Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

prv.html

windows10-2004-x64

1

Analysis

  • max time kernel
    36s
  • max time network
    37s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2024, 07:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    prv.html

  • Size

    1KB

  • MD5

    6a6a8790217eb40f8850ca3e09c2bf12

  • SHA1

    e81777a9ab0d9eb352a59bf79edf80048ac03789

  • SHA256

    b3f097d9b0dfd036c7a8d5deaa131f799eaa966564952105ac3692be016c2295

  • SHA512

    3068d5c81cd33cecf24d6f15e9bc35b11260dba2a495630d35e84c362ce61eb4fe3e96f43857a0669f4e010093157e72402aba342abf5ca455d8781eceeb313e

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\prv.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3348
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\prv.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4112
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.0.1757652437\1464682837" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e23c9a20-59f6-4b30-880f-b8440d018266} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 1964 2132b9e6758 gpu
        3⤵
          PID:4252
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.1.1077570304\1717110545" -parentBuildID 20221007134813 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7adb57a2-84b4-4378-8a67-8227ee72ffeb} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 2396 2131f072b58 socket
          3⤵
            PID:1536
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.2.27686245\2043411262" -childID 1 -isForBrowser -prefsHandle 3144 -prefMapHandle 2988 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbc941cd-d535-4e0f-b2d1-f224f0a86705} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 3108 2132f9d6e58 tab
            3⤵
              PID:1108
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.3.1139922018\125437188" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57cc51ac-ae68-479a-a4a8-9f7a7e8638e1} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 3588 2131f069058 tab
              3⤵
                PID:2372
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.4.1132814370\1133529245" -childID 3 -isForBrowser -prefsHandle 4832 -prefMapHandle 4812 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49fb5bae-ea31-4bac-a58b-0d94f44ad78d} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 4840 2132fad0558 tab
                3⤵
                  PID:4448
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.5.1151433349\337128819" -childID 4 -isForBrowser -prefsHandle 4952 -prefMapHandle 4956 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f0aaa2f-bd9f-41cb-8963-84b55a4018f5} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 5036 21331c8c258 tab
                  3⤵
                    PID:4452
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.6.1265606620\1583088375" -childID 5 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd8537e4-fe8a-4c5e-adcf-ddab046e0981} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 5144 21331c89258 tab
                    3⤵
                      PID:4444
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.7.1129799663\1984054621" -childID 6 -isForBrowser -prefsHandle 5560 -prefMapHandle 5604 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da63c0e4-cc3a-4705-b9cc-30c918eaff97} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 5612 2132d362858 tab
                      3⤵
                        PID:3624
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4112.8.1621649512\788408670" -childID 7 -isForBrowser -prefsHandle 3032 -prefMapHandle 3548 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb0fba7d-2410-481c-a1a4-6c2173694b11} 4112 "\\.\pipe\gecko-crash-server-pipe.4112" 3508 2132d026058 tab
                        3⤵
                          PID:5688

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      945c9b32a7113b20f68c3053a0537ac0

                      SHA1

                      7271d9e2064f97f9f1d6fa6ab7b50cba426e4837

                      SHA256

                      ed02e46e1b18e2b63a43168106d13ac264387434077187ddbb8b6f3e7b707225

                      SHA512

                      78f54c670407ea9a186086abb2d8ee63a7d604827b24460aa60fd6c6d6f50b8c50f17d1ad5c04410a304b397808122a8a813b41338da58bae1868a910d6cc602

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\pending_pings\06f270e6-c684-4b84-9c0d-29e54aee7d98
                      Filesize

                      13KB

                      MD5

                      606dac0f45f39e29cc659e0983590eeb

                      SHA1

                      18810555239f021c0510658d93a15189b2051b27

                      SHA256

                      837a017a2f360bc48b0e2442cb84932fd850e7b1dc968090fa834ce4278aee64

                      SHA512

                      4b63cdf79087e5db2a5fabd139811160c8e0dbd2887a5a3fa4a553faae93b891d9ab1fbdb4cfe61bebce73130efbcd8253f6fe04086c97a0506610243f5b664a

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\pending_pings\0f41f4ea-2927-4043-8b5f-7cb6aa688e4f
                      Filesize

                      746B

                      MD5

                      4ff01c13277527f28df9e3b82f286904

                      SHA1

                      eec76e89edbb27654ec6348a300f654b16e057fc

                      SHA256

                      bd4e4305ecea35afc53b6610a7e87d1fed3ecb3ad6b77db147c2441605d02ee5

                      SHA512

                      f30e0713b83c9a604faa3df50fc52266298c5bcdfef8928951f4efa95f54968a72af8d30e211ef437372b66bafb0a221aca692fc5f3be7e394cfb2023176456f

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      5dd2a59e783c1baf1e34a5ecc0de6f1d

                      SHA1

                      beea1eed8e91e348eef60ae661ed078ec414443e

                      SHA256

                      ba99c2b17fdd49cf4ccfaa3dd5de068347b9f38b1bae43272c8170c7d2bab2f0

                      SHA512

                      b66f0bb28937451054248b498314b4f71c597733282448aaaaa62d24517e9296c793168567ff40c904ec67e4de4f71248fb7ad0f7c7a51e49a28e5b3b60a6f6b

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      a4d8a4a231e10bbfea0d970e73e69f68

                      SHA1

                      a19de3eead7b8070bdce136f884fb81bf448ed55

                      SHA256

                      fa184ed811afa843516d96e455c449e16dceaaa6501a507c45ac0ed985e6c412

                      SHA512

                      b88547d7888323b8ddf59640961bf9b6fa067101d4fe0e7182a88528fb3a9780c8c6601c6ce626ded5a3683d7d2b89907c6d5efc6aa56aca5bc642de62b255fe

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      931264166146362885c5894a356ed1d5

                      SHA1

                      bc7cbd5ef8ffe0cad7c590f53ae75c7c3f765291

                      SHA256

                      f39b16cd5f8c6f65046753cdb3a5c12f5e0a15ed1861e4c4498709d7796c5a63

                      SHA512

                      cfe763c6f8d21bd66ceb5cb6ca50381707a1bc4fcb50a9d812b84c5476312d7380453c1a61ecee7215acce952c42cfc91897bf57526941408a89a8709d0fb1ab

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      668a95fbdd34dd9cd0ee1bfdf8590162

                      SHA1

                      ac719e5b0c1c117b071f132bbe584503a357214a

                      SHA256

                      9c78785070c3ea122be8fd54db37ee5c069592b0762c421c644bc16981fcc1de

                      SHA512

                      7ff75de09a146ab4d9608e9ac73af5ad8b10b69f6cbcca219d15bd5754bbe05d4df9e7a98950af092e5756bdae47329d510094ea374ca51deb6f39bb65c6ec34

                      Download Submit