Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://definedbootn...

windows7-x64

1

https://definedbootn...

windows10-2004-x64

1

Resubmissions

13/01/2024, 14:42

240113-r25nyababl 1

13/01/2024, 14:41

240113-r2nqesbaaj 1

Analysis

  • max time kernel
    32s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13/01/2024, 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe https://definedbootnervous.com/a45922fa4966955cecdffbdde5347ae5/invoke.js
    1⤵
      PID:1220
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3060
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2648
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.0.1471986636\2021352208" -parentBuildID 20221007134813 -prefsHandle 1276 -prefMapHandle 1268 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89e017d0-aad7-4165-b197-7905c4eba342} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 1372 10ad4b58 gpu
          3⤵
            PID:2588
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.1.2071508277\668818686" -parentBuildID 20221007134813 -prefsHandle 1532 -prefMapHandle 1528 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b749c65-542e-4d18-91ce-00c0a253fc37} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 1544 d6f558 socket
            3⤵
              PID:2556
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.2.253871014\355859218" -childID 1 -isForBrowser -prefsHandle 2308 -prefMapHandle 2304 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c336ea8f-ab48-4a6a-9dc4-60f6dcab8b79} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 2320 10a5e658 tab
              3⤵
                PID:1516
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.3.12303801\1337994351" -childID 2 -isForBrowser -prefsHandle 1692 -prefMapHandle 1688 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d832cdc-6b39-4161-bebd-d680140f86f4} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 592 1c23d058 tab
                3⤵
                  PID:108
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.4.1558916527\1672032529" -childID 3 -isForBrowser -prefsHandle 2868 -prefMapHandle 2864 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d762459f-30f3-4b22-af06-7325d2794299} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 2880 1c478258 tab
                  3⤵
                    PID:1548
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.5.28085888\80672063" -childID 4 -isForBrowser -prefsHandle 872 -prefMapHandle 2844 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {106e1c5f-c3c2-405b-b83b-328dbb588d4c} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 3768 d65358 tab
                    3⤵
                      PID:2088
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.6.779275737\1889043945" -childID 5 -isForBrowser -prefsHandle 3868 -prefMapHandle 3872 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eafed10c-bafc-4cbb-9a84-93869a469676} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 3796 1e553558 tab
                      3⤵
                        PID:1584
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.7.2080432585\384958726" -childID 6 -isForBrowser -prefsHandle 4072 -prefMapHandle 4076 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a149a477-9b3a-4243-bfca-aaa41a7ae19e} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 4056 1f355958 tab
                        3⤵
                          PID:1588

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      a29231d16f17464790286fe2fc057f1a

                      SHA1

                      2ed791e592735abe2ad30a3948c672f29ccfeacb

                      SHA256

                      fa724dee46a1863563c47632cb643aca5289c399e91821149eef401e216b1dee

                      SHA512

                      34ff9b4f56b031351812df3b2fb734ee7ffd472358a130a923862cce3d7ef2304a3f831c905faa3caa94728d1ae9a766625a1b2583689b5f18c68d8b2895d335

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\datareporting\glean\pending_pings\8b0f3a1f-d9d2-4260-9185-f4bb097a42a8
                      Filesize

                      745B

                      MD5

                      0ce5af43cd44a0eb964aa9d0c3da4399

                      SHA1

                      7ef5c4f910bb01a6d3a0750fcb49dd8f9a59c6e7

                      SHA256

                      c920d6de4ba55f7d84f9ccb42e0ab64c193c117caa42d26614dccf8e26037d78

                      SHA512

                      034803682b615c4b826da155e063125a0e71369fa7e00621233de0611b8e58dac8db0c39bb811cde52485253da9522a7d5f3fdfd71ec17621b24972ff655c39f

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\datareporting\glean\pending_pings\c414fcff-01f9-4f9c-8bcb-5627f86b3ca7
                      Filesize

                      13KB

                      MD5

                      207753abafbf1494a1f72bc6a3190709

                      SHA1

                      246e6f133c21a47aef3bcf5112e88c2d65c2138e

                      SHA256

                      5f51ddeb634b257e5829a8b9c51980255acf9a3e084a51ee8b00b919cbf7ef7f

                      SHA512

                      8ef835db857f5fdef00eaa55be56b446ca233d4fd83a35faee358abe81f8492e339f91894e504bc8bc4aa5d7740c65be1ac9882cd0ecbef1f3c619fe4a1703b2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jc9ad0k2.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      d2c192ee3baea479fd312b0d188904ff

                      SHA1

                      73a4581276e0681c499163533c7dd57576dc8f2d

                      SHA256

                      1de5d60e17eb461b316e0c60d4b3a2783b17d51b97166b2a93f3431b14efd7ae

                      SHA512

                      a60a5d531995d29a30d05747b4eb7ad77b44796cf42dbd0f029082b369a3328a4552bb622f29a809398a8bd75a03e47e6e87bdd7a1bab09636d346453576999b

                      Download Submit