Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://ipsos.uk/kyf...

windows7-x64

1

Analysis

  • max time kernel
    15s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/02/2024, 12:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://ipsos.uk/kyfkrx

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://ipsos.uk/kyfkrx
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2300
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1800
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Suspicious use of WriteProcessMemory
      PID:1808
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.0.590516132\1300989496" -parentBuildID 20221007134813 -prefsHandle 1248 -prefMapHandle 1240 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9690dad9-ddf0-4ba6-baed-a49512beb837} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 1308 f7fc958 gpu
        3⤵
          PID:2496
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.1.1945964566\422792953" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47b53918-d852-4509-874f-01ed62257df5} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 1516 d6f858 socket
          3⤵
            PID:1576
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.2.766840665\1000234448" -childID 1 -isForBrowser -prefsHandle 2064 -prefMapHandle 2060 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {662619ea-9457-45a6-9da4-c9e0c21c58a8} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 2076 f762758 tab
            3⤵
              PID:2336
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.3.158091857\867205347" -childID 2 -isForBrowser -prefsHandle 812 -prefMapHandle 1668 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b13fc4da-80de-42bd-9e63-7c46c4288a34} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 2428 d71958 tab
              3⤵
                PID:2740
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.4.423426311\1795153767" -childID 3 -isForBrowser -prefsHandle 2904 -prefMapHandle 2900 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a142ea35-542c-4fa8-8308-5dec3a5d1fe8} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 2916 d2f058 tab
                3⤵
                  PID:2112
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.5.1197069356\1230860611" -childID 4 -isForBrowser -prefsHandle 3720 -prefMapHandle 3724 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1344134-feb0-4c48-badd-42236347b725} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 3712 1aaed558 tab
                  3⤵
                    PID:1560
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.6.883685598\1229240798" -childID 5 -isForBrowser -prefsHandle 3812 -prefMapHandle 3932 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {393f51a2-0601-4664-9bac-48fbc036035f} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 1128 1dde8658 tab
                    3⤵
                      PID:1508
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1808.7.721711779\1789637608" -childID 6 -isForBrowser -prefsHandle 3940 -prefMapHandle 3944 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 804 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85f58a67-8c9b-4807-804d-f07d4a86ce68} 1808 "\\.\pipe\gecko-crash-server-pipe.1808" 3828 1dde8c58 tab
                      3⤵
                        PID:2812
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe"
                    1⤵
                    • Suspicious use of WriteProcessMemory
                    PID:2536
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe"
                      2⤵
                      • Checks processor information in registry
                      PID:2956

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    7a78b9b2736cb97599384e27bbb15ec2

                    SHA1

                    fc8f1c2994cc527d257168b0fbe2ff38c5092347

                    SHA256

                    2f94fcb5f2fc5e692d283a7539a328149b29cea531bb087ff8a262b48515cc69

                    SHA512

                    25392df8049eae810acc9b9c08cd4e3f9c32032e8ceaa242e26cf434ca260d05feebae940e8722899d1c35bf1ca3d1377cdad577002411f7bae774f871c8ada7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\89a09c89-cb04-41f7-8a59-a5311f1ca94b
                    Filesize

                    745B

                    MD5

                    d6473d434211f4042abe0a26ac25f504

                    SHA1

                    18d9b3baf1613fc233235dbb42f917362f7cfa0e

                    SHA256

                    8414bf78076b34b9f883b185143bf01119ee06e39cd81cb3ea7f3df4665c5a8b

                    SHA512

                    9a98181e4774d8de5220987a050dbb83128006860546d01711ba6e391f74b3c4f17483ead5de4fb1d7b03a0ccb616b08319f06275e407bc4e1c904f12a4f33c1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\f56d7595-62c7-45e3-8aa5-373ee2ea755f
                    Filesize

                    11KB

                    MD5

                    19ad49a37c93269f55699985f5338728

                    SHA1

                    0de2da2ca49c40575b20074f7b1124ce53d80ab8

                    SHA256

                    b9969c2bb30e5dfd0d5c966eff0cf84dd0261f1451fc6e7f02b8ec7073a0c040

                    SHA512

                    6ff1624c915871082ab6eb4fd86d845e4f9d60cadff1d578dcc710b753ff44a839086da5e375e5062a56d9586a299ec93cbd0e20fb4d9d5a627e40efa8c8f479

                    Download Submit