Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://tastecoffeeo...

windows10-2004-x64

1

https://tastecoffeeo...

windows11-21h2-x64

1

Analysis

  • max time kernel
    60s
  • max time network
    54s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/05/2024, 08:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://tastecoffeeonline.exvn.com/page.cfm?article=0x7213fdaf2be4199b9ec2c36dce51b7b2.0.191338

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://tastecoffeeonline.exvn.com/page.cfm?article=0x7213fdaf2be4199b9ec2c36dce51b7b2.0.191338"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3960
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://tastecoffeeonline.exvn.com/page.cfm?article=0x7213fdaf2be4199b9ec2c36dce51b7b2.0.191338
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4104
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4104.0.1570940297\577065522" -parentBuildID 20230214051806 -prefsHandle 1812 -prefMapHandle 1804 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff7515c2-f5f6-42ab-ac57-a2dc54ed5368} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" 1892 27be910dd58 gpu
        3⤵
          PID:3096
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4104.1.1511060924\212365428" -parentBuildID 20230214051806 -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14f606f0-ccd1-4805-b602-913458609226} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" 2488 27bdc388658 socket
          3⤵
            PID:1392
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4104.2.266461187\213051261" -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 2972 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 944 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee98a92a-cfc6-4794-83ae-1c2c90d3da37} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" 2988 27bec22c858 tab
            3⤵
              PID:2836
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4104.3.719637903\578865618" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 944 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc7ffd6e-c93b-4478-a371-9c69acf674ff} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" 3652 27bedcc2c58 tab
              3⤵
                PID:4120
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4104.4.637343532\176835162" -childID 3 -isForBrowser -prefsHandle 5168 -prefMapHandle 5164 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 944 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32240244-c9cc-4baa-9e1a-27942c48e3b5} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" 5132 27befc13b58 tab
                3⤵
                  PID:2084
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4104.5.2134218097\1702255341" -childID 4 -isForBrowser -prefsHandle 5320 -prefMapHandle 5328 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 944 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {364cc07f-1651-48f6-b42a-ecc2eda5d26e} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" 5312 27befc10e58 tab
                  3⤵
                    PID:4904
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4104.6.690181858\432027702" -childID 5 -isForBrowser -prefsHandle 5592 -prefMapHandle 5588 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 944 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ebcfc82-5b86-4050-a960-cb392ea7bcf5} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" 5604 27befc12658 tab
                    3⤵
                      PID:4984
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4104.7.1009025768\1017516564" -childID 6 -isForBrowser -prefsHandle 4816 -prefMapHandle 5012 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 944 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbd8ba4f-95a7-4a02-8769-2687cac73cb7} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" 3068 27bf0159358 tab
                      3⤵
                        PID:4304
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4104.8.1170660425\2124173088" -childID 7 -isForBrowser -prefsHandle 6044 -prefMapHandle 6040 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 944 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe1d686a-2651-46fa-a12d-8be4f18c2a90} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" 6052 27bf06fa358 tab
                        3⤵
                          PID:2712

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      23KB

                      MD5

                      e4ebaded7c8f24ea80ccce07c58b769f

                      SHA1

                      58b395ac4b063be4e97c707f33861843942e247b

                      SHA256

                      b1c4459746a5e286a3050d834654185907092732cf97ffad3811954632144c13

                      SHA512

                      c6de0c63876c5a7d1638936fa94e50cb361691c1b17c79e1774b456554f5e63469d05426337339486121fc606e7e50468c5bb39c7406c55603baba62da7c23e4

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      23KB

                      MD5

                      1a29a8d139b3347701800364ab1f72f1

                      SHA1

                      f5e0f5dca653a991a1c8465d12f0a0b8eb1b3dad

                      SHA256

                      3c91ac71afea5b2e556d36336575912d81b21c58de37784e51178063f2ed87ea

                      SHA512

                      650aa648ebfa564354e632a363571883b1eef541da389d5faddef6cdd6ed8847ab94280a9f4b722e4e4f057e44b4249b66bb4b6d35fbf99f0afa4e8b7f27d1ad

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA
                      Filesize

                      13KB

                      MD5

                      f05130b4bad2eadfdd516cdb4fe12abf

                      SHA1

                      d09aeb75585962eeca48a63a0873fbda2948cf54

                      SHA256

                      10b2d0fcbb9f82a2c80e10e527e5b6a1a906a0331fb4c7aa3c3f995c1a68a5d5

                      SHA512

                      f18a551f2042a13cf127b8bbb1a878cd2f58d3e340961a0e38e3f1116159cc9a3df20748533706407511ef2ec29e00caafc4f982af2abfdae11e8d449437dc1b

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                      Filesize

                      442KB

                      MD5

                      85430baed3398695717b0263807cf97c

                      SHA1

                      fffbee923cea216f50fce5d54219a188a5100f41

                      SHA256

                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                      SHA512

                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                      Filesize

                      8.0MB

                      MD5

                      a01c5ecd6108350ae23d2cddf0e77c17

                      SHA1

                      c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                      SHA256

                      345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                      SHA512

                      b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                      Filesize

                      997KB

                      MD5

                      fe3355639648c417e8307c6d051e3e37

                      SHA1

                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                      SHA256

                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                      SHA512

