Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://megadb.net/d...

windows10-2004-x64

1

Analysis

  • max time kernel
    1381s
  • max time network
    1172s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-it
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-itlocale:it-itos:windows10-2004-x64systemwindows
  • submitted
    14/03/2024, 14:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://megadb.net/download

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://megadb.net/download"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:988
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://megadb.net/download
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3660
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.0.1365093143\7727439" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4f7a084-a08a-44d3-b1c1-5ed4538208f5} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 1988 1e7630d6958 gpu
        3⤵
          PID:4796
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.1.1848803246\1345872238" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1f7c70f-160e-42a6-b4b5-14f13976aea4} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 2432 1e75676cd58 socket
          3⤵
            PID:2952
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.2.157831665\90419219" -childID 1 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36ff5645-a6d4-4435-8818-4e0aeb8d95ff} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 3208 1e76305e958 tab
            3⤵
              PID:848
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.3.595965644\1012568040" -childID 2 -isForBrowser -prefsHandle 3632 -prefMapHandle 3628 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d182bc92-8b3f-4806-8aba-d6ee539e8904} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 3640 1e756765658 tab
              3⤵
                PID:4560
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.4.521926656\1631849755" -childID 3 -isForBrowser -prefsHandle 4876 -prefMapHandle 4896 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d62415dc-37a2-4854-aeea-150f082749a9} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 4928 1e765b30b58 tab
                3⤵
                  PID:4068
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.5.1965082749\162863801" -childID 4 -isForBrowser -prefsHandle 5064 -prefMapHandle 5068 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {278131e0-834f-400f-a80b-b2d5db9a8bc7} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 5052 1e76938ab58 tab
                  3⤵
                    PID:904
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.6.603451966\1067512565" -childID 5 -isForBrowser -prefsHandle 5256 -prefMapHandle 5260 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f67f88b5-386b-4430-ac1a-4b94b52f8069} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 5248 1e769388458 tab
                    3⤵
                      PID:4060
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.7.501451961\611019365" -childID 6 -isForBrowser -prefsHandle 3220 -prefMapHandle 2716 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8bb51af-af2c-4c12-ad84-15f826417cbb} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 5568 1e767254058 tab
                      3⤵
                        PID:2728
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.8.897418264\1143656631" -childID 7 -isForBrowser -prefsHandle 5720 -prefMapHandle 5716 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6d935d7-cc21-406d-ba94-4a81b336a1bf} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 5732 1e7648e6b58 tab
                        3⤵
                          PID:2524
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.9.1073631646\1338260023" -childID 8 -isForBrowser -prefsHandle 2852 -prefMapHandle 2960 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {330183fe-8599-4c3a-9422-d4b148f22de3} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 4280 1e756767e58 tab
                          3⤵
                            PID:5568
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.10.1302266010\775081907" -childID 9 -isForBrowser -prefsHandle 5332 -prefMapHandle 5236 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bcd416d-3f4c-496f-8a21-d5b2c57e0b2d} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 5416 1e756730558 tab
                            3⤵
                              PID:5920
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3660.11.752391503\1297131294" -childID 10 -isForBrowser -prefsHandle 4960 -prefMapHandle 4988 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31d61207-9325-4fed-b926-ee190c2736b9} 3660 "\\.\pipe\gecko-crash-server-pipe.3660" 5040 1e76ac2a158 tab
                              3⤵
                                PID:5272
                          • C:\Windows\system32\werfault.exe
                            werfault.exe /h /shared Global\ce8c9d132519433d85f30ba2347b246d /t 3932 /p 3660
                            1⤵
                              PID:5692

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\thumbnails\265015ed168a37cf9fbc83e1acdb673d.png
                              Filesize

                              6KB

                              MD5

                              18fb5272f0b6c90bf6b910d07c9bf5f0

                              SHA1

                              b70d8e3a04b17cc37fdd311c2e8a252a8299ae16

                              SHA256

                              087937e241b0c10b86d3c2a39f66b251a3d28b6de7b62b1eef6d253c8e9ca1ac

                              SHA512

                              900983aea2852b0c15761527fa67b41145cb61f805a026bc193550c5b7bef48c7a29ece37927aa3d8703156af8c67163c1bb08c55ff0c4962cbdb0f40632d294

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\db\data.safe.bin
                              Filesize

