Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://royalmailll....

windows11-21h2-x64

1

Analysis

  • max time kernel
    13s
  • max time network
    17s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240319-en
  • resource tags

    arch:x64arch:x86image:win11-20240319-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27/03/2024, 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://royalmailll.cyou/IFUdsH12UK

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://royalmailll.cyou/IFUdsH12UK"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:6112
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://royalmailll.cyou/IFUdsH12UK
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1324
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.0.1414478892\1681680899" -parentBuildID 20221007134813 -prefsHandle 1796 -prefMapHandle 1760 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {896eb2c4-358b-474a-9b94-1302f35c3c15} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 1888 14924ddbb58 gpu
        3⤵
          PID:244
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.1.1994173322\713331336" -parentBuildID 20221007134813 -prefsHandle 2256 -prefMapHandle 2252 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b2b366d-f749-4669-8c0b-a7980815893b} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 2284 14924d05058 socket
          3⤵
            PID:1728
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.2.236823137\1901302390" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 1612 -prefsLen 21601 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10990377-7b72-4717-a041-a333058cd20d} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 3344 1492652cd58 tab
            3⤵
              PID:344
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.3.286634431\1309087008" -childID 2 -isForBrowser -prefsHandle 3844 -prefMapHandle 3840 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0551c22-7c23-46f0-bc25-a5dcc049ae39} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 3856 1492b386158 tab
              3⤵
                PID:2952
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.4.321267589\1088433753" -childID 3 -isForBrowser -prefsHandle 4960 -prefMapHandle 4956 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1594b5e-92d8-4b13-9ef7-c35ede2eec5c} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 4976 1492d1c9558 tab
                3⤵
                  PID:2296
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.5.2124764518\1403435909" -childID 4 -isForBrowser -prefsHandle 5100 -prefMapHandle 5092 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e7f1d45-6409-4162-97f3-69dd9c28fa7d} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 4976 1492d589d58 tab
                  3⤵
                    PID:2904
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.6.1874401807\403898743" -childID 5 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da01846a-0828-42e6-baa2-d6fa41ea4750} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 5208 1492d588e58 tab
                    3⤵
                      PID:568

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  7bdd78042ba85a1f5895b0d9cc2f923a

                  SHA1

                  6de817356edbe31e55853483fd0a0fdef4183bf9

                  SHA256

                  8716863513a56c2e7102ff2453b2285175fff18f402a7a5cac4c6909b67c86c0

                  SHA512

                  b1add215d8b71bddbfc54ae6e27c2892fb9f839fd6e3b8f9d2ee67163ad5edef8f92378d6000af444b59ec518a8e3f2772f581b7b4b3fe4b187dce48fa9155ff

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\datareporting\glean\pending_pings\756d4a2a-41d1-432e-95d4-26019bd85230
                  Filesize

                  12KB

                  MD5

                  26cb7f86a3f256094457010178444f96

                  SHA1

                  9a7773c8979aa42feadf78b7370a47772a2e7342

                  SHA256

                  8c4940ecad6d42eb514ae69239a4ce1574ded2695d3ad9d490d18ec884a4e203

                  SHA512

                  3c2e7321b47ce2ab82d9ca4868fcc5aed40b28a4b07443e67105b3644970290c8b1d56b7c5a1e3a004f3afd594781d0477356ef55a64f97cc3e1efa8bda8d0c7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\datareporting\glean\pending_pings\f87e0a56-19f7-46d5-954d-68264323db0f
                  Filesize

                  746B

                  MD5

                  97f46090833ca7376a5d9d50cde8af37

                  SHA1

                  d45c43407a78ebdcb2098c8ee29140654ca3758e

                  SHA256

                  dcee7c42e9df774d6247a485bd9788e2af2c9b021cfed080fc1c39c51b796654

                  SHA512

                  681295f2dfb65cf22148e34f86a086667a2f00c1d15e9b35fbd439464e04abb20bc146002811ca5a83a0266e8369b13656ad374354e276ec23b5230db7a135d9

                  Download Submit