Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://www.zaverecne...

windows10-2004-x64

1

Analysis

  • max time kernel
    33s
  • max time network
    37s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/04/2024, 06:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.zaverecneprace.sk

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://www.zaverecneprace.sk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://www.zaverecneprace.sk
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4988
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.0.1085003443\640889995" -parentBuildID 20221007134813 -prefsHandle 1924 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcdfed5c-8f04-4eeb-94cc-047ea265e61e} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 2016 29f318f5b58 gpu
        3⤵
          PID:5092
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.1.1904324766\1835080887" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76baf8bd-77bd-4692-bea1-82dabff33b3b} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 2416 29f31803258 socket
          3⤵
            PID:4992
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.2.1132340121\195223074" -childID 1 -isForBrowser -prefsHandle 3436 -prefMapHandle 3272 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79368fbf-1054-439a-8532-2ac349ee95fa} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 3424 29f357d5b58 tab
            3⤵
              PID:1520
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.3.1192001836\1816535589" -childID 2 -isForBrowser -prefsHandle 2984 -prefMapHandle 2896 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b428fc65-b09a-4033-ba66-6c5532e171f4} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 2972 29f342f2558 tab
              3⤵
                PID:4928
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.4.995216320\877165619" -childID 3 -isForBrowser -prefsHandle 4944 -prefMapHandle 4964 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {937d7ac5-f492-4b36-b951-1eef3ed0799d} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 5000 29f37c2f158 tab
                3⤵
                  PID:2372
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.5.708068501\148880342" -childID 4 -isForBrowser -prefsHandle 4560 -prefMapHandle 5000 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78ab7f43-b964-4999-a542-ba6b1e7bae0f} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 4912 29f37c2ee58 tab
                  3⤵
                    PID:3312
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.6.1138578141\513964405" -childID 5 -isForBrowser -prefsHandle 5168 -prefMapHandle 4944 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7a77b2e-e12a-40ba-92a8-a8ab8ade64cb} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 5148 29f37de5458 tab
                    3⤵
                      PID:1128
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.7.508564127\773861959" -childID 6 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8cc689b-6b66-43ec-a02c-ccf59bbd5613} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 5420 29f37de5a58 tab
                      3⤵
                        PID:1836
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.8.5342441\871695570" -childID 7 -isForBrowser -prefsHandle 6092 -prefMapHandle 6100 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {651a744f-f630-4deb-bb21-c7692d55c200} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 6072 29f398cc158 tab
                        3⤵
                          PID:1524
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.9.1460834289\702983413" -childID 8 -isForBrowser -prefsHandle 5920 -prefMapHandle 5916 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9323249-e251-4352-b7ab-87038ee0d73a} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 5000 29f398cd058 tab
                          3⤵
                            PID:2116

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        2KB

                        MD5

                        61150a5cac7c6d765f8bab5df6c0fc3e

                        SHA1

                        b67993105c23899eed97c40afb8bc58c5194809b

                        SHA256

                        1ae624e50a6912120f0cf236cd6a1583d40ade85dcc5016798def6be4210c896

                        SHA512

                        f0bfaada33c704d00dfc3bb689d64efcea786433cc60582805ff29ec8d29848e4e9a53bc2a068e129ce144ab00da60884a93f09e2f00f74c415599b1a163ddfa

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\pending_pings\580a4ee8-92f1-4b5c-95fc-28df94d93acd
                        Filesize

                        12KB

                        MD5

                        e1de171beb600f11330f96d6a078311a

                        SHA1

                        7d9ee16dd36737688d821eceb4433f79547f9cf2

                        SHA256

                        bd990107d8df3d4b66d00a8b8f220220f6adca98b3d60ae97ea3c2258de39aa3

                        SHA512

                        2e410708037f142d261f8239394b18af95c32bfe3678aa67f9f4e634875cb92e4df14d35a53b834f9f52ce1c3dbd1fdc9d1f6c2328750c944ae7d1a390bb97b2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\pending_pings\66a78c52-404b-460c-b92e-8095cbe3a4d5
                        Filesize

                        746B

                        MD5

                        749d9d9e37ac6620f99b3a977b97195a

                        SHA1

                        32e05ece374db593871d656837baeb965b89460f

                        SHA256

                        283f2e47a774fed38db98be3e550ce4b4c499810bcc20c84d277133b594bd7b9

                        SHA512

                        a047aeda3bfbd7a4b94e7859420318664087ebbd56ea9065643d9dab36e13775f4f182a59357ee6dd7319944ffbd3649e213c6b012aa327ece2d3700985414ab

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        c7b13ff8e13448601cba09e47561a52a

                        SHA1

                        05a4bb645c1701ae12ab10b378f0faebe2aa2f55

                        SHA256

                        5473a654f3fdd642461e2028edec1d51502067f84f3cb28b4598a92a254978e7

                        SHA512

                        7e0eff1ccc2f75f29fe81c18c19d27d08d5dd07baec0731cb3e347f9199b7ac981cf91861749fbc505aadd56ab6e698381cbc4877a8f1f8d6fd771c449dbfe32

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        12c8a4b21c7d2639ca302d6459fc5266

                        SHA1

                        5efdef96d339c64809d55c7e2d2ec98fc31cc13a

                        SHA256

                        a7dc4f87ac60bac5690ab1ce2c33973ccb64e7620476bd0c9b1900ad2b1a044d

                        SHA512

                        0b26145dfebb2e83652555b22ac29dd5e69fbab6ecb1efaf79f54feaf850f181d89b42a257119ae9f38a818d82407a587bbfa28931fcd9557097469c3306dbef

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        2KB

                        MD5

                        dd590e77f46508c2d31a374f437774bd

                        SHA1

                        e8cdeec5c1fb48873f95b4574039c0ff4ab6f837

                        SHA256

                        db96912ec1506dfe9773e231e36e6a1b69a0e572e5a7e766f6006c5d92c61e54

                        SHA512

                        89dd0f9512fdacec77f098e2ac2b7a602e05fa5b0913a8c4bd0b531561be7a3f83731e6db53da8fe567691304d3a304c826c7ea6b13cbc3143743d0425faa42f

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        184KB

                        MD5

                        a7cc56c9946c88c8b79998a7397dbfa5

                        SHA1

                        601ea8cf03075d57f9bedfc48acaaf69a79ef19f

                        SHA256

                        d1fbd5086a2d3b0a781e200989bad74a9e5dd909acbf8b7f4a54817fdbddea7b

                        SHA512

                        787902d3ad383e851ed272cea83394a9f5c2b63af8b1265564eea13e6f6554d31ba37196a2c65d5bdce19b1a672cd2f5525d8b003e71eed98d9d8d9ecfdd8c44

                        Download Submit