Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

https://publice8.de/...

windows7-x64

1

https://publice8.de/...

windows10-1703-x64

1

https://publice8.de/...

windows10-2004-x64

1

https://publice8.de/...

windows11-21h2-x64

1

Analysis

  • max time kernel
    131s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://publice8.de/invite/i=55128

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://publice8.de/invite/i=55128"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://publice8.de/invite/i=55128
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2344
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.0.477908721\793359338" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1228 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3347faf6-4a67-4cd2-b3b1-805ed70b4688} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 1312 11cd6a58 gpu
        3⤵
          PID:2712
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.1.1932691672\272230466" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0433fc28-ad35-48db-be6a-14059b8e0bfd} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 1516 e72b58 socket
          3⤵
            PID:2524
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.2.1418942138\1827888675" -childID 1 -isForBrowser -prefsHandle 2004 -prefMapHandle 2000 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58132b30-894a-4a13-98e9-1168512dc4e5} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 1976 19db0958 tab
            3⤵
              PID:572
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.3.1827454371\1101197135" -childID 2 -isForBrowser -prefsHandle 2804 -prefMapHandle 2800 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f298ec55-f92e-4ada-be5a-99a8c499d586} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 2816 e61058 tab
              3⤵
                PID:1728
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.4.1005846225\371372212" -childID 3 -isForBrowser -prefsHandle 1112 -prefMapHandle 1120 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d422ee4-bb9b-4e5e-883e-86778a93e4df} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 3668 1deb5858 tab
                3⤵
                  PID:2328
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.5.1205469362\679611393" -childID 4 -isForBrowser -prefsHandle 3684 -prefMapHandle 3680 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3857e34b-fce5-463d-8767-76ff02d6cd39} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 3640 1deb7658 tab
                  3⤵
                    PID:2040
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2344.6.1694750063\1056154717" -childID 5 -isForBrowser -prefsHandle 3868 -prefMapHandle 3688 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb92078e-2419-401d-8e4b-ca6f1044a91c} 2344 "\\.\pipe\gecko-crash-server-pipe.2344" 3772 1deb7c58 tab
                    3⤵
                      PID:2036

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  8.0MB

                  MD5

                  a01c5ecd6108350ae23d2cddf0e77c17

                  SHA1

                  c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                  SHA256

                  345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                  SHA512

                  b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  a4c6933c82caa1667e30dfe4383bac56

                  SHA1

                  07905c48a54457bb1a7a5a2385494bf2ba0760fa

                  SHA256

                  77beae13cb35d7b32527c2b561c80593bfa39eef3cb8f593e8bd0e4617ef1bad

                  SHA512

                  f173aa195baeba998bbe91d14d0d02ec0e5a5814bad97d401d4955b6fb8d6f73287d52d7d5cd5050b435fbf41c3365537a34c7060f21f71b38c68ee80789efb4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\2c8817e8-1d9e-4fe9-8b43-247db14ad582
                  Filesize

                  12KB

                  MD5

                  63e5d7e8b10a608d237432f6d9ac96ac

                  SHA1

                  a72bad3cdb6924e9a2850d84d5fc62cd2bf3adc4

                  SHA256

                  aeb80700f4696c1dfe016c5940afee3165a5d88836df244df164d2d07e49b430

                  SHA512

                  b6cd696915d40d5e20162cf49de7a86eb3c6a154fa15e765de1ecfd224d9f23bd72e19679b84e946521a789629acc4c10b9168b589127ac8fe270f1d99586567

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\7352bd75-c120-49eb-ab80-239c9d57c646
                  Filesize

                  745B

                  MD5

                  6f813f12344d6489c9f68d6e7f91bd77

                  SHA1

                  8753f67130c87b1e0051ada0613d1642f45164d5

                  SHA256

                  5b85ee96e181f5b970c79a06da57f356fd4e34fec00cfaa2ddc11028c5530def

                  SHA512

                  35f556961e12cb0e40048b4527aa7be40e5fec0c2069732cfafdc8da493962e60ce628f7e48e640c2f2711c3d397d926bf8f508321ccc357fbe882d8e54d5e1e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                  Filesize

                  479B

                  MD5

                  49ddb419d96dceb9069018535fb2e2fc

                  SHA1

                  62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                  SHA256

                  2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                  SHA512

                  48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                  Filesize

