

                    883b863a11d806350432468b743077b63245d905a1e84fd0aca584a13716fa83512d3bd2d4583ba8d678864b99d418fe4f1082594610d5ad2060885ff19f7c5d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                    Filesize

                    1KB

                    MD5

                    688bed3676d2104e7f17ae1cd2c59404

                    SHA1

                    952b2cdf783ac72fcb98338723e9afd38d47ad8e

                    SHA256

                    33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                    SHA512

                    7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                    Filesize

                    1KB

                    MD5

                    937326fead5fd401f6cca9118bd9ade9

                    SHA1

                    4526a57d4ae14ed29b37632c72aef3c408189d91

                    SHA256

                    68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                    SHA512

                    b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    1012b29305091674de716413a3aad13c

                    SHA1

                    d8af10eb9e40b0870bf9540cff14680356bd1e47

                    SHA256

                    5769c4ac5db41a2776324f1fb7fee2a636efe677975c67b2f29fc3fd63ef7b6d

                    SHA512

                    d3ca0f70d37d60e996c4cb348417a25e32b512f01597d0350fcd9a7a3123e4ae7f7094d2fb9d945fca402fbe203018b2f9fd533fe963ba1531221ba8b6ddf8d6

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js
                    Filesize

                    9KB

                    MD5

                    a956eac2144cf31462f200fbd6f1fdb9

                    SHA1

                    529d2bde70fd456eb33b9b6976249fdbf53f4610

                    SHA256

                    15d8cb270cbf8a2b171c5063ee9d52421f0eed739667ffe103d1ec63c39f4aef

                    SHA512

                    b38c2310351443f0679e9fa64c7a89745d83d14205f493059fe9430a0c231a96cd90b5b547411ff70015c3e79b42c4ef5f7bf1b871c0c5a7899ac52e2d169b52

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    82df513f608b2e597ea0a6e0582c224a

                    SHA1

                    9946adaf8cf2ee76d462a50ad53bd1814994190e

                    SHA256

                    1c15192752ebaded3ccec7902a4ee09923fcbe389a6ffdf050b19f0192b5f258

                    SHA512

                    b63e36a72f3f2048a56932e314c6f5b761e854134d54cbbf13d22435a00c31fc40979d819e0dbdd3c93acae10ac9e79242c46fe758b522bad931a81285835968

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    a27f9c87a03f0a70c64325bbdff5527d

                    SHA1

                    f6c93ba9e6bf01c577cb180b18b87901ea6b8a8f

                    SHA256

                    e32b595144abb121565a88f446449b2abbef8016e8420a157201d15c6dba5d41

                    SHA512

                    371cf4c296d2d34d8059bbfe5373ad77cfc01bf0d632fb7b0a46e8d8ef58f42f0d27a33c005c461ea8270e7c96bfcd1193f110aee3c5ffb5247a48fc5c6fbce9

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    4KB

                    MD5

                    10f75a01a47d9ba990f31c03de847d4b

                    SHA1

                    5289abc895ca9a761e1138b1861c83f6216aaaee

                    SHA256

                    4bf3af4c194cf020ec76adccb0908f32478db069685d5e543c4b3f2714858dd8

                    SHA512

                    cc4a1b5c521f1f63cfccce433b391d4d3075216927ac1e1555044686eb8fa0489af37840ded932238a7c2074310c7f709b28b2307c77bce5b01d79fb70668d56

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    984B

                    MD5

                    c1b6e07de2b02d897aa13115d7995e2a

                    SHA1

                    0c3c839035aba9003855d2e5a0e0187ca555d2c6

                    SHA256

                    823d0327ed3f964139c3f8322d841dc652cbeec1044a3127b3bca021a46e1d9b

                    SHA512

                    53dc8b4731c8321016bc5fe83f03e2acf79c8a33129423ff2ce78a2b171aad550e150a0d34639c62f289fb2b21ce8c57fc42567e0aa3378226eb926b9fee599a

                    Download Submit