Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://clr8.cc

windows10-2004-x64

1

Analysis

  • max time kernel
    291s
  • max time network
    297s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2024, 22:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://clr8.cc

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://clr8.cc"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4964
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://clr8.cc
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1448
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1448.0.165931975\1533023316" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39a67fa7-cc1b-42ab-a3a2-9b9b0b7c0ed2} 1448 "\\.\pipe\gecko-crash-server-pipe.1448" 1980 1b82c8dff58 gpu
        3⤵
          PID:432
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1448.1.780635965\1345884963" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e509994f-5ef4-4d47-bd17-8157af979579} 1448 "\\.\pipe\gecko-crash-server-pipe.1448" 2404 1b82c7fd958 socket
          3⤵
            PID:4812
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1448.2.1208319221\653301895" -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 3132 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {788fab5b-d778-437a-af90-92e919ebb38e} 1448 "\\.\pipe\gecko-crash-server-pipe.1448" 3140 1b8307dbe58 tab
            3⤵
              PID:2316
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1448.3.698400028\1877965293" -childID 2 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {359308ec-13d7-467a-a564-61bd4ec91e42} 1448 "\\.\pipe\gecko-crash-server-pipe.1448" 3888 1b82f5c8058 tab
              3⤵
                PID:4968
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1448.4.2143815285\345768050" -childID 3 -isForBrowser -prefsHandle 4528 -prefMapHandle 4884 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4db1c6c4-29d2-41c0-bb0e-e7ebfd82964d} 1448 "\\.\pipe\gecko-crash-server-pipe.1448" 4944 1b82f5c8958 tab
                3⤵
                  PID:4432
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1448.5.1813008569\1845174744" -childID 4 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b301d38-15a2-49d1-9455-974a143c3b86} 1448 "\\.\pipe\gecko-crash-server-pipe.1448" 5076 1b832ecca58 tab
                  3⤵
                    PID:3892
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1448.6.331492698\1469192153" -childID 5 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68561b69-d28e-4885-8e2b-52f32203cff8} 1448 "\\.\pipe\gecko-crash-server-pipe.1448" 5276 1b832ecdc58 tab
                    3⤵
                      PID:776
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3144 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
                  1⤵
                    PID:5636

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\12171
                    Filesize

                    1KB

                    MD5

                    c5e3eda80ec113f792e28037b3196694

                    SHA1

                    8c460efec73d3b74d491c267679771b5e20def09

                    SHA256

                    d0c1e05957488631e126cb18bf72215c0948513e7ecd030babe6d9a06f1c2722

                    SHA512

                    13f68b40641c72969120bb859317d79af9d4a3bb0d50d5df75998987519aff96d36ea2a46589d89838fd541b590b191661d8df2e1bbf701ff58d319bb7460139

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C
                    Filesize

                    13KB

                    MD5

                    d0ef837db76a04b68e640f15dadaf1f4

                    SHA1

                    73334388f93783ea8e06ff883e6551d59c393547

                    SHA256

                    8a60f1256145e9ddcf5a2fa8950ecffc91383fdb694484a4035e454e9e2a05fc

                    SHA512

                    a243bcdd5ac4ec512fef67bb3238e462c1bee29e490ee4641d4121fac76700e363a361baf13ea905c24141227e68ca8932bf02db5fc91126249a5ff3dfe9ba7b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    442KB

                    MD5

                    85430baed3398695717b0263807cf97c

                    SHA1

                    fffbee923cea216f50fce5d54219a188a5100f41

                    SHA256

                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                    SHA512

                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    6.1MB

                    MD5

                    54d181bec1842dca7299b8cc65c753ed

                    SHA1

                    a9d8c1694f4985bcb6cf778bb2c474281ed85c39

                    SHA256

                    1c28e4f6443e83d0ad28a1a57b63a9c99f32483096f3272e0a05cbc7e67627d0

                    SHA512

                    3ffae5659b5ffc5355c16eed45518cb283b89ca68b4d39b696618913ef8a35feaf4d3394525febd37d97d424f6eb6ec78f658cd9f5ede5a36bf73ab07afdbcb2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                    Filesize

                    7KB

                    MD5

                    fa7eacf13351c3f2d83a0537fb32c190

                    SHA1

                    ca783ff1549c398c979e3afec2551551948c9a91

                    SHA256

                    1d53233de13158008b46ca4cbc4094cca9379de9ab4629a8a1cd44002ea35bde

                    SHA512

                    ec3163fad410f0f4886b2c874f1f2da07d69c6b831494ab0ad3be52c11c025e29f65e023ccd6b2282c306563ba599acd4d6aacc87797273fc288f571350e9242

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    6389c4e246c4cae4ead5d3d6778236f3

                    SHA1

                    53168490eb16e9efef0b12f75e2c6b43ab31d269

                    SHA256

                    8789450305b353bd667e48f69cbd29552e530c8189e5631a9b4b4484da52eb4f

                    SHA512

                    78719f7200b195365405c28f34689f9311bb0eddd4862e731ee4199b84433624bd544301159d076bba83bee97f815368f536647570c25d732c50d75b781318ad

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\8c0726dd-f4f5-44b1-a8a8-ee0860075790
                    Filesize

