Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://click.e.deep...

windows10-1703-x64

1

https://click.e.deep...

windows11-21h2-x64

1

https://click.e.deep...

macos-10.15-amd64

1

Resubmissions

13/02/2024, 16:55

240213-ve9k6adc6t 1

Analysis

  • max time kernel
    121s
  • max time network
    142s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231222-en
  • resource tags

    arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13/02/2024, 16:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://click.e.deeperwatch.com/?qs=f84895fdd7dcca8f7edb997216c15dd6844e33ca7b29 56fcdc839213d77a0f71309ca202a30d9c008863a204e0a88f68958c50ce9c958f4d

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://click.e.deeperwatch.com/?qs=f84895fdd7dcca8f7edb997216c15dd6844e33ca7b29 56fcdc839213d77a0f71309ca202a30d9c008863a204e0a88f68958c50ce9c958f4d"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4580
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://click.e.deeperwatch.com/?qs=f84895fdd7dcca8f7edb997216c15dd6844e33ca7b29 56fcdc839213d77a0f71309ca202a30d9c008863a204e0a88f68958c50ce9c958f4d"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1948
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.0.1855030381\678808568" -parentBuildID 20221007134813 -prefsHandle 1808 -prefMapHandle 1800 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab0f8af7-6867-4623-b4e2-42f992a2c079} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 1888 243491d5e58 gpu
        3⤵
          PID:1480
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.1.122248540\1349444471" -parentBuildID 20221007134813 -prefsHandle 2284 -prefMapHandle 2280 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cec754b-490d-48d1-b3e7-3aef72e544e9} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 2296 2434910a258 socket
          3⤵
            PID:3156
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.2.18500764\502271442" -childID 1 -isForBrowser -prefsHandle 2816 -prefMapHandle 2740 -prefsLen 21666 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1cdefd8-fcad-4482-887a-7b6cee5ed68c} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 2992 2434e4de158 tab
            3⤵
              PID:2408
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.3.98049644\435001091" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7636cf12-5fcc-49d2-9411-ec3ff2821834} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 3572 2434f805558 tab
              3⤵
                PID:4524
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.6.1167039341\209836883" -childID 5 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {115898fa-d712-4be7-bd84-a70289c9d629} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 5096 243515c2258 tab
                3⤵
                  PID:2268
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.5.984779903\77273951" -childID 4 -isForBrowser -prefsHandle 4972 -prefMapHandle 5088 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9110783-6373-4993-934e-02222da71cb5} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 5116 24350762658 tab
                  3⤵
                    PID:4488
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.4.782269553\1457906309" -childID 3 -isForBrowser -prefsHandle 5004 -prefMapHandle 5000 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed4a6c7b-490f-488c-88fb-9cb713aac984} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 4936 24350762f58 tab
                    3⤵
                      PID:2512

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6fd8mnze.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD
                  Filesize

                  13KB

                  MD5

                  857c4bba4562fc4d798fad7128c08fbb

                  SHA1

                  15fefc94a0ca30341fb8b38cb112b8a6030b5e14

                  SHA256

                  ba9899acc25f535ac8f69fda9c39a93cb37b9be326b42a24d2b5344ab107668a

                  SHA512

                  cc539fa591282d3ab2d495b0a8a45f5eb2b5b180230b9d29af38b6536d1c080802468b45bf64acb105c01e359c405effb5513108df5f4f9d84777f7fb91e430d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  6.2MB

                  MD5

                  fb078c95f037ddf77bb00989318f1889

                  SHA1

                  e9831d5ba0345d96187ab7a173fa61e0e28187d1

                  SHA256

                  8aa34b093b6848fd9c4d2d58170a32372cf98990462f33eb9ccd51e99cc41ca7

                  SHA512

                  75679f4308b5ead9a2bf63619713ee9af90481aeb8dc0567400ab9791a1d7d948ab1c0b3179f41fa1ce1b0fb77376364cd0fc8c43d234991d75c7d04c736618c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  2e62511b924e10222da85105082c5a29

                  SHA1

                  15fd8b57f9dd0126701678a829353bdec5fdcb2f

                  SHA256

                  90e0686f3126e1a3b76e4fd101140409db911a431c830bbdd7b1af3a476feb4c

                  SHA512

                  2e865115b643c87c5b892b56bb27c57ea582f1fe5a15b8d174c63361ada9bb19ba2e49369a58ff9d2548b1aa944513700f436ce53d9171606dc673d6d606d221

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\datareporting\glean\pending_pings\a14e3e82-1036-4f29-954b-a20dc45a57a2
                  Filesize

                  746B

                  MD5

                  ca00f8455dcfd3accdbf8c1e749d2235

                  SHA1

                  29fc60b6a5afeb6e5f6f5d70ccde83409fbe44fe

                  SHA256

                  2b1026bdacd863a89079133751016c7d3393b7dddc9110b59ad90a756a7afd02

                  SHA512

                  456faa5b5fa68082c4d10268a126026139c999fa863310bec17055dc837f074ea4cd05fa416de625b981e0129b02fc6c9e8f040f3b9569838d386c77ad945f60

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\datareporting\glean\pending_pings\dd8788c8-3644-4335-825e-9be4e7993e93
                  Filesize

                  12KB

                  MD5

                  ecf1e1290f4a5fb2f2719e4dea0ccc1b

                  SHA1

                  c3b17597e3bdfc31a63f68ba9e8d9a388df6da3d

                  SHA256

                  51b39424f5292dead518c3562355197dbdc832f335c78c00089ed87b9709c2cf

                  SHA512

                  8dd5a89befcdac3729571c94f88206625712e6f6bf7ad6c8a5fb98dfd2466e019ccefcc0cb5e3ab0d4d0e46e136797dbd693096ac00e7c7af3c46ec47f174577