                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                      Filesize

                      116B

                      MD5

                      3d33cdc0b3d281e67dd52e14435dd04f

                      SHA1

                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                      SHA256

                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                      SHA512

                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                      Filesize

                      479B

                      MD5

                      49ddb419d96dceb9069018535fb2e2fc

                      SHA1

                      62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                      SHA256

                      2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                      SHA512

                      48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                      Filesize

                      372B

                      MD5

                      8be33af717bb1b67fbd61c3f4b807e9e

                      SHA1

                      7cf17656d174d951957ff36810e874a134dd49e0

                      SHA256

                      e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                      SHA512

                      6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                      Filesize

                      11.8MB

                      MD5

                      33bf7b0439480effb9fb212efce87b13

                      SHA1

                      cee50f2745edc6dc291887b6075ca64d716f495a

                      SHA256

                      8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                      SHA512

                      d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                      Filesize

                      1KB

                      MD5

                      688bed3676d2104e7f17ae1cd2c59404

                      SHA1

                      952b2cdf783ac72fcb98338723e9afd38d47ad8e

                      SHA256

                      33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                      SHA512

                      7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                      Filesize

                      1KB

                      MD5

                      937326fead5fd401f6cca9118bd9ade9

                      SHA1

                      4526a57d4ae14ed29b37632c72aef3c408189d91

                      SHA256

                      68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                      SHA512

                      b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
                      Filesize

                      10KB

                      MD5

                      9de5ee836e898b98ec7ec0cecdd88837

                      SHA1

                      5f2f5eab690ce9a6faa8a91828c6878144c98508

                      SHA256

                      fb987cbb90c052c90c867e2bcce3df767d2e8ce53ec60652d16dbf98ef53c9fc

                      SHA512

                      a8e8b793a30d6be98a46aaae315c14cd4e8d8948b05b34074d5bfa360383ec9d43f65ac3eedac6147ff6dd2ded1e3fc2ade011e30c1daf943683ba813c5f6075

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
                      Filesize

                      8KB

                      MD5

                      23d878283959fb9ca38c22e355aca27a

                      SHA1

                      d93b417af5d5cb1b0f030ddd857dc1e9deabbea0

                      SHA256

                      297891e2c4a1b7a0b39f85f6fe7818a559052e17e7b68ad0855812fcd37c7f78

                      SHA512

                      afa4f3b9a0d958e2729410810c71e27125f6c537a39fa78faf91eb8f2a1a53d9e57ffb70a6c62b9a6bbb94e11d18a7e7bd34fb5a677b3dc65f4854a65e40f3ab

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      c81a47e12c5bc720b629fd2f4f794413

                      SHA1

                      f2cc26e24c1936e85b98c8b123a851809318be3f

                      SHA256

                      fbd9967742567f453adcd9117584b0fb98a9d1f3ee55e8adc7f25f40dff2c548

                      SHA512

                      ef30bd1b943d531682a38a7ef3dcbf7e630a08120f21342b84d2a91732f7c8ec095f569b98e33e5afb1ae0d16d2a61c85b3dd2ecd042252a4d7e37e2db1fcf36

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      44ccbe9ffa55d0d99e915570cca36bf4

                      SHA1

                      dd3a39cf2089fc1a6689ef27e94017cbed904733

                      SHA256

                      995433d7ff8cf06c4591b1e45dc03f09ebe93fe7f80fc6e796f1dcd6775389c4

                      SHA512

                      ae165c1515cf7cd40abb0267c6550868afef62a65d0ddcfa5c9a5c2759e7d51306dd3892b0f941be29320cedddb42243eab1619d56496f2dee815987625caa23

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      7ae2286d02effc449f6770c34b14d320

                      SHA1

                      10e05bef2c56ca959efe55d69a07d02d9dd7b17b

                      SHA256

                      55317ac25d498d97fc20bca249d5a4103d39a77df1a6971407e3c0a23ea8a147

                      SHA512

                      c8f143dbb6c536a535856e36d4d70fd209ca336943d53f7467636fb9a22176e5f68526fd2077b0bfa56d9759b9ea3e311158d0625f730c7c18ca741e8bf3f93f

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      2KB

                      MD5

                      c593854842772d4681de7df475e4f11f

                      SHA1

                      3a0b7b2ed5533d53570ce2d0b801b2ce63ee1e05

                      SHA256

                      38b5b048a38ffd2c4735d9d738176231f74ec509b1fbabc35bc672b2bbbfaf9b

                      SHA512

                      13503588b97401f9b293002a64a55113654b194fbfa119cc15f087958693e1fff8f5c2ddcb02c224de1459055a0499beb25143f4b3adb2914cc511ff3c65a58b

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      2KB

                      MD5

                      7b8de0dea469294da0669ddeed9ef1bc

                      SHA1

                      16ca494f89275bd20ba1cfd1daf1732706f02867

                      SHA256

                      e6197f5f21d6031f721f829f56290b975a745b922f62e3849c279f80eae3ad3a

                      SHA512

                      c1b58adb8943089fb634dcb839da95cc8a8b685b8a6d248b8b94d4b9955877808a949fe88b9f24514898f40d0bc785cfa96cccca78316aa8b4145dc34000abbf

                      Download Submit