Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

http://hflawreport.n...

windows10-2004-x64

1

http://hflawreport.n...

windows11-21h2-x64

1

Analysis

  • max time kernel
    139s
  • max time network
    148s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01/05/2024, 14:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://hflawreport.net.cn

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://hflawreport.net.cn"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://hflawreport.net.cn
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4700
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1908 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2780dc7-7465-44a0-a942-29b807adf59f} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" gpu
        3⤵
          PID:2316
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c89325d5-e17a-4a12-bcfe-3fdb68c7fcbd} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" socket
          3⤵
            PID:3124
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3008 -childID 1 -isForBrowser -prefsHandle 2904 -prefMapHandle 2972 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 928 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88ffb45b-9041-4ec0-9e2a-e2a77f9657c6} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" tab
            3⤵
              PID:1580
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3344 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 2964 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 928 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f989ccb4-ab8e-4932-bc00-f0ce7da624ff} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" tab
              3⤵
                PID:4400
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4320 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4196 -prefMapHandle 4308 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a373233-8225-424b-9f88-41762eab75cd} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" utility
                3⤵
                • Checks processor information in registry
                PID:2196
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5208 -childID 3 -isForBrowser -prefsHandle 5212 -prefMapHandle 5216 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 928 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3789adac-13ec-463e-ad68-f24f073206e4} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" tab
                3⤵
                  PID:2008
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 4 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 928 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d54ddf58-89c2-4429-95ca-570725e992fc} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" tab
                  3⤵
                    PID:1528
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 5 -isForBrowser -prefsHandle 5656 -prefMapHandle 5652 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 928 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41e47256-e3fa-4550-bd12-74618a906374} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" tab
                    3⤵
                      PID:3244

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qfgaykt1.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  18KB

                  MD5

                  0448dfe34798d3266a3b493c15923205

                  SHA1

                  b29d82911d3a68dde97506b819461ee45e4918fe

                  SHA256

                  2191a61245de69a27d33bb64eb24daa8d55865dbd0ee1898a5825116913c1e62

                  SHA512

                  45eb64d220869d72320d729a9a3473f126a814618abae4a2b0282daba5d90a5060b76444ea6bc8b39cdfe996213644f1f4facfc411cfb9af6bbc80f871e4c903

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  b837dfa4857c7ad9beec5fc8054e3f4f

                  SHA1

                  84db02f942ccef1de89b749820e6714c11b7f746

                  SHA256

                  cf5ddf1fb30d90741e0331aa70bcf9d82943ec9f3729e69c2f0fa54e92e3170c

                  SHA512

                  a7609e2e3199723b4262f0a9f9d7cb05106d0b2df6ce5707476290377c46f7bddc3a6ebdf925585fe96331802e0144d7afe0ca40ca1e3d7fd0af5edb8cddf1cc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  b67605d9242d4fc1a7dc4b9362b8b052

                  SHA1

                  59e6dede5c8b023a7ee68968301c323ae30b576f

                  SHA256

                  0b3af464ea2b876afe4c5b55a2d3df27dda3b0b5703acce3760b86537f85ba3a

                  SHA512

                  80ca2bcf02fc0fe80565d20a8cfe29a2c62807a71cdc4851159bd8f14952649b5f2e95ea58b7bbd4a813875847cea34333d6ec6d36c7526d437cdd37c7972594

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  11KB

                  MD5

                  9c407b2dd8ab13fe9a4585c9a5db167f

                  SHA1

                  1ffe6b2dc94a52fe801ca42c6ac6582108bb3937

                  SHA256

                  c7b2e9e7686b3a4e3b4508e0f9da34aa2df6631143c7903951a5a4705c89af5c

                  SHA512

                  43f3569ab52ff74ff4786ecc3ea44d114ca900726c6a299f3f5b5622060d2a8ba2d5527e4ec8a17229d481cd11b1aa55a6030f5234076500da11ede89bd15ae9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\0d7e5e88-31de-4d68-8aa7-2c8fad120c98
                  Filesize

                  23KB

                  MD5

                  96dbaa0985aac73660d6a7fff4295d40

                  SHA1

                  d6ce52ae44a747d6c7a6a4d6cbabdba59f487142

                  SHA256

                  c62314a74334c62377f59eae4eec6ce1dbe8df3ef61afbe48cc4c1d568a989a0

                  SHA512

                  8450905283098f6be82d476520b5b6b266956e6a62c3fd949546b10ae05f1409f28e8ce98c70e5805eda0406327e276c075bfdd737a5990fd18e0184fc98d53f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\8c516228-0ce4-4e86-95a2-da6d50fe2962
                  Filesize

                  982B

                  MD5

                  adb0522e2f592eb0411576c7842549e5

                  SHA1

                  4eb05419acb7b264219436377c4c8ab064e8f206

                  SHA256

                  d22446a5e4624635b20ab25db933b7620c40ee5318916f16a35a1cf6304714a7

                  SHA512

                  967c2a72b33d073891d21602d0aa32970047c78100cc2bd78914d5d6a18d4f53d5c2faee7aa589dd30ad121907a24012748436e2144a6c106849ee692c5aac79

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\datareporting\glean\pending_pings\9e080667-fc2b-418b-9f38-320213bf2277
                  Filesize

                  671B

                  MD5

                  19ae8095d3ab561378d311511e712e41

                  SHA1

                  2469a88653c631a334bdd9a6f7d6a890b781f594

                  SHA256

                  1135b0beccdcbf139b04d37347efc2420a2ff86a8f9c277d8c6e38f99c8ebba7

                  SHA512

                  99be34d13e5b35a7d0583ba38104c72f44dc521d3ef190125c7ad3f1c95bd8b2029e3061ed53b8e9115deab51d3aa2b0b8224b81523adec30c4c9ebcd2573828

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\prefs-1.js
                  Filesize

                  9KB

                  MD5

                  31b3a645d45ab8ec30dd144cc9d10f43

                  SHA1

                  e9954fda6f2c14a369f0655af49bf1aad10465d9

                  SHA256

                  0a2fa41cee73c0ce3bff8af37478622e144b67d198830f0da4f4c48d7d457151

                  SHA512

                  9ab5deb62b0327eef098099f458fdde34c0e3abc7e0ab2a04f344c5f84d004a222a11132402a83b40f7f25334c9d220c0d8c0a75aa60bf0d7516d483847e4396

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qfgaykt1.default-release\sessionstore-backups\recovery.baklz4
                  Filesize

                  1KB

                  MD5

                  9dfb3288f871e532f90061307ca5fa5c

                  SHA1

                  297855b62b26cea7b96ca2db8bb398b583c5c728

                  SHA256

                  94ace4a27eef82db02887ddb1ed6ef6a348f477f66e5e903e89755648bb86869

                  SHA512

                  319cd83ee7ca31046782aa25d92b39923259cbd3e0dc7722edc20bc6b131ac5fd5e0242849c41c701751bb94e878f6ef2c5e696da06bdaa8c8514a550d65c288

                  Download Submit