Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://ssurl.kr/1Y6

windows7-x64

1

http://ssurl.kr/1Y6

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/01/2024, 09:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://ssurl.kr/1Y6

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://ssurl.kr/1Y6
    1⤵
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4316
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.0.326819548\274446850" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {425cf4e3-f89a-4231-bf9e-7fc9c7b4d072} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 1948 1ac912d7058 gpu
      2⤵
        PID:3600
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.1.1139768459\1853893731" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e64774d2-fbc9-4141-948d-553bab9fcecb} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 2372 1ac90efba58 socket
        2⤵
          PID:4088
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.2.1295321779\1644274947" -childID 1 -isForBrowser -prefsHandle 3132 -prefMapHandle 3128 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc13e85b-9aaf-487a-a2c6-0b40adb2a700} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 2924 1ac952d9258 tab
          2⤵
            PID:4036
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.3.1522107568\403434507" -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {974ca4f0-a831-4091-9dba-c2bc27649647} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 3624 1ac958bf558 tab
            2⤵
              PID:744
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.6.1003968190\1327019359" -childID 5 -isForBrowser -prefsHandle 5436 -prefMapHandle 5432 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06a88593-06b0-4286-a52a-e664ce92d2ba} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 5444 1ac97f50258 tab
              2⤵
                PID:4780
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.5.1932140181\805733415" -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f6df659-3955-4715-993f-1cd87b972ba0} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 5156 1ac97f53558 tab
                2⤵
                  PID:4812
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.4.1198899679\1781594929" -childID 3 -isForBrowser -prefsHandle 5016 -prefMapHandle 5008 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9852d608-a811-484c-9339-21cae41eb661} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 4940 1ac97f51a58 tab
                  2⤵
                    PID:3960
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.7.940120968\621040546" -childID 6 -isForBrowser -prefsHandle 5376 -prefMapHandle 5380 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4c99c4f-cd50-4afb-ae0a-e94792810b1c} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 3176 1ac949aff58 tab
                    2⤵
                      PID:720
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.9.241601584\380833701" -childID 8 -isForBrowser -prefsHandle 5568 -prefMapHandle 5348 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54bea70b-df80-43f5-91fd-aa154656d4c4} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 3240 1aca00cd458 tab
                      2⤵
                        PID:368
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.8.1644261931\2114494601" -childID 7 -isForBrowser -prefsHandle 5968 -prefMapHandle 5964 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20f5ec2a-2597-4350-b30f-554d05099504} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 5940 1aca00cd758 tab
                        2⤵
                          PID:624
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4316.10.732361451\765498661" -childID 9 -isForBrowser -prefsHandle 5340 -prefMapHandle 5352 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a53d71d4-9d94-4acc-89f7-41aaea1db29d} 4316 "\\.\pipe\gecko-crash-server-pipe.4316" 5676 1ac97f52958 tab
                          2⤵
                            PID:5300
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://ssurl.kr/1Y6"
                          1⤵
                          • Suspicious use of WriteProcessMemory
                          PID:1976

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g5azq69j.default-release\cache2\doomed\21094
                          Filesize

                          10KB

                          MD5

                          9b65f33355b6a611062c45a38e702f27

                          SHA1

                          50a432ff95f57c5df3bb72e100bc4eeac1681e3f

                          SHA256

                          f07e1f64480d76938de8948c5b0d87d9b490acc509f634d1fcfd1a2ab0006fbc

                          SHA512

                          ca4cdfcc1fff97913fa281464d021fa1c90fd08b15382defb14854361a9819c4bb2d5c776063a61b3eb60d0f6c9647fabe79490dada0746a592ab05f5ee64e90

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                          Filesize

                          442KB

                          MD5

                          85430baed3398695717b0263807cf97c

                          SHA1

                          fffbee923cea216f50fce5d54219a188a5100f41

                          SHA256

                          a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                          SHA512

                          06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                          Filesize

                          787KB

                          MD5

                          72fd5410e09912762809142024b5b9d0

                          SHA1

                          832d844906b6a905aba10f4c0afb270324fefe69

                          SHA256

                          0ed01055cc9aa2c3c132cd7153781140c7b3291c0cfa8957b17ade66075767e0

                          SHA512

                          b24190636713ea73fae1552bb3938a57b675fcbb241861c865b23b51982dab628946661f77bdb51b415bde25dab1f4717d449c19bb7ad719143deefb7f3a30c2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\db\data.safe.bin
                          Filesize

                          2KB

                          MD5

                          651618599ec0d197643fb76449046205

                          SHA1

                          04e9585bc0f3a13746e6b782812ab30f4133c5de

                          SHA256

                          ea71eae96e7726cea1160191ef55f788c7a8c76e41d95f9c66b3d342fa03dc64

                          SHA512

                          4a37b4de7f14abacf4f45f87a2cc9c19110066b62925e57624aeb661ec243e31225d8440605a0eaaf0ff84d8907975f86c924e73ad65f779565c1f5491e63332

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\pending_pings\7a0bd757-3434-4594-8398-5c43fbc04661
                          Filesize

                          746B

                          MD5

                          a2b6ab7ea07fb0c9b0711f09d13a4cab

                          SHA1

                          0cf2e78a8640c8485d2a9a1d6273396065a19c3c

                          SHA256

                          858a7817472b0ebc53a2577b9205d266f3410543a05b270c881fbe8813f046ef

                          SHA512

                          c325f6e28fa4cc2d22cd9447775fd154d89db4bc0a519d3a8e08ef6c086799412b8b8896c1fd435b8e21bae4acf21b942fd6c018e23b7a31d8cac5e84e13fa56