                  372B

                  MD5

                  8be33af717bb1b67fbd61c3f4b807e9e

                  SHA1

                  7cf17656d174d951957ff36810e874a134dd49e0

                  SHA256

                  e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                  SHA512

                  6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                  Filesize

                  11.8MB

                  MD5

                  33bf7b0439480effb9fb212efce87b13

                  SHA1

                  cee50f2745edc6dc291887b6075ca64d716f495a

                  SHA256

                  8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                  SHA512

                  d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                  Filesize

                  1KB

                  MD5

                  688bed3676d2104e7f17ae1cd2c59404

                  SHA1

                  952b2cdf783ac72fcb98338723e9afd38d47ad8e

                  SHA256

                  33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                  SHA512

                  7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                  Filesize

                  1KB

                  MD5

                  937326fead5fd401f6cca9118bd9ade9

                  SHA1

                  4526a57d4ae14ed29b37632c72aef3c408189d91

                  SHA256

                  68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                  SHA512

                  b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  27dfdac3e914cf89425085e3d9e975fd

                  SHA1

                  34e498f4558aa6b0fda5eba6ea28e5ab3f4d91da

                  SHA256

                  c787054c094c80c51475a0484c33d8ae3dae47c8537007e275414b23134c4610

                  SHA512

                  807c20bc82e2b47fef0187e87d6d1b08ef497496b35786d9a1011c2ae234331c97aa72387ca1c1857cf17ef2636d2d8e45be879310c13c45a600b2daa9a07fde

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  59df30a9876ca78b12fd283069324f17

                  SHA1

                  79d514bf49a0b827ccb50d20651dd6054025e070

                  SHA256

                  3e66cd5ade001241438416fe4b51e4ca449d82b498ab17be751060801b15fa36

                  SHA512

                  6f11eaae40263938ef2c8f474c36b125fc7da9cd172d009fc3b12da75bd5727f1a868b07d69f9260fd7a2165fb734bd271b1123d4ab7997ea52e2994901a920f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  87f8de85f2fda614c6ca4eb20326436e

                  SHA1

                  fdd2793543ea861e1cde796d2cec6970945ce574

                  SHA256

                  f99d2df1805fd894f47b40f3d00155dbace372e89f1deb8192b3281973b5bafa

                  SHA512

                  47c38a48225b6a095e9e03e7847933b12e52dda52abb745fb169e6b72d21b75f162ab8cb1c1439f82cbada18bbd7db7c3a18ee24984bc51a9dd9daf532ea42b7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  861c0619f5c706f43f116162ad2e7157

                  SHA1

                  f71a2f7a41af232886fe388c1f4cabbb95f4ac16

                  SHA256

                  2150051cc9491abad29cec08608ca8899fd8854bb2c183875521c35a89b01376

                  SHA512

                  684c15e80c788063ed2c76bad42eb8868c27ac2cccf74d3f766dfbfa35228830ed76b68038bdf1cf4782323f1badeb152c8499ecdbea58715cf878c4a146d89a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  24dcabf20caea95649b555585514191e

                  SHA1

                  e6120d0486d6bd64a12bb3402417a1f65e97269a

                  SHA256

                  ac1da687cc32bc956b405cb5dada08df46633043594157f976e575d22102a670

                  SHA512

                  493fe7352b02af9d64a27c31456f53f91a846012a2cd00d26d39d899745e0033051f777f9e5dd56afc7af8986f199a18e80d049df2112c08429dcbd3b5af52e5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  47aeb204db1e77d8f8d37c45a2096978

                  SHA1

                  4a26a7c7e38b7f473643f46ea0ebbf0e45a17e13

                  SHA256

                  c7ed3189dd6462a85b8c5d14a0343912761aa4747df0fb3cc08dab449b0d430c

                  SHA512

                  8a66e2f35d241df935ece78cb24279a37cbbe3145a45a20187728d52b9e7c2ab846223b2ec67b1e57414182b84692997c39cd117b653fec0f69ad9787a90cd92

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  c09e14712fceb847b7dd6bc434f9bf96

                  SHA1

                  411f88cd1df0db05df389e38d50e042aa2cd1d8f

                  SHA256

                  59338c47345d89dab532828d55085e8e68b0127e7b78872554ad073676236f9b

                  SHA512

                  c3ea66366b98c6d1194c038b0e132f6c95bb39a267f20f2decdd4d1cf6d3b6efa5c72845da4bc5c82e994b582e839748d7a23dad4873232c367de84de25a0aee

                  Download Submit