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                  Filesize

                  479B

                  MD5

                  49ddb419d96dceb9069018535fb2e2fc

                  SHA1

                  62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                  SHA256

                  2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                  SHA512

                  48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                  Filesize

                  372B

                  MD5

                  8be33af717bb1b67fbd61c3f4b807e9e

                  SHA1

                  7cf17656d174d951957ff36810e874a134dd49e0

                  SHA256

                  e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                  SHA512

                  6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                  Filesize

                  9.9MB

                  MD5

                  ee080b1bc17796108362e4acbeffb072

                  SHA1

                  b66dd8a224b271830c80af5061f50baf18b68460

                  SHA256

                  d243338038184965096a9ac7c4b4992b14e62372d87e09ca038c57c96500c3ce

                  SHA512

                  d38eec891ed440b44d86c51212b761869f3702e0b06d7893b6a251cac03152e7aebd30da7a280c54d198ce2f99ec6a9f884272b53384d4b1db95bad2bd3a1bed

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                  Filesize

                  1KB

                  MD5

                  688bed3676d2104e7f17ae1cd2c59404

                  SHA1

                  952b2cdf783ac72fcb98338723e9afd38d47ad8e

                  SHA256

                  33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                  SHA512

                  7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                  Filesize

                  1KB

                  MD5

                  937326fead5fd401f6cca9118bd9ade9

                  SHA1

                  4526a57d4ae14ed29b37632c72aef3c408189d91

                  SHA256

                  68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                  SHA512

                  b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  a592ff26cc5af4a08106fd0062689d0d

                  SHA1

                  57d8deee2633d29968c0572bd2c53bc460dac51f

                  SHA256

                  45085d7cfaa444cb59570a818fb27e8a497a461bb0f2246c0efaf4836fe90e11

                  SHA512

                  71bece47cc5a5729156b8494e1a32e82b1f2755ed2063690a07635be2d09d7b9b5999cf89fb7fc745831c73428916e691f9f6dc1a64508b637c81c9ac2705412

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\prefs-1.js
                  Filesize

                  9KB

                  MD5

                  1fc36e9f2d4cbb4aad8cee3813d997bb

                  SHA1

                  e65aec89c54f4e2de13cbfbdb08d81f1ae8ff92e

                  SHA256

                  cbf82164bc1085a369ecfdc627ef6752ce014f6b372df72fd7764ea1ae71a9ac

                  SHA512

                  724fcbcf1418cc4aaed99014a7c90cd3b959eb99b83645575eca441b9271d4c97e0d2536a185234d2c21cdb252ab4ff9af4673afc0c7d1920a4b3a1750ce0382

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  56d3392593fb77afc95d452a6f967a02

                  SHA1

                  1e731bf1401abddd21d13c1f47632e42d13f99c5

                  SHA256

                  f71196b00cef99c78486d797ad68481c8fc543844a8464b81319c69ef375c8c5

                  SHA512

                  692ca58497626b94fe8e5c54392381bd1498e72f045460b9eef4e88fdbac6e06cecaa8e7ada38434bf0eefb77e6a725dc3ebccf372a92825e8dc44b2276aa910

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  c6f4489e25f50bf6d9fb2b21ad982c5c

                  SHA1

                  35fb0d34347a7eb8f9520b89dd85d404152f6871

                  SHA256

                  6760420ade244efec49710541381920d68f95ca5dba2891a798f35b2887e7388

                  SHA512

                  e1b5e42fb86d3367eedb809697dedb7074e0e137887bbde31090ccddd60f5f265ae5aadacb0cf8c8b86cbe58e3c14fb37b9925de3158f501fcb15aa6a756d1a0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  24f08b9669bfef2745a02f90017657a2

                  SHA1

                  49fa19e5aafffd3135ac8ec20fb3b73be9df3156

                  SHA256

                  c453faa0f2c3b4a01396042cb66a2fe17069d392ebda3a6223bd5cf9e0ba79bb

                  SHA512

                  4aa24a05d09784b0b6d89f53c09e57d08aac83a74de02f980b28ce44e10419ed402f998db55cbdeb50a59ecf5bc7330c9945a35c530bb09d1a3ee6cf226a6739

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  1.3MB

                  MD5

                  0b52554feea8e10a05038f4641e2a071

                  SHA1

                  97b18d5979985be642b1cafdbd50a95bd0ab633a

                  SHA256

                  092e0c0bf7d4b2b2b431b800caa91ce9baa9b25979c6e60e15da4bd3f00b6ac9

                  SHA512

                  902476d7d7728b25faa7adbcbdbb49e8245b3ee03ce79b569c6047be6c728ddaf324912ee55648a20f6cc848cd439cce05b297587f8697a74ee2c0ca81274dd6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  176KB

                  MD5

                  81e76605b56d1bf8b22bfffa4b613105

                  SHA1

                  02701ebb5ba78bdf6de3d6227660ac63a3967d6d

                  SHA256

                  51ad24c663b9844787cb5f6b71b28283ea47c413659324b93d657bf7e444480f

                  SHA512

                  384943b00472735a57ff1a146eada9646bfd7067fa7074d16bba591748fb9c90fcab1aab7763224e952ccd1feab52bf9520cc3366d0227af4ab204647ab5f412

                  Download Submit