Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://www.kinitope...

windows10-2004-x64

6

Resubmissions

11/03/2024, 13:39

240311-qyfpzaca6s 6

11/03/2024, 13:36

240311-qwe1naca2w 6

Analysis

  • max time kernel
    156s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 13:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.kinitopet.com/

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.kinitopet.com/
    1⤵
      PID:3984
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4028 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
      1⤵
        PID:1648
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3716 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
        1⤵
          PID:1956
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6132 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
          1⤵
            PID:680
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4936 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
            1⤵
              PID:2376
            • C:\Windows\system32\werfault.exe
              werfault.exe /h /shared Global\ba99b2f27ab44478bfcb22453dfde502 /t 4920 /p 3112
              1⤵
                PID:768
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe"
                1⤵
                • Suspicious use of WriteProcessMemory
                PID:4940
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe"
                  2⤵
                  • Checks processor information in registry
                  • Modifies registry class
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  • Suspicious use of SetWindowsHookEx
                  • Suspicious use of WriteProcessMemory
                  PID:4756
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.0.1371409930\1337837169" -parentBuildID 20221007134813 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cad101d-0ad5-4e47-b393-6590746e516e} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 1972 1fa636d8158 gpu
                    3⤵
                      PID:3904
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.1.1338302718\898242216" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba58ccc8-d38d-498e-b321-93bb8e915440} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 2360 1fa635fc358 socket
                      3⤵
                        PID:4504
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.2.1986463429\147402452" -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 3016 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b7ef9c3-787c-4983-9bdd-c613ce077eb8} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 3068 1fa676c2758 tab
                        3⤵
                          PID:4296
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.3.54994950\1466538670" -childID 2 -isForBrowser -prefsHandle 3688 -prefMapHandle 3684 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ae15aaf-acb3-49d5-a7c3-d26c57653460} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 1140 1fa6602fe58 tab
                          3⤵
                            PID:2392
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.4.1576677985\2069850535" -childID 3 -isForBrowser -prefsHandle 3480 -prefMapHandle 3492 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9540068-07e3-47a0-bf23-95dacc20841d} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 3956 1fa66097c58 tab
                            3⤵
                              PID:4556
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.5.1792850305\642325315" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0873a106-d435-40bb-a39b-558eb41a2086} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 4880 1fa65eb4c58 tab
                              3⤵
                                PID:2376
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.6.54499769\1217686139" -childID 5 -isForBrowser -prefsHandle 5100 -prefMapHandle 5104 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05a2d2ef-7864-4e77-8ddd-b75db0a00087} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 5032 1fa65eb2558 tab
                                3⤵
                                  PID:2576
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.7.116119256\1293789401" -childID 6 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e3cedf2-a1e6-488f-a74f-6f23b2c91755} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 5036 1fa65eb3d58 tab
                                  3⤵
                                    PID:4976
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.8.1566070695\1360147677" -childID 7 -isForBrowser -prefsHandle 1684 -prefMapHandle 1680 -prefsLen 26471 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a249e844-547c-4335-a06e-9be1ac0613db} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 3324 1fa69ecbf58 tab
                                    3⤵
                                      PID:1612
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.9.641672750\30039162" -childID 8 -isForBrowser -prefsHandle 6048 -prefMapHandle 6052 -prefsLen 26471 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad8b7190-8522-4de3-9a70-136468f34df5} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 6036 1fa6ae2ce58 tab
                                      3⤵
                                        PID:5528
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.10.1772957851\1719267335" -childID 9 -isForBrowser -prefsHandle 6200 -prefMapHandle 6204 -prefsLen 26471 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c197d98f-d9ce-4f0e-b1f4-6503ad4861ea} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 6192 1fa6ad2ef58 tab
                                        3⤵
                                          PID:5536
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.11.675841356\811834825" -childID 10 -isForBrowser -prefsHandle 6244 -prefMapHandle 6436 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1128 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe567da2-8436-4af6-b785-e4f7ed42536c} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 6424 1fa64f86958 tab
                                          3⤵
                                            PID:5736
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.12.1821293108\1997844190" -parentBuildID 20221007134813 -prefsHandle 6424 -prefMapHandle 6232 -prefsLen 26646 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e247c56-fcd5-4dea-b0bc-ec24b059d7ac} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 6416 1fa64f87b58 rdd
                                            3⤵
                                              PID:5956

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
                                          Filesize

                                          2KB

                                          MD5

                                          ae780f87550d43611145d5243ff44f80

                                          SHA1

                                          ccfde7d72bfb482c780145403765b34e173fc32b

                                          SHA256

                                          fe46dbbff73ecc8dc56fe6998dc889074bbf609d06dc8a67dd51cc7383707331

                                          SHA512

                                          f01f7cfeb6b72b9b021ed532f5accd80f2b2c1646f982ef3be866d9ee95f8dbfb375f9fe4cce3d3b553721ea2052b33181769555b8b633f76e1748af26c87870

                                          Download Submit

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\8efecd91-024c-490d-bb95-8939626d9b5b
                                          Filesize

