Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

http://krsbhaxbki6jr...

windows10-1703-x64

1

Analysis

  • max time kernel
    31s
  • max time network
    35s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16/04/2024, 17:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://krsbhaxbki6jr4zvwblvkaqzjkircj7cxf46qt3na5o5sj2hpikbupqd.onion/leak/633a9fcc

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://krsbhaxbki6jr4zvwblvkaqzjkircj7cxf46qt3na5o5sj2hpikbupqd.onion/leak/633a9fcc"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://krsbhaxbki6jr4zvwblvkaqzjkircj7cxf46qt3na5o5sj2hpikbupqd.onion/leak/633a9fcc
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2168
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.0.714593422\1971835151" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1696 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db1768cf-0451-48cd-9c57-8df161955125} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 1784 239150d9e58 gpu
        3⤵
          PID:2244
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.1.1194410621\246239865" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e0577c0-96fe-4ff0-b7c2-2b28076f462c} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 2140 23914ff9b58 socket
          3⤵
            PID:4212
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.2.1007756738\1558528448" -childID 1 -isForBrowser -prefsHandle 2760 -prefMapHandle 2992 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72e721ec-9921-45d5-adac-85bcec5687d6} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 3060 239192d6e58 tab
            3⤵
              PID:3048
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.3.1337319888\1164647970" -childID 2 -isForBrowser -prefsHandle 3488 -prefMapHandle 3484 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {981745cc-7b16-4be0-9f45-871c3ab4b2bf} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 3496 23902d62558 tab
              3⤵
                PID:1916
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.4.754996847\2147117300" -childID 3 -isForBrowser -prefsHandle 4424 -prefMapHandle 4436 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac0d6e41-367a-4c64-92ad-efbd65f1c8d9} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 4452 239192d8958 tab
                3⤵
                  PID:3956
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.5.214633461\815781163" -childID 4 -isForBrowser -prefsHandle 4612 -prefMapHandle 4480 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b6b1a02-51f0-4879-9610-89a5ca3c79e7} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 4600 2391b5f9e58 tab
                  3⤵
                    PID:2760
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.6.1757148774\1245628256" -childID 5 -isForBrowser -prefsHandle 4788 -prefMapHandle 4792 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d2f08b6-c36a-4af1-bd3d-359deee613a3} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 4780 2391b5fa158 tab
                    3⤵
                      PID:4028

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  46d76c81fef4b13477b666dd409ad493

                  SHA1

                  cf60952b988fcdbe2749742a3b8c77f4ae4bb877

                  SHA256

                  faaec1f369493804d928aacb1888b0fb2f43fb5e8ffd3a52bfb5fd31c83f011e

                  SHA512

                  4d41ebe56a764198b9a75bc45f8a7d76911984155c67f3bdacedab2640683aa974493ce0aefc53837d222633a357cdf097e6ce08290491cb6d188152cb3999b0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\datareporting\glean\pending_pings\7b9c01ed-637a-469d-accc-04174e92753e
                  Filesize

                  746B

                  MD5

                  13855e4c587adfd2128c3e9007b3fe9b

                  SHA1

                  67742693777bfca0956ab9268d7a7bcdc921f8ac

                  SHA256

                  6e3b7a8112f8fa6506c7a66c89390181fb57171e20c5854f6a9dbd82fc9a707d

                  SHA512

                  293e46ad8c1b2820113acb282454bab63f1b366f285df5ae1b216cd10e4f9f03b4eb8b9182808a2991098d6b49ca873b5accd7dbb65bba5be954157a7d47396e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\datareporting\glean\pending_pings\958acf18-4ba8-4d23-96f6-82745a2426e4
                  Filesize

                  10KB

                  MD5

                  6302bac39822a4376abd9291f6b5fde6

                  SHA1

                  02523ae437c3a4d5ff0d02c8ee7d4b76ab3da4c6

                  SHA256

                  665bfd9ea8a89b708626a190fb253b8024d790aa4ce0814fa75a806ef0058a66

                  SHA512

                  b79d23a6bde0f6d7f35ee748b9ef5cc743bddd10193c9db1d87ae60dce85f9c7657536401887cba990f0830ed9100192595fef0b26087ea01b93d75c15c0adb6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  67c736803349f81be6c3c50c92a10efa

                  SHA1

                  7b94671273cec1a8f1da37af60e05abe5614d015

                  SHA256

                  e6badcdeffe72ec5b33babb8ded0e41ff686372e59f04b1d8ee0c72cdcc791bd

                  SHA512

                  c59d19503ccb65cb453d53e5b0021f918a50d06f49841650c12af87b691141f8d88c24e6cc2e7a7f2f7f1404810d817902b504aae9dadda67e18a26f9cf55433

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  0214195caa62d02271fb0f9cc06a349c

                  SHA1

                  47263fbbee206bb281204aaa71cd0f74a6998931

                  SHA256

                  daa04a8457ec4bfb231ee98d33d7d622bd5d591ce84d837e8fcfe540d1ac7052

                  SHA512

                  8dbfa190adf4f3fc755be219d3995a8076f286aa6618cdb9ddc020f7664874bdb2dfb2053a67e54321927503d061d4d007c85bcf5e905e0fc64659861a6137b7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  994B

                  MD5

                  e1f655684cb645a2a378e130ca34ed48

                  SHA1

                  be376becb9065a3e971bf48cf792c9be0393b54e

                  SHA256

                  8556d58d4ad62d7ce022ac6ad4d05ac7f8561ad0823a8ab01c3e7518e1214e97

                  SHA512

                  9bc4ac1ec01d689adb1524e3d86ecc0d75e39ae6fcfa342d6b9c800ab1fc0cadd062172623b714e73fb392182c8b87e6bc6c334707785284f49128b5ae801530

                  Download Submit