Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://mm.reimuhakur...

windows7-x64

1

Analysis

  • max time kernel
    71s
  • max time network
    77s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 17:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://mm.reimuhakurei.net/sa2mods/SA2ModLoader.7z

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://mm.reimuhakurei.net/sa2mods/SA2ModLoader.7z"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://mm.reimuhakurei.net/sa2mods/SA2ModLoader.7z
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2264
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.0.1341757814\192062319" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1228 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c0cd72a-e4cd-454e-9702-7ec71eb06890} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 1300 101f3458 gpu
        3⤵
          PID:2388
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.1.2073129782\1473701922" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {464a72d6-00fd-416b-9561-f1f177f00599} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 1516 e73558 socket
          3⤵
            PID:2640
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.2.1655623421\2059443361" -childID 1 -isForBrowser -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d8d85a1-1073-46ba-823f-ca0200027204} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 2152 1a8a3858 tab
            3⤵
              PID:556
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.3.1971514200\964641581" -childID 2 -isForBrowser -prefsHandle 2864 -prefMapHandle 2860 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ad9dd82-9900-4f2d-b0b4-6a69196774ba} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 2876 1c73ce58 tab
              3⤵
                PID:1920
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.4.583795144\315050249" -childID 3 -isForBrowser -prefsHandle 3832 -prefMapHandle 3784 -prefsLen 26385 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b50dde1c-c3a9-4f00-bf2e-3ccba9223c1e} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 3848 1e342858 tab
                3⤵
                  PID:332
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.5.475449378\1655001536" -childID 4 -isForBrowser -prefsHandle 3972 -prefMapHandle 3976 -prefsLen 26385 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9b56e6a-4f4c-453c-a82b-31f803128602} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 3960 1e630858 tab
                  3⤵
                    PID:960
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.6.53637646\1899743381" -childID 5 -isForBrowser -prefsHandle 4132 -prefMapHandle 4136 -prefsLen 26385 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8deebe00-f796-4204-a8b4-a43720468869} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 4120 1e631758 tab
                    3⤵
                      PID:2872

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  b7db4f175a4db785a793cad276e462ae

                  SHA1

                  5651c0255b823c6c071cde4a2e285d36c851c1f9

                  SHA256

                  141d60a416b8063ae90a5a582d17ef09f5a7efec9f8edc4df669b824538886a1

                  SHA512

                  8e2e73bad721ec2ef49e0917c4927276acc7bb54aa08f0370e1f15eb5537d5ff672521f03d55d1fc6eb93032f9dc7e066fce3d3959deb717d95fe1043ffa0dda

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\00373c5e-1644-4608-a520-8777140707ef
                  Filesize

                  745B

                  MD5

                  6e726a2ebc757c680df5b58d4e89c4fa

                  SHA1

                  3d11c0388f8e3b792ead7b6d1b6525972f27523e

                  SHA256

                  de1c328c23ec21f1bd0df5d3d0f6d6ca75674c61d97b8d01d474609f2cb7e486

                  SHA512

                  f96b967f7ec93bbc4d2107bbafeaf729e65ec22895c90a51a5329523122634fd630e10e269593097b79bbd8e55789f121507944cab2594d3fc555cff01a606f3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\4cc07a3c-db7c-43f1-ba54-6caf5de75c68
                  Filesize

                  11KB

                  MD5

                  37df89e35964c90c8c8873e2a72e495c

                  SHA1

                  7956659757d0cfabbea69bf29e3baef76dbfd09d

                  SHA256

                  132aa21a517983bfd347266339bf3da439d1ab559f066fcc969fe6c2fad2a90a

                  SHA512

                  055e9c7e74b35e896ff7c045cfb829c8e7dde4ad7e214350512c103bbed4e1fa0ea368d15839ceb56a32812505283e5af815cea4b33ef39b4d3a040238f84c98

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  25eb82a70dd58ae6b5cfa508790cc964

                  SHA1

                  3ff22bf4889dccbcaca0a4ee84040fc063562ef2

                  SHA256

                  795f7960ded96e01234465e1b19272a6ab902fa13ee402d0b0e51148ea0dd380

                  SHA512

                  ebc1bce4b7b103d8f8c38499830dbffba01840d91e7d56f0c3e4b2f2e48db359b52b9ec4191adcb2dc9e3f5f5f3cfe81dc5620b425b2e3d5896a2971e94d0d01

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  943B

                  MD5

                  cf70e94fa0eb6729094ac29b6d2d3d1e

                  SHA1

                  800de8744839608b6f126de30733ccae26650e7b

                  SHA256

                  00e297919e8a7ea6abbb4d6cdef9ee75c3af6d900eac3847b856840dcca24397

                  SHA512

                  23c5acae11c8455720073fdf1936bfa2c574396e5e97285dad70b5c681ca048440b664fc4121be9e2a9ad5bfeeb4a53da940e786ce4d0449d8b70b891b93f432

                  Download Submit

                • C:\Users\Admin\Downloads\SA2ModLoader.1_wA34rT.7z.part
                  Filesize

                  10KB

                  MD5

                  f1876180223a50a47bf5438659ee677f

                  SHA1

                  7ced6ee4de1c6451237a423ee90bcde0b4934816

                  SHA256

                  6be3905ad5d8901fdb6d2bd93ceb1223241d5ee6ed8cf4cddcf436b0a976dacb

                  SHA512

                  6a08dec057557dc1799269aa2ec9073504694eeb56f74135aeaa736730f5f625d626b24b2370c8d4899a633f661adabbd99eabf0fe2fc5d4376572fb242d45a3

                  Download Submit