                    746B

                    MD5

                    499c1906cbe9a543244fc8db2e639a3a

                    SHA1

                    349cb5b5518d304e2d1f33d26d4fdc8f9825a307

                    SHA256

                    56b97ae50416717830d813536f31fa1a6aa2824d934ca499f9d375ee4be08aca

                    SHA512

                    4a64dab77c7a37c0c07378b3c0bfd806e4f7b72bcd5d455aaf88ecd167caa1f224c594ce54b29cc05a536c7e095555440d0b678f7ed1624c5fa66577a8bc39e8

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\d59f2262-8bed-41f9-bcd8-3e844d7602f1
                    Filesize

                    11KB

                    MD5

                    3ecf7a4663de74e272c3e45794de6bda

                    SHA1

                    0aff469efd501baf7109d5d8b94fc1cf2f8b0dba

                    SHA256

                    2c5998c4d0cff3eab197b92bd1d6b722e5e284812befaa0244b5280eb8d293a6

                    SHA512

                    a655afb888886c23290b882d5a3171a90f775b8475d6e77f8639e2dbe0b6039585322a6b6a65adb3fd69189bea86b6acb25aaa2c6d04793120e52a8c6cd533a6

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                    Filesize

                    997KB

                    MD5

                    fe3355639648c417e8307c6d051e3e37

                    SHA1

                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                    SHA256

                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                    SHA512

                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    3d33cdc0b3d281e67dd52e14435dd04f

                    SHA1

                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                    SHA256

                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                    SHA512

                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                    Filesize

                    479B

                    MD5

                    49ddb419d96dceb9069018535fb2e2fc

                    SHA1

                    62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                    SHA256

                    2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                    SHA512

                    48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                    Filesize

                    372B

                    MD5

                    8be33af717bb1b67fbd61c3f4b807e9e

                    SHA1

                    7cf17656d174d951957ff36810e874a134dd49e0

                    SHA256

                    e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                    SHA512

                    6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                    Filesize

                    4.8MB

                    MD5

                    c87db8940e51e7e933b2c89cdf6bf1c0

                    SHA1

                    727d0aa08544b0b7b4ca0fd7fcbfaafaf00f0ac3

                    SHA256

                    02d048b6afdacc06cab073f1d8c776e775b515fe4a95eb86fb1fedc84557ec2f

                    SHA512

                    5204130cf5d4ec2aa32666d1cabbb321ca87ba77254230d811d5e93eff8d3ac3bf89589312410baebcf785a8f8e2cd7e020eabb61197823a1d9dd1731caec7e2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                    Filesize

                    1KB

                    MD5

                    688bed3676d2104e7f17ae1cd2c59404

                    SHA1

                    952b2cdf783ac72fcb98338723e9afd38d47ad8e

                    SHA256

                    33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                    SHA512

                    7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                    Filesize

                    1KB

                    MD5

                    937326fead5fd401f6cca9118bd9ade9

                    SHA1

                    4526a57d4ae14ed29b37632c72aef3c408189d91

                    SHA256

                    68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                    SHA512

                    b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    de0c839c6b595da2f4db4023705a49c6

                    SHA1

                    023900cff9b5348629a35a7a50a593c37e4bd1ab

                    SHA256

                    58bb7f3f6dfa28198023088aaf4df413f9779932633b4aee9ad6613c8e220634

                    SHA512

                    43b7aaabc5cdf94949273956856c2a82c74754529c254e75275a26155f7d358b1e0b1c58dac6670313fc9e197c48916f395afa888559436f3cfdbf755efc7839

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                    Filesize

                    9KB

                    MD5

                    933407bbdef51ef76662a03eed650215

                    SHA1

                    c897e9db43c48fdfbbad1352344003b6fa9fc416

                    SHA256

                    5dc5b381e7a293f79201df449634e853b989fd04f261cf245212e05a8c2fbcc7

                    SHA512

                    1cbeffae5272d969e83350fe14aecd4deb6cd517865143dd48c9b0ecb84482b60719fb6b213a28f516daaaf91f1dbe70708180aca41f6bd6e0fb63713f15a3bc

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    2bf1117a7b036fa4c4dd505693bd519e

                    SHA1

                    73a698bfc2b15b24b0135b0ebf3e18ec6ad577d6

                    SHA256

                    6dfc5fc982ace39a9f8a9fb182b1ea05152cffd911fa441428ee2869d9283fc3

                    SHA512

                    2b40e8db376c31e951b2c9ddbbe882aa559a2cc5a2f773bf4bdb20db12adddc5f7dfb5cd90d54693d9834a956e6125c74ddfdfc55508d509e8d55a5e02237e1f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    e2b9b5490784be70bbcec468b976b105

                    SHA1

                    6f541cbed7fbe80e01c29c7cf90a73446d24ae9b

                    SHA256

                    c70f94f886d815af5ae9b9ffabd4acc0aa81f35e41470856c226b10041f60ecb

                    SHA512

                    101e2767132c1ab9065b6f2c399de69f1e4d9b0d74af79910fdd896b22e92b3e784e224c64e53f65afe6b06cb3cd368823fffce68f8f878299f6209df73fab45

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    1.4MB

                    MD5

                    0d0576d36db2194990144f362dde0eb2

                    SHA1

                    c00be314e259a8af6c3862349c5630085b5cdecb

                    SHA256

                    fb3c05f36750765537dfc192bd8faba00cf042a0feb11deee1a2bd30f599b341

                    SHA512

                    2992a9e873df0e77a3f6edfac3a9d116b09c7970f7b6ac1b333c70c4d036e8b92f271e0015ffb190219381c51f666f34702612c988098f2a1e891d0662b406e5

                    Download Submit