Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://www.spy-sheri...

windows7-x64

1

Resubmissions

25/04/2024, 04:00

240425-ek4n4afa9t 1

25/04/2024, 03:53

240425-ef52csfa31 1

25/04/2024, 03:53

240425-efv66afa3x 1

Analysis

  • max time kernel
    6s
  • max time network
    8s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    25/04/2024, 03:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.spy-sheriff.com/license.php?s=3300537927&a=0&sa=0&ln=0&vrt=3

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://www.spy-sheriff.com/license.php?s=3300537927&a=0&sa=0&ln=0&vrt=3"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://www.spy-sheriff.com/license.php?s=3300537927&a=0&sa=0&ln=0&vrt=3
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2216.0.1063872356\1357841693" -parentBuildID 20221007134813 -prefsHandle 1196 -prefMapHandle 1172 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c214829-b0a6-46de-a1f5-7cc00c266b54} 2216 "\\.\pipe\gecko-crash-server-pipe.2216" 1332 14004b58 gpu
        3⤵
          PID:2756
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2216.1.31492529\407004170" -parentBuildID 20221007134813 -prefsHandle 1500 -prefMapHandle 1496 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be8a7829-02ad-4e05-b748-87e2699a2527} 2216 "\\.\pipe\gecko-crash-server-pipe.2216" 1512 43fcc58 socket
          3⤵
            PID:2668
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2216.2.887414130\2054630316" -childID 1 -isForBrowser -prefsHandle 2060 -prefMapHandle 2076 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bac30629-b949-4df2-9013-d17006cbb076} 2216 "\\.\pipe\gecko-crash-server-pipe.2216" 2052 19cab858 tab
            3⤵
              PID:2968
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2216.3.677429230\211507073" -childID 2 -isForBrowser -prefsHandle 2796 -prefMapHandle 2792 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb3258ab-f5ef-4848-a038-0600ffc37f02} 2216 "\\.\pipe\gecko-crash-server-pipe.2216" 2808 e62c58 tab
              3⤵
                PID:2776
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2216.4.906935416\443593334" -childID 3 -isForBrowser -prefsHandle 3732 -prefMapHandle 564 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36dcadde-03ce-4ca6-967b-87a310b9b710} 2216 "\\.\pipe\gecko-crash-server-pipe.2216" 3744 20d51158 tab
                3⤵
                  PID:1888
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2216.5.1911552296\759774952" -childID 4 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f303513c-4cd7-4606-a736-b1d598395c7f} 2216 "\\.\pipe\gecko-crash-server-pipe.2216" 3836 20d51a58 tab
                  3⤵
                    PID:1040
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2216.6.1730978041\2143423117" -childID 5 -isForBrowser -prefsHandle 4016 -prefMapHandle 4020 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fce29fd-1c11-4d36-8d62-9166f6958d79} 2216 "\\.\pipe\gecko-crash-server-pipe.2216" 3928 20d53558 tab
                    3⤵
                      PID:1960

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  9KB

                  MD5

                  9888ee92843dab36cea691618a4d47e4

                  SHA1

                  dbc31f8393828e10a2f7b85f456d414beed7597f

                  SHA256

                  0f0e463ad87bc4831a415da6d3dc52c78ef6d4e4492df66d016088890eb37b4b

                  SHA512

                  37cde58ab26217e313fddaf07130268630c61a02b38942530e46bab72ed79a7bd1f42acfa14fbd6dc3a1edda35bd5a726a573951af2270e103d58648e70eac98

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\91f01a1f-12c9-47bc-838a-6282cdefe419
                  Filesize

                  733B

                  MD5

                  eb624806ae5916057cd34fcf64617d12

                  SHA1

                  be341d395103a221620757ec112d2b41f90f5673

                  SHA256

                  c734c601d97fa4da0712239439fe16a70d054a25e427ba9dac52a8e04bb7cda1

                  SHA512

                  9b46e4307ac27e965b1f5fa95d816b9ae29a6bb97692e45da78fb051d7b306ad2be3af15f8b906652230d8d7daa8137bb47b5299b44a357147453976c037fbc0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  d950025355e38f205533d2b98522b41e

                  SHA1

                  97dd6d03edaba4322a86ba5e7eb5228c18b2029d

                  SHA256

                  a15cdf2fa5315c10eaf35daf9665479685d71ce8e3ef37e466fd98cabf81e863

                  SHA512

                  bbc0d5d7d31431538d8ffd4222c3a792d13f38d1ecc22f473d68e59d5fc8b342157a324412e09ae09cfc6a6dbfe711efe844e7dcc49fdb097797d032da705530

                  Download Submit