Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://stecmcommuai...

windows11-21h2-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19/01/2024, 12:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://stecmcommuaity.com/gift/9571957935492

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://stecmcommuaity.com/gift/9571957935492"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://stecmcommuaity.com/gift/9571957935492
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1936
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.0.1162772579\1672328242" -parentBuildID 20221007134813 -prefsHandle 1804 -prefMapHandle 1796 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76e45ffa-1ad7-4011-8a23-87e17d21ef1d} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 1896 24a416d6d58 gpu
        3⤵
          PID:656
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.1.727217966\885004116" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b4ef11c-813f-4e68-a314-a9c5693ce2f5} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 2296 24a40e3d858 socket
          3⤵
            PID:4920
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.2.462804662\673981323" -childID 1 -isForBrowser -prefsHandle 2896 -prefMapHandle 3008 -prefsLen 21666 -prefMapSize 233444 -jsInitHandle 1048 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ba18d95-9548-498b-9bab-3ac8aeac7c49} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 2784 24a463d5a58 tab
            3⤵
              PID:4552
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.3.1771772274\1289507676" -childID 2 -isForBrowser -prefsHandle 3460 -prefMapHandle 3308 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1048 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {041bc477-91e0-4bb7-87e3-11a4b2d13925} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 3520 24a2df63258 tab
              3⤵
                PID:1252
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.4.1578112604\1392067080" -childID 3 -isForBrowser -prefsHandle 5044 -prefMapHandle 5056 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1048 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6c8675b-b99d-4ef9-8f30-bca28efeccde} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 5072 24a4979cb58 tab
                3⤵
                  PID:1764
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.6.1217610553\1967784328" -childID 5 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1048 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab40a9e5-56bc-452a-a43a-4a1846e7fc00} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 5400 24a49cb7f58 tab
                  3⤵
                    PID:2388
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1936.5.572609498\553236516" -childID 4 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1048 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {604052cc-f984-4f41-bf13-532fd1045517} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" 5208 24a4979e658 tab
                    3⤵
                      PID:1412

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\cache2\entries\42EA81AC3C1126077844C911C95A783F9DBAD0B6
                  Filesize

                  35KB

                  MD5

                  6c0a7db749036875d5dbf37f6a07102c

                  SHA1

                  17ae5c30a2ff1d745de0bebf9032fc87a2d5f571

                  SHA256

                  bd8cf3425248df55fcab26f5077d1cd8760f00361fa228bf588f75408a4d66cd

                  SHA512

                  423e85f0f31e11093b6af962f235f35f7b9ce9f587fb748b9c5bd0de0b4091f54b37040f3d4ac9c537fc7a50a196b99b383a5cee32824fa3709aec6ee911c688

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\cache2\entries\A0E64171A6B69776F5996BD4B659BAA43E523CA7
                  Filesize

                  121KB

                  MD5

                  bf51a0b9c0ce55c50887d96cabcb1803

                  SHA1

                  f391a650c453e8b3d4f208ed6116c37c494adc0a

                  SHA256

                  de43912060b7435c0e7e08283c02160279b5d54f30ce2c464f08cd84b7f3d4b7

                  SHA512

                  e8c6b34ba11220b53aae68aa21f7aff03b222f714e80b45ac165374264721e7234e4bf7ef26748b0170adf8a7d9756311e3ed6f890bd98ce696c1eb8c234f639

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  1.3MB

                  MD5

                  38a674813ce31dc86e27f11ba269054a

                  SHA1

                  d61833e02217928a014daf5fdaece61330e63d38

                  SHA256

                  6c36055365db93010f5b84913037aeace3961589857b81da7d3911aecbe6d3b3

                  SHA512

                  fd425bf6393b36b4e65f4a2241b7cf1718af15a65c660e48cc1bcfa0801533b2de84fc69adc2361c497177bfe5d5e644303d09e92693763609b90a7963f4bb48

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  8690f7890c408915406a0642ba3db5cc

                  SHA1

                  d1ee86d39782a161b1463fa982f38b34b4b0bf50

                  SHA256

                  17ab75cbbcecf7e04bf9745a414c04c3d8b798137109792088fbf9b9567a0738

                  SHA512

                  7b1d21c71f078f19a7e40a56f397929f540ce217f88369b436fb34b904e12e4c67a9eaa8fdf7df2a6de5fecde1e909876c754974a9611f350b6e02b6c994e506

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\datareporting\glean\pending_pings\9901f923-7453-49a0-8443-2f7ecb3321fc
                  Filesize