                              2KB

                              MD5

                              9a37c4794325b866c00264130684c1c7

                              SHA1

                              bc502c76a9c62798a9f6ceb1b4deb338704fd36b

                              SHA256

                              8f024b53d4b6a949020597f851eca471614b3c6aa49b2ead65c21959b668a086

                              SHA512

                              6e01b70c72be7af4e041649f6830c82f2e51e16a7b0e593aa1b327de2c5d2e2e9d8f1881ebdfe534eb2690d32a2d8f4d798809b98d12a900535bec2e909f4a63

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\pending_pings\f0e1bb91-f52f-449f-ae98-567fcceca57c
                              Filesize

                              11KB

                              MD5

                              d1812468369ae5da42912794e5341493

                              SHA1

                              f6646a823307b1c5049d3bec0d44718ed9598d42

                              SHA256

                              ef14d3885434490f64300b2ae394407571813a7024cd4474b1fe0db794ea918f

                              SHA512

                              6bd86124b49e2654d981ae7fc0403cf641d56dfdaaaf2a114aa9a49744bd246fe1364af9591e2fbb188db536ec1089fac4a7c8afdfa5e53f0b85a60616b5ea47

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\datareporting\glean\pending_pings\fa87a801-745c-4aef-a8d0-b1d98387d45e
                              Filesize

                              746B

                              MD5

                              a144378cdf66f7e2076b86cacd2e786b

                              SHA1

                              f071055b0e3a2c6207aebdab8f049b7f8e51f92e

                              SHA256

                              6a6addc6bf542e17d6410eedb2b1e2fab319ad2824d76fdf65223993f49fae69

                              SHA512

                              95c87ca8c391f174365d2c0df5efee0a811dd425a9d1e702aad4762f08c6eef5981d6b5f75d53aaae7a930a6f87a0208fa392a25a5b3f7f4e7f4ae7c3c3d55b7

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              6dd634c86d833ff02ed1f0f47704ceb7

                              SHA1

                              f3e3d887df28d5c7a51e1287846a758e7dbddcb6

                              SHA256

                              953304fe9756f9f00f6ccf4b5f223af23c24340c35bf4a84a390ad68dfce7c15

                              SHA512

                              24b121414714cc124eb0070dbdb5bd6e4c5a3a3f7ad595f190f8aa2758c12bd5a11265aebf9e146c1cce5289b983df3134e765af95eb0d4e58ab2532badf7489

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              64d4da3181c7b0d6cc9f34f92be7928d

                              SHA1

                              eb1f1b24a1bf9866a9fb6f21514de1649bdb43d2

                              SHA256

                              333cdae95c857a9fe4f83ad968448e32a8e3623f4c30222bb5a87c1e5a7afe01

                              SHA512

                              c51ec8732e631663c15daff4910951171038b417f05bafda029ec58940ef66cea94fe9e5e08319f90b6d0888788e6359751c09555946abd771ecb8dd915a94ae

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              1KB

                              MD5

                              dedcc4b689d5f97e9874634453f7893f

                              SHA1

                              7e910392a428a5a947359f613eaff4af3ea0a448

                              SHA256

                              9ca5f9aab9a5e55f53b446917be9adfab549e6f8cd856b9e7af11e7475e3e750

                              SHA512

                              3123b693399d571ed68bd7db23700bfd1a1d2f657bf19cca921aa056e669161753be90f65cf933bc4170d7b10718a4819587dd2118deaa71eda4547f6f91cf3f

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              6KB

                              MD5

                              d32c0a330c7a0ec2881ac8097750dd6e

                              SHA1

                              241c080d84560ab88a295409501268d83d92db0f

                              SHA256

                              8ebc53552786f6dcdc1d0dd41dac3497bc022febb98b4a4799ee4aa86f40c51f

                              SHA512

                              bea51c3dad2aa8b2d5b23d92c6e575a52000c9a189eda2e327c9dfb25d2aa1e412683295e9b94dbd00f3020e063ddad2bda1cd4a7a494438d5eb7f307b39d393

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8kj4bi.default-release\sessionstore.jsonlz4
                              Filesize

                              6KB

                              MD5

                              86876d93c1d4a5b8f16ac62830a4cd83

                              SHA1

                              e338c283d3a275bc9c42560ed1192d5a043b0c78

                              SHA256

                              aec21813838afe14f00181081e79691645194e4d32e96a689b961919845629e9

                              SHA512

                              ac93849d37344f18cdd980dfa3b667b8284f79951284cf09e54330a96a5d368183de66a51f03eac34eb4efa6c0f846114ebbd8ead1adad998f6c919b804fb126

                              Download Submit