Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://www.pjedomex....

windows11-21h2-x64

1

Analysis

  • max time kernel
    2s
  • max time network
    176s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10/01/2024, 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.pjedomex.gob.mx/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://www.pjedomex.gob.mx/
    1⤵
    • Checks processor information in registry
    • Suspicious use of WriteProcessMemory
    PID:1852
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.0.495241173\1044344519" -parentBuildID 20221007134813 -prefsHandle 1780 -prefMapHandle 1744 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92beab20-06a5-4227-840f-297cacada8cf} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 1872 29aa52d9158 gpu
      2⤵
        PID:1368
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.1.1813281682\1319028000" -parentBuildID 20221007134813 -prefsHandle 2256 -prefMapHandle 2252 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18b5342e-69a2-4433-a825-f91b98c1fca8} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 2268 29a99172b58 socket
        2⤵
          PID:2480
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.2.631987313\1293737815" -childID 1 -isForBrowser -prefsHandle 3500 -prefMapHandle 3496 -prefsLen 21601 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {667a9269-5ea2-491b-bbe2-01a8ad7d58e3} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 3512 29aaa4f4758 tab
          2⤵
            PID:4476
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.3.1940652615\926501883" -childID 2 -isForBrowser -prefsHandle 3796 -prefMapHandle 3792 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebd87893-b476-47cd-89fd-352857003fd4} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 3808 29aab3a7e58 tab
            2⤵
              PID:2436
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.5.321654852\554151258" -childID 4 -isForBrowser -prefsHandle 5052 -prefMapHandle 5056 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9808d6f9-4a33-4272-87b2-053d26461ef3} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 5040 29aacf11158 tab
              2⤵
                PID:2524
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.6.776326673\1350780119" -childID 5 -isForBrowser -prefsHandle 4824 -prefMapHandle 5064 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8c19cdd-000a-4187-857f-a848c3d83294} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 5112 29aacf12c58 tab
                2⤵
                  PID:4540
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.4.150026313\1779152803" -childID 3 -isForBrowser -prefsHandle 4904 -prefMapHandle 4908 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a8665f9-55b6-450a-8471-6b3ffe14c5a7} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 4832 29aacf12958 tab
                  2⤵
                    PID:1308
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://www.pjedomex.gob.mx/"
                  1⤵
                  • Suspicious use of WriteProcessMemory
                  PID:4000

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads