Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows7-x64

1

https://cdn.discorda...

macos-10.15-amd64

1

Analysis

  • max time kernel
    29s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    24/04/2024, 18:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1094288706610942053/1232760991453024339/image.png?ex=662aa1a3&is=66295023&hm=0ee6929327b51e59d31de286c162d5eba1e0481316a439e9b76fddad4fcfbcc7&

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://cdn.discordapp.com/attachments/1094288706610942053/1232760991453024339/image.png?ex=662aa1a3&is=66295023&hm=0ee6929327b51e59d31de286c162d5eba1e0481316a439e9b76fddad4fcfbcc7&"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://cdn.discordapp.com/attachments/1094288706610942053/1232760991453024339/image.png?ex=662aa1a3&is=66295023&hm=0ee6929327b51e59d31de286c162d5eba1e0481316a439e9b76fddad4fcfbcc7&
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1840
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.0.1132166788\1992839941" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28d01f75-9ea8-48bb-8763-ece6f1940bae} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 1280 107dd158 gpu
        3⤵
          PID:2360
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.1.1113671165\522051830" -parentBuildID 20221007134813 -prefsHandle 1472 -prefMapHandle 1468 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29d46fea-32a7-498f-a3c0-dc97e99e0460} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 1500 40fb258 socket
          3⤵
            PID:2856
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.2.928196763\1734312716" -childID 1 -isForBrowser -prefsHandle 2088 -prefMapHandle 2084 -prefsLen 21713 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89c1d60c-a230-4c9e-93e6-07b6c91e0e76} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 2100 1a1b3558 tab
            3⤵
              PID:856
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.3.64394944\28344947" -childID 2 -isForBrowser -prefsHandle 2844 -prefMapHandle 2840 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a612d31e-784e-4618-8e2d-9acd1ff83266} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 2856 d63658 tab
              3⤵
                PID:2184
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.4.578193365\1365567106" -childID 3 -isForBrowser -prefsHandle 3596 -prefMapHandle 3592 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fcd7aa3-f5d5-47bf-b873-29219cb218bc} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 3608 1e75c958 tab
                3⤵
                  PID:1304
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.5.816867200\1881622723" -childID 4 -isForBrowser -prefsHandle 3716 -prefMapHandle 3720 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3560d28d-6f57-49b4-98d1-ae12f2fd0994} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 3704 1e75de58 tab
                  3⤵
                    PID:1256
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.6.570141208\1567635437" -childID 5 -isForBrowser -prefsHandle 3764 -prefMapHandle 3768 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cf1f06c-a0f3-4059-bd13-a41b05150c56} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 3752 1e883858 tab
                    3⤵
                      PID:2844

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  72f735d0e6c697495ef3994646c6b85f

                  SHA1

                  6b0676bba58e60d5de6096c2b4893e34d1e58db2

                  SHA256

                  c4697cf1550bccae936f40f71ae29b61d7297469d0186cda494f173f2a1f184d

                  SHA512

                  218fc2912c4a2d091168bacea64134c4cd4c3f2f659230c2eee7b1cedc400a567c011a429a5a85d042f0009b0fcd5f8f2ab58115edea334a4c9f1e70ab8b5ec1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\2dc77b0d-ec4b-4a03-b79a-0cad0f390a01
                  Filesize

                  11KB

                  MD5

                  16610f17721da7742021d165d3b893ab

                  SHA1

                  740d625daf09076584f6c546217fcfdc68376fde

                  SHA256

                  8a95b2513eb17c5824e867d0f75c53afed6e836dffab13811286d9afa5729cc2

                  SHA512

                  550cd223fcb3cc4b28d33f6dac6d8bb7d578ad1e739cd74dea28b5ab500ff2ec24e9dcd0c78a4feb57cf6bec15885158eaef15aedf351ce9ffa083fdaddcc936

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\eb63a838-c738-4ea7-a7d6-496553a8ec04
                  Filesize

                  745B

                  MD5

                  4097f7ce65cefdc1404d5673dc37e781

                  SHA1

                  cdcd63fa0c2198d4df5559ed57c0d1a58cb0ba76

                  SHA256

                  bbb2b47ad188f471cf14026e4bc0d610329d82e220386a8dc44d00eb7e334b2c

                  SHA512

                  241f4d7f7e8f03c14a4bdc4bf3ec8b62a4aba4b4dc726e0ae43636ebdc8bc07989e9d4286da3702d9589d3571c5974ebe72574487274d94e9d563663f1ed8e13

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  4f7a9544f1734ad5f1dff23d407bad1b

                  SHA1

                  fda0c48380e0e8673f5b3cce33247aeaa959a34e

                  SHA256

                  f358f8b2098428934f304174c9c645beac64b94fc16464ceb927a496af410867

                  SHA512

                  7cb5a3f913bc1b9d9852b9ebdb48fdf1d301b82449ec74c22279a3036442bc99555643d49529c5658737fed1b1f7d6c5690886dbb4cebc1bd500448fe1ee04c1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  f4ef5dfadf20d65ee5f6ec55b531d855

                  SHA1

                  34b59e656a9d22a6daadfa12e403fcfac6c8d103

                  SHA256

                  b289a924c4986d9e974e3ff7d04afc3487764eb71d70f478ba60e31deaac0f95

                  SHA512

                  4e0e4e7088f4d9423bb37f5d7f34d7848aa980956cc7bdac4de4c6d47f844963804e911fa0cf543d1bb1f11c7186ecd1ca67a2a36ac10d75a77a8b267b4d4088

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  d950025355e38f205533d2b98522b41e

                  SHA1

                  97dd6d03edaba4322a86ba5e7eb5228c18b2029d

                  SHA256

                  a15cdf2fa5315c10eaf35daf9665479685d71ce8e3ef37e466fd98cabf81e863

                  SHA512

                  bbc0d5d7d31431538d8ffd4222c3a792d13f38d1ecc22f473d68e59d5fc8b342157a324412e09ae09cfc6a6dbfe711efe844e7dcc49fdb097797d032da705530

                  Download Submit