                                          746B

                                          MD5

                                          e4032354bcc3dbfaf4242534a2cf9d68

                                          SHA1

                                          bda4ecbc76c8d071d58da5358eb98f55592730f6

                                          SHA256

                                          7d2a70b09a8a22d19069dd35aba1ca2584e8473b95c890dc6db051ad5bc59ec7

                                          SHA512

                                          0aa4ac8ed959dd9d41a9124318f9c1300c800e01df504ecef63aaf9a9016dcaa9fbb70551d24d8d99dc0231d0d89e4f4ff3aec2833ca9ce99956ef769c5287d2

                                          Download Submit

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\e169de79-edfd-40eb-a23e-1af78bdea0ab
                                          Filesize

                                          12KB

                                          MD5

                                          dc7dce58f383a085b1169ebcf29bdd51

                                          SHA1

                                          caf68149c7ad3296477eca66fdf6448d12887d78

                                          SHA256

                                          62fa75ea198c9243226c6a559f45ac5c4f8827c9c43c7e33e489bb19030ebc6f

                                          SHA512

                                          8bb585446d1d5d5f833cd0f6a70d5b1adcff6651f54f947e1a110776d7b7f2878de8e42edcaa74acb41732a34105f030eb6b6aa81bf7a932f0bad781249ad752

                                          Download Submit

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                                          Filesize

                                          6KB

                                          MD5

                                          99b16a916fc0152238440800f7d5e333

                                          SHA1

                                          26f54c22ecefb9aaab1bc8b38cc8e908d5c2a5ab

                                          SHA256

                                          5cc8dc12d8fb5b83d1a89628a27eed3d161f37159967254bc54ad6c8b0219945

                                          SHA512

                                          dba3b6d831d5928b1f6dfe2ec7255d252f85e4c68482ea4eb144b1c5555b11d2856f159ee4525db1f5e2d589e4380ca7dc3987fd260a9a058861c45b5d3c92fe

                                          Download Submit

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                                          Filesize

                                          4KB

                                          MD5

                                          b4161cbaef8d053cd7e4266445b21f66

                                          SHA1

                                          aac063dd6a26e63033426d844fcc2e58dccd843d

                                          SHA256

                                          b1969150426147556ea0544c2cbadb161ee7ba81f8075a2070bfe755e9f685ff

                                          SHA512

                                          3279518ed7bf266e8a9b4cbd603dfb15a309e7ecbb32ed650830017e72a4a0556338f5fd6e99f7fa67fb4f980b57ae527026d46f2622a8c430df7620ba8c5a67

                                          Download Submit

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                                          Filesize

                                          1KB

                                          MD5

                                          21f832b0a17751e1442206139968523a

                                          SHA1

                                          907cd243ee75113ee1bc767af6a826b4833b1779

                                          SHA256

                                          9c2d286ea006433e62a552cea4d880e3871375a2469c3ab398cd7150bd999e8b

                                          SHA512

                                          e5ed4b863bbbc456a9a4447078ce07f8dab8e495d2b342d2fe100dee1b0becf2290f869d989faa79ece3a0b49412b857d4e19e86706c6f57255a4e4c8aae587c

                                          Download Submit

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                                          Filesize

                                          1KB

                                          MD5

                                          f404293bcf23ed452d7a6fd7b7d239a2

                                          SHA1

                                          0b89062d92d278f21a57903731206b82cf0246ed

                                          SHA256

                                          540cf1ef6ff64895f09a2440f8a1655196518fa5117b84a3ae23974ea627aa84

                                          SHA512

                                          9cfe788584b3e52c2a02402af9f9e11a0c7e11c4360a92daa2986aee235a8299f031c5e2a4e63c7da992f29929b1b7a9b8958a80438df6ca2416c76fdf5a69fe

                                          Download Submit

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                                          Filesize

                                          4KB

                                          MD5

                                          e17ca1f6c90826e372632025c609266c

                                          SHA1

                                          9f82f9c074ffd77279c289921e867d268ea5d264

                                          SHA256

                                          ed08c038e00987ae5f3d0ede58fa5f5d7a4156a681c0b34260a18e32d2f1004f

                                          SHA512

                                          33912ac779bca8b48c747ec570fdee515a7cb983fcf231427221c408a4b0d1e2ce74b4b5cfaad5579391b743c8a4afcc545add86a3c9a853b41a401ea17d791b

                                          Download Submit

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                                          Filesize

                                          4KB

                                          MD5

                                          11a564e936f3014ab62031daba9711a5

                                          SHA1

                                          e9c64c1db998e47f6d02b723d9281d8e61cdb60d

                                          SHA256

                                          1ca5a73709a3c41e9ece8bd4eac3a65c131d152df06ca2eaf1dba8e033fa78f0

                                          SHA512

                                          9c963adc4105a1b51aa3d20bfb2a0b0e8b3182ef8fb89c0893cf0f703673c612f8d4dc7e4f7f5d07308e600dd4c4a9405e74d04d4628f81a7473eeb0a34f219d

                                          Download Submit