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\pending_pings\95870d46-9294-4b3c-af29-a9a097a030ff
                          Filesize

                          12KB

                          MD5

                          7ad1b52950d3fdac6c6fd7fe6f7b440d

                          SHA1

                          9067a71f7cd9a68f96315d1ab8d204e298945f59

                          SHA256

                          b6e3bb661cb5b2931f9b1fbd00738840c3dd0b04b111908bf7e3f93abe51a71a

                          SHA512

                          77ec58c5bebdc7103bdf68ab0a3cfed6e43cabd21b819e6a4bc6bf553fa75bfbb39be1e21862a814e1bd599a35adcb0ac9edacfdfd1f3bf22ef240376b96fd01

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                          Filesize

                          544KB

                          MD5

                          71b214b7b50f3dd30ab925eb83704bc3

                          SHA1

                          5fb1b6ae0b96970bedfdf89e5f3ad2ffabd5a495

                          SHA256

                          3a5a16d710dab75c2efb2aa6ab26cfd72e6d19282f05473db0dada97524c2f96

                          SHA512

                          1a53883706bf21a2c6a3a90294ec18b96a28ed996c2173aea86d4cf86bfd3ca1b0d7ddcba368a691613f73c275a7690ac37d137c41e60dbcce3ae9dc37f8c6fd

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                          Filesize

                          116B

                          MD5

                          3d33cdc0b3d281e67dd52e14435dd04f

                          SHA1

                          4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                          SHA256

                          f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                          SHA512

                          a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                          Filesize

                          479B

                          MD5

                          49ddb419d96dceb9069018535fb2e2fc

                          SHA1

                          62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                          SHA256

                          2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                          SHA512

                          48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                          Filesize

                          372B

                          MD5

                          8be33af717bb1b67fbd61c3f4b807e9e

                          SHA1

                          7cf17656d174d951957ff36810e874a134dd49e0

                          SHA256

                          e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                          SHA512

                          6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                          Filesize

                          697KB

                          MD5

                          5e29260ec37a545a482a4fb881e054d7

                          SHA1

                          a733eb3cd6ee2fe939abd1db2a707845f780a1ab

                          SHA256

                          cd24d84a8feecb841f7757b65a37a0df3bc30b537c837e257a0739350554dc38

                          SHA512

                          f2e9f65b6cdeaae6ea5e0e15b8d952816b31a05fbf7fadfe81b0483440b8becf08bfaedc6624b6ce0d43b94d3484cd5009093f0bbcb8b32c82f8a61710ca466f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                          Filesize

                          1KB

                          MD5

                          688bed3676d2104e7f17ae1cd2c59404

                          SHA1

                          952b2cdf783ac72fcb98338723e9afd38d47ad8e

                          SHA256

                          33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                          SHA512

                          7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                          Filesize

                          1KB

                          MD5

                          937326fead5fd401f6cca9118bd9ade9

                          SHA1

                          4526a57d4ae14ed29b37632c72aef3c408189d91

                          SHA256

                          68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                          SHA512

                          b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          640f318e22fe03e69c0e2af0bcb232e4

                          SHA1

                          390df113c18e6b5bbc6676e68bbcf5215134cfc7

                          SHA256

                          457b041ff146600b3722055d9351fdc19ea8788b51fffac1c5f582a0e12324a5

                          SHA512

                          5bf4e53a09d30dc5f55f492dd507061347f4dd14b616d02a954313b7bdb7f55e7c6a9fe41375bf85b49ae4d7f1ea96292b24ae5d64ab2120e8b0f13e3467ccf4

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          6bd75543ef59a04c7333689cd4906fdb

                          SHA1

                          35100a4e20b8bddb068f4588c4ad6d8d1038dc1c

                          SHA256

                          40f9214c7e19ce038392384b6ea1dd9fc321c62828982cec3fcc9298a3830ba1

                          SHA512

                          3c9ea090c22d2c3b6657100e30d8c0ac4085b485a082686c0084463de717c54894ebfe5f97a5394de379c839db810594231afb4cfb96e483ac48d739ca972bfd

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          38KB

                          MD5

                          57e1678c6ce4795d5f223de8f6f77649

                          SHA1

                          fe2c7eb91000d7c316ffc499129d4a86521c06db

                          SHA256

                          23e61288f2e9ced291d2bbf2984b34bc33180e9c93ab531d18a5e8077ef6d45d

                          SHA512

                          0201a648b6c657c185532958674e6cab40e735fe1cfb89f3c6ea88a6cc4941d468ad39169acf9b848bec43a0aff780779ea285514bd7707b77499fce556dfc6a

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          33KB

                          MD5

                          84130e0b098fac30afc1b3801a7d5f02

                          SHA1

                          cf4524dc50859167a7e8c844852930fda1fcdf8e

                          SHA256

                          75a18bcdf0910955be0c56cdea48cea9d4b5d86da8924127576e9d322143ab98

                          SHA512

                          781914785668c77ef14310ea56d29a082d68b90c63ce187595a7d41066bdac72ae4b866091517134df984744e171500bfcafe40cb5fbea7967b774a40ff40180

                          Download Submit