                  10KB

                  MD5

                  cf46b15ae4d5a43229c4b1e9b9b35123

                  SHA1

                  379b4339a9c3c42b774483426072130ad4c0d989

                  SHA256

                  62388ed511c3c9e985d7c9109aa8b69156b1ccb1f7f331ca8898fe2bb039e6f7

                  SHA512

                  d46a991d670a94d2f10ba49fbc4dfc97cc60d5e8029c3063541d278ce60899d54bf211a3b6a7f5f6fe961ee76cff8bd1e002a7303f010c01badddaa6dc1dcd2c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\datareporting\glean\pending_pings\ea3998d2-ea0e-4e14-8f33-00d1d5ebc578
                  Filesize

                  746B

                  MD5

                  177cdfd2153a2e121c16f85cdffc8be5

                  SHA1

                  176f670faa5509aa38efb53d7ee2c03cfbd1d4a5

                  SHA256

                  73221027494569b309c012c427961728a0eedf32b35a4ae3117b7ecc22c9d5b5

                  SHA512

                  9d09dd3a1a1387e50c37fa249ce8adcda6700c04845e1666623f176ad1f7e3e206c3d6b5ed1e1fd8d1ea15858e96ac094fe042b081435d2456426002ec6c2dcc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                  Filesize

                  479B

                  MD5

                  49ddb419d96dceb9069018535fb2e2fc

                  SHA1

                  62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                  SHA256

                  2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                  SHA512

                  48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                  Filesize

                  372B

                  MD5

                  8be33af717bb1b67fbd61c3f4b807e9e

                  SHA1

                  7cf17656d174d951957ff36810e874a134dd49e0

                  SHA256

                  e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                  SHA512

                  6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                  Filesize

                  1.4MB

                  MD5

                  a6ce6664196de5bf829f22081713103d

                  SHA1

                  d5338b437de68e8c0a45a91b02a3a87c92a6ed84

                  SHA256

                  ca22af16be50610e615db781d8637f7269d440b9260953b09599c3c98a68ff21

                  SHA512

                  f97a71ef9ea03a95de1fc844d0be3a45494c77c6ce9690603ad90bceb6f4cb2d2abbd13850f6ea94884dab98b1ef786060c5c407aaedd2e83a87bfacfa08e6b4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                  Filesize

                  1KB

                  MD5

                  688bed3676d2104e7f17ae1cd2c59404

                  SHA1

                  952b2cdf783ac72fcb98338723e9afd38d47ad8e

                  SHA256

                  33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                  SHA512

                  7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                  Filesize

                  1KB

                  MD5

                  937326fead5fd401f6cca9118bd9ade9

                  SHA1

                  4526a57d4ae14ed29b37632c72aef3c408189d91

                  SHA256

                  68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                  SHA512

                  b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  2dbae9e234cdc1c0704bd790213ce7ac

                  SHA1

                  08367101e454f58fd2ec56c7e109f24fd588e9c1

                  SHA256

                  a34a25f7898800b04526f4a8825722988b385f270b6effbcfb6a999f68f8197d

                  SHA512

                  4654f972ad093bcf3ec23b85970aedd51918ed8557ae440e07fe170f0b239a44bf916fe01c9c0321df421ea60e83431098f31f8779637687144dd4ef9aceba27

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  be2bd46e30c7a52053ced76656190bef

                  SHA1

                  4eb7242f4eaab588291a71353a77a064315dc3eb

                  SHA256

                  ae132d95565176bb6f89edfd904b1a04e68006f707817b3f4eacd00112f2bf35

                  SHA512

                  3279fe047ea2425cc06f4902ec49435ec3a47c9344c2055f3f5c6dd87042a16633cf122fa58343d6f3bb12663150e1e236eea8d985795c02ab3db07525e87f0a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  7c8d9a42bc131ee59fec775d7c907b2e

                  SHA1

                  e7998eebdbaab459e4ae1fc3db73473798490661

                  SHA256

                  eeeff570a3508f4a76da45b360f262fafacc70a02666f9318f1b2c30aaae403e

                  SHA512

                  00db8909b25160dce19e29dc51829ba6bf4c7449191d60111be5dae4d779d633071f57ed94657c35da39b21658843419dbcc724b627f52bae88d84b114fc9f0d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xy5ssfbw.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  84e60a4aea844be854442eeab56c6b9e

                  SHA1

                  66fc31609a804ab07027765db6e093ccf529389e

                  SHA256

                  8f6f78c1380bc2801d55c84bb57baaf72afd17ff24529012a513f0566912a61a

                  SHA512

                  8f3e41634a19a3d005368bc3c99f431247f04b64bb082e21b7199fc878dfd72839fbd1f1bbded4916ad7a65337a5c87161f6bc7ae69b712c14179a3ae8326451

                  Download Submit