Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://g0-get-msg.com

windows10-2004-x64

1

Analysis

  • max time kernel
    49s
  • max time network
    55s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2024, 08:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://g0-get-msg.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://g0-get-msg.com"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://g0-get-msg.com
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4608
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.0.1056593092\84110780" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14ff543c-048b-45ff-9883-dfb30070b470} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 1976 1da7f6e1558 gpu
        3⤵
          PID:4044
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.1.847573152\908380514" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2376 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89bd1981-2f80-41ac-87b3-13cb36db526d} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 2396 1da7f3fa258 socket
          3⤵
            PID:2840
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.2.1692594919\971898582" -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 3132 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d37f6728-1ee5-45c6-b046-e4b9d36f3dee} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 3096 1da036b8458 tab
            3⤵
              PID:384
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.3.1993956238\136212100" -childID 2 -isForBrowser -prefsHandle 3884 -prefMapHandle 3880 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a004bf7-b9a1-4e63-bc00-8ca406361372} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 3896 1da0486c358 tab
              3⤵
                PID:1828
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.4.1246908027\271282033" -childID 3 -isForBrowser -prefsHandle 4816 -prefMapHandle 4016 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5305c552-293a-40ff-9047-a0f6af09360c} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 4804 1da05888258 tab
                3⤵
                  PID:3020
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.5.1292511261\293531666" -childID 4 -isForBrowser -prefsHandle 4828 -prefMapHandle 4824 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9971b60e-b36d-4649-acba-53e346d57816} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 4788 1da0597ce58 tab
                  3⤵
                    PID:4892
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.6.928326894\2125959506" -childID 5 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25e4f38c-e53e-4870-b5b1-24b9735d1eba} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 5092 1da0597dd58 tab
                    3⤵
                      PID:4560

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  3KB

                  MD5

                  1fb519fd1b07ac3c7e988a6047b60046

                  SHA1

                  05eed251ade98c7dc1b0fd96436a9f7be6d74751

                  SHA256

                  b5b01ac49c2ff8566e2ce7ccd35ddab4947f67e7a59ea403197f9dbcf5dd0928

                  SHA512

                  2bafb0ad140d32c1939938f452c362f7cf9130f594cee392100fd1d2a6c75a1bce77b12b7961d51cf2c9bda6c6d737994fa18975ab969d0e90973e191efc36eb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  cdd33d53b1a2d7ad12b70761499b6e94

                  SHA1

                  7e83e01c5fedb09cdd344d64a21cc4f7604e5402

                  SHA256

                  88560d7bc9e9956344ed1c902e4613a504b8a65c989ab03adc93a5a1c4462bf1

                  SHA512

                  dc87325b9d6a4f54c772a842c07f6fe88ad6d8d7b04c3155e32232921419012e2d2325c66f76c1ffd5979fa336e4aceef5d4667341e291f8ea8ca9adf3ac86a0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\pending_pings\7aa8cfbd-e040-4a5e-8bd3-5e5d815d02ef
                  Filesize

                  791B

                  MD5

                  3a57f581c6748509ec8014995d941689

                  SHA1

                  b40125f4af17f2a4dcdc39e5682b8d1a05e7891c

                  SHA256

                  09d85e35d404c2f34f920537e079526d1689547d930b9abca70de34d67171499

                  SHA512

                  0dc8e4c3d8ed33d14ccb5c04d443c14d6644de7d533b19da89ae46db303a7824c8ebfc9c29317f59be135ac7cb164287b168d257d0a0a9cf0ff0ae3d05969319

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\pending_pings\d657832b-f9ca-4dec-9456-de62696e2ba2
                  Filesize

                  12KB

                  MD5

                  a6addcf37de5fa56a5f5757868826a4d

                  SHA1

                  17b2da8e73e6ce54b8c47d5b97d029eee9f1b7d5

                  SHA256

                  d96a143d67ef6cc32663832acb6ce7612a74f9946152ad992a971d9365236b75

                  SHA512

                  a846d121c3f2c8b6e881306d5705aac949834e26f8bb8d57d8ecd27a7e5c8e8f02383781584f5f1aa3acfa23e436494ce6aba708b40beecd41d50d31639d3bcb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  32ab5d398d2b2c5c2e5305e66c0f3c80

                  SHA1

                  49d161ab3e4fb31cafc3ec187380115f24605877

                  SHA256

                  daa7de3f29f9a66a7947034612082beae1fba37b890f737dcbcc14ce652782c4

                  SHA512

                  2899530c82d61db4098e7dd73ac10effd9ef52bdf109bf4d795d244a17fa883963cbec88e687404eaba5134d6733219cec29abb70d7907aa0931254d6f4bab53

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  58514bfa35bfdc6e365166914213b8d3

                  SHA1

                  fc90f248005a2c08e8fd8a8396da930f1e514d6a

                  SHA256

                  df768074377dcf9d866dbda604213f68abdd60e8ea3d17d2740300e599933726

                  SHA512

                  06fe9f1e1fcf7575deb0dc6aa6e4a76be251ba9854d400bb3765b46b53233ff5026203182b6de8181090cfde6c9ec51abee70309cd352caaaf9106c592f8b385

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  a3051446bf5f67d6ac928c1cd60280e8

                  SHA1

                  54f270c77a8f0be9744c524f9e98946e1dd0a075

                  SHA256

                  e23eb19b47097272bcd797d203327bcda62c3899a9f721095a6f01e77424c5e7

                  SHA512

                  c1d641a8ad94c23129750c1b7ca7a972f7964014f381ee69c449dde069c9c34c9a2852e744fe26b49fec303a576ea3b4ed0620431343df8d9b0e243122acbf92

                  Download Submit