Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

http://hflawreport.n...

windows10-2004-x64

1

http://hflawreport.n...

windows11-21h2-x64

1

Analysis

  • max time kernel
    126s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/05/2024, 14:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://hflawreport.net.cn

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://hflawreport.net.cn"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4672
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://hflawreport.net.cn
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5096
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1864 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d29c6e97-4012-4871-becd-70b1abffe2f2} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" gpu
        3⤵
          PID:2004
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2228 -prefMapHandle 2392 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fd16c5c-2ccf-4776-a6b1-9c12e11ba778} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" socket
          3⤵
            PID:3144
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3284 -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3040 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4ee4ee5-ba72-4f24-b97d-84a34406f7f3} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" tab
            3⤵
              PID:1544
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3664 -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3016 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b66b29b0-c2f8-43a5-b5fd-a18b1bab6c08} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" tab
              3⤵
                PID:2520
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4484 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4476 -prefMapHandle 4472 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cb55ede-497f-4640-be6e-c6f571de2ccb} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" utility
                3⤵
                • Checks processor information in registry
                PID:1980
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -childID 3 -isForBrowser -prefsHandle 5176 -prefMapHandle 5160 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcf6e021-1025-4213-b5f1-c78b03a70cb7} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" tab
                3⤵
                  PID:2544
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4684 -childID 4 -isForBrowser -prefsHandle 5336 -prefMapHandle 5344 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {add4c953-5b12-4667-b58c-90811c316092} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" tab
                  3⤵
                    PID:4984
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 5 -isForBrowser -prefsHandle 5508 -prefMapHandle 5516 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0abe2c0a-a982-42ea-85ed-d4f54721ffc9} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" tab
                    3⤵
                      PID:3792

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  5f3b76549c49e85789812d501144f780

                  SHA1

                  1b04e77f134be7594bd8d052f15a2a87a1996ccf

                  SHA256

                  adcfb513093620d1e0d05231f78ae45c04396e4f1399690517315104d8ef6e7e

                  SHA512

                  1bfe43146737e31230f5200947c0dc6f8f9a81469578ce9c22a96e4d5b760bcf45fbe0c299bf29b55ff1e5e374fb91c9c8fbd143fa1c5d2d94a0ca7ca993e022

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  21KB

                  MD5

                  7658eb826d3e28c2db392fa5ea79909c

                  SHA1

                  ba2ba49d3f2654a6c14e2bdbd635f4857e8c7291

                  SHA256

                  c8682fefcfee628c7678baf464131e17201c58fd3dc3f4f5348343aba4c51145

                  SHA512

                  65825e5e503bdc1b36664340be2b82401a64f9291e6f25f48e18bf1a90017c214452614b7f5a65218e8b98486bcea1dbd91d012bd2f9791195940893d0495246

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\59d71771-dbeb-4f1d-8dfb-4c82cf03e27f
                  Filesize

                  982B

                  MD5

                  1758baa16e29549da36567b55d13faad

                  SHA1

                  a76a89665ef8f3346e29d0e089c97a446a76b3c9

                  SHA256

                  640bcfebbcd2033e0c6edf87f5a00915960078c68a9519bec88ae06d08fc8750

                  SHA512

                  cd5185c2d312d56abc15341e011a8a468b698056ba142314dd38455f2bfe67200a12406bcc02b65f8cb37ee8685708aa6c3754c7abb98375958a84e193205534

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\5bf0f506-8aba-4c77-81bc-ed79fe3843e6
                  Filesize

                  671B

                  MD5

                  f5a769a5a359bc129745b8f78c0a954e

                  SHA1

                  83dec11ae93ae085ee09d7622a222c777453391b

                  SHA256

                  856a08c6210d15f88c1ba77ad372d722ad85cb12dda886a75eae7d67000006ed

                  SHA512

                  b291217c21e5457cecdbd008a55f086c06916ee7dca0df0c04a8edcded062477fa06d58bb3576d2f78df0f91f2cf17556403b0180aa207dd3c8a044bacf678f2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\a06cc759-e11c-4dcc-8176-527c7e54c7ae
                  Filesize

                  26KB

                  MD5

                  a18344af90b12337fcbc1a683bd108b4

                  SHA1

                  fdf67d13652ec88b1c72453dd764c4224df949b5

                  SHA256

                  6ca631d4a1fb9843f88e04907593f95d37109324ef335e8e26dd31ad01e52973

                  SHA512

                  95cd340db4aa201eeb982939520a3818038bf416c29320a784656612efbaba6ba9f5a25069a09353b98917f3eb8b37576acabceab37d5a5e59db8f595215bc83

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  fc2d82d48bc727556358913d23c3f32f

                  SHA1

                  1a0b4ac55baac69ad7933dd41f0de48d258663b8

                  SHA256

                  d2bc3d1898f4b56a716653248ea3609055f06516932e5bf27a37b24f3347bc74

                  SHA512

                  3a4e5d723093bd0b319d83c23546fc465ddccdff1d93f9a3846f7266713aaaa4da2c5bba9384de48a00cfdbe12c7a0ea8ed2e6c3e21394e16517449282468a83

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\prefs-1.js
                  Filesize

                  9KB

                  MD5

                  b818ff0109cdf73128e5dab6a1eaeb18

                  SHA1

                  5b70abf0d88287500cd76bb4b95c1181ebc0a20c

                  SHA256

                  d0f5a793b8b1d270e514837da9a54fe843da4f0351d4ef73cc4f7cb3295df70b

                  SHA512

                  3fdabf5c724972a94a716735eca7dd00cfd98025be2241600365297c46a0a17184c1be4b5682725b6ab2f0ab8a6c94ef739d302155fbe76515ff355a6df25106

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\sessionstore-backups\recovery.baklz4
                  Filesize

                  1KB

                  MD5

                  a83f14caf0fe457052088e167157708f

                  SHA1

                  f7308fde6c13a40f5579fa50e53b1d42bb18a0fd

                  SHA256

                  e5ee576c8236c0a63a6ac432cabf1000252ef7b347c75bf9a51e55399b5842e9

                  SHA512

                  ce83c0ff321a1cb3db9f6bbc110132007a9996f3cdd45414a0d2f92737354a36b18758b5a296bcc79e1ee487d57d983a2c5027d7011498476fcb19b262ad2d17

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  208KB

                  MD5

                  ef7af80c08989d40148ebf6ab6103cb2

                  SHA1

                  91919118d71307e775c7564f728385bbd05b7f57

                  SHA256

                  0e39dffd5c541eac9ec450443d9197b87e829dcefbc7221b3e29332d9cdfd097

                  SHA512

                  40016a481bd64bec489dd84e1b552907bc87843eed1f7d09ac8ff431ab02fc6bd54f1eb3c765e5eed03b0765a6987a20ed38a7b4dbe3647fad5121d4615e9d69

                  Download Submit