Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://ryb.ct8.pl/

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 20:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://ryb.ct8.pl/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 61 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://ryb.ct8.pl/"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3896
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://ryb.ct8.pl/
      2⤵
      • Checks processor information in registry
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2932
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.0.177102101\936707839" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bddba23-54e7-45c9-bd56-e209c71199f9} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 1968 21cfefdb758 gpu
        3⤵
          PID:2360
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.1.1213561673\1704057149" -parentBuildID 20221007134813 -prefsHandle 2416 -prefMapHandle 2404 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7fc8f8a-954a-45e3-ad65-93af5132904b} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 2444 21cfe93a958 socket
          3⤵
            PID:4636
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.2.1430035927\542395171" -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 3116 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0dd54c4-f0fc-4508-9987-991fdb1d26bd} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 3020 21c8a8de958 tab
            3⤵
              PID:952
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.3.711980943\372980493" -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c5323ad-89ca-4772-96ef-140d1523656c} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 3632 21c8baadc58 tab
              3⤵
                PID:528
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.4.606014799\1960120145" -childID 3 -isForBrowser -prefsHandle 5176 -prefMapHandle 5172 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {614d545e-512a-44ad-b4ea-675a97215765} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 5184 21c8d458d58 tab
                3⤵
                  PID:3084
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.5.1184410605\2112307453" -childID 4 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {831acfbf-c508-43c5-8d6c-28524f7a3a66} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 5316 21c8d459c58 tab
                  3⤵
                    PID:452
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2932.6.1573008573\888533798" -childID 5 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b03e0b7-53df-4d5f-9664-d919346ad325} 2932 "\\.\pipe\gecko-crash-server-pipe.2932" 5504 21c8d457b58 tab
                    3⤵
                      PID:5040

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  432KB

                  MD5

                  9b867e592747897bdecfc012c0e22307

                  SHA1

                  945761b166739bf4516e8c7fff9671b83d8f1538

                  SHA256

                  0e549eb4e50749f5ce3541eccb6f0861ba0ebde52f20d606fe5d2d240ad7af97

                  SHA512

                  4ee8f2be9b94a389dec762810c36f7f8d068f9c1b9eae3ab141e3e85277b18742da83555035b0687a1387635fedfcd7246d3eef930675468aad0a7c9265beeda

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  175KB

                  MD5

                  b1fd29812e86a4c74228a57631043c20

                  SHA1

                  5f3ee6eacb7824e104f5aa7b3fc4b1d8e0664e61

                  SHA256

                  7f13430b161e46df78f284f134b9108c5dc7ad21016ea5ca19307e5b0da942cb

                  SHA512

                  f71def311b3b2ff596b657a6c3ed8da92af0a7168ec810b71279a034079bf8bc5cd9304c0673713db56b6fd7f4a9b0fbf8387561021823506117a3bc043df0fe

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  1a8638fdbd0e0b2eb1e4a5bdb4542c5d

                  SHA1

                  483d88e2797b11c7aafe20dc1f4c3c67cdcc3c36

                  SHA256

                  181093d0fc2f5a515ec608e13a6e180068a39dd4f60bc85582d599e6960c64b8

                  SHA512

                  eb047b6be1a07bdc4c982e13730bf0f4a1bdc9827f5609c23b5d769059601ffd05c3e094d95c3bde0ac2f6a1fd81f73d96dc211539bf999f2aa91e9e1ab51cf6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\2e4076a7-df0a-47fa-9857-8ea72dfcb476
                  Filesize

                  746B

                  MD5

                  483ac2a3d07a267280a1f54dd4785385

                  SHA1

                  4f4d624320327e18ca30fe0cd979d7a0a32a7dc9

                  SHA256

                  e214b86fa3fe901d77cfe00015b7a69b2429a131cd560e78a6bdca00d4aacecf

                  SHA512

                  b806c7ecda18ad419aac03ee1b6374a4cd1704a9fa8ed0d1af8e7eb1a81f99005c2c04a61fdd76a5c21b14483a69320ebc0aec0c274425e95e9410d0a6f64924

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\3547118b-0943-4fec-b980-ad2cb5d4ae77
                  Filesize

                  12KB

                  MD5

                  607ed5bfd5f2561fbdbd480fb20b06ca

                  SHA1

                  f87a6b4484d96df041750cde102777064c344480

                  SHA256

                  9ab71bf76d01aaf07f74f3e2439e1226cc1fec2eb498495840b8759058a46587

                  SHA512

                  be95de3ee4e582c813b82f83960d4607b5e2710dfe602c711c99d147d20b90fd76a96f1e417e371166e1622da301289016664717da509a564a9d2247b334842b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                  Filesize

                  306KB

                  MD5

                  5ffe4564372558efce65d3489eaa283d

                  SHA1

                  dd4841277981219ddf63884a68e5bda25a095d05

                  SHA256

                  81ffe0c0eed89f51cf72b8415e3352d3177992c29e6cba00faf8b3f10dcac809

                  SHA512

                  2f8e24c338ccd4cc24a1dc012a6dedfcaae72153cd76d7e40937f98719d70754e4dce4c8df8b3b62dc4d2a897671617878c9815727779de398f4bed6e4440290

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                  Filesize

                  479B

                  MD5

                  49ddb419d96dceb9069018535fb2e2fc

                  SHA1

                  62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                  SHA256

                  2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                  SHA512

                  48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                  Filesize

                  372B

                  MD5

                  8be33af717bb1b67fbd61c3f4b807e9e

                  SHA1

                  7cf17656d174d951957ff36810e874a134dd49e0

                  SHA256

                  e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                  SHA512

                  6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                  Filesize

                  371KB

                  MD5

                  dd96b53fe41a0e825e0aaf622542c376

                  SHA1

                  c7a81bf183009fc668537f4a3f3e08ba5731036d

                  SHA256

                  1d804f2f8658445d3937fbf629013af918faaf9b67fa42905d07fd6128946d62

                  SHA512

                  169716157a49b852680170177199142ff615906c720ff43681a7d433bb6a7a5429456eb1e02b2517df2fb8dfa59db052270f9cf78e0bd3d92a34d464482d8233

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                  Filesize

                  1KB

                  MD5

                  688bed3676d2104e7f17ae1cd2c59404

                  SHA1

                  952b2cdf783ac72fcb98338723e9afd38d47ad8e

                  SHA256

                  33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                  SHA512

                  7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                  Filesize

                  1KB

                  MD5

                  937326fead5fd401f6cca9118bd9ade9

                  SHA1

                  4526a57d4ae14ed29b37632c72aef3c408189d91

                  SHA256

                  68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                  SHA512

                  b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  2c8676f06b949c4134aa1aa59d989ec6

                  SHA1

                  558a4959d484afdc162cf571229da93d5203a79a

                  SHA256

                  cc8c2f9c2f280336cf0eb41b3ef8f8a8573483a085aa54d198c0f241e1c9e8c5

                  SHA512

                  042c3d8047a731e8a63f93dee81e929f2a844dbf3f619f9624d92c041b506f3c64069d7faebd3995d5dbd8449c237b691b2ff45feee0e5e11c19d373d128b1d8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  4ef54d147f20dacc83d8a15bf2e65433

                  SHA1

                  194f438889f5f332ba0149d18547510493c849db

                  SHA256

                  4cb36188b5f35387710e64eb99c063bb311f69133ada571e8310c9da3d0240fc

                  SHA512

                  f8977fa4185fac7ed3212fe951f53148dda2f0134c29ee7cbd2ab2fc9c624cd7dfa1e7faa18aec68301d0755d801395cbab135dd4738231319fc59ecd0fd833e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  e5a581b737dc04e2b4764660ae255007

                  SHA1

                  cddf825385a829e478cba60fa748162239f22d47

                  SHA256

                  60e6dc068e4750eabc52f13c0a5e500e5884f812a773ec69724c992721687fc1

                  SHA512

                  93db8648f36940d943c9855f2003af7a2931278320ae4f1c4a90a3f42aa3c71a3836c29228ef5c6b2065fa90bccd3ad4974147a9ba5a9dd16c362e5cbc97f9e6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  0fa93640d00daa97b47a42210301af2f

                  SHA1

                  686827b572a0271dc4cb49ced2aa318b4ba4eb04

                  SHA256

                  738b30aa3a0d4a782a90b110e82281808da254243be7513caeee68eb5f91bbe7

                  SHA512

                  70b867482b8c682d4e408c262e86882db275679741026d344961ca989710832d0c2768ad2cdc95da95808dd8b1c7faa28bc4b37d93dcf0f780da314ee4eee094

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  3a90d6991bc9540e0080cda040f1ecca

                  SHA1

                  3b0b7ab83e2119c2f13c9dc2d1d53a46a8074615

                  SHA256

                  daf1940a7c4752dc77ca7520aef7aff9e8304a787fc4ce48628d48612f132eb1

                  SHA512

                  4ec3cd40f9ea4b85ee8cb8c0c0b57efc6af5c05f646f4694df54a092ce5df77faa3b046d6e278622cb24bdce8200b51cb0231cc3eb157847fcdf9c799fd663f6

                  Download Submit