Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

https://personitionw...

windows7-x64

1

https://personitionw...

windows10-1703-x64

1

https://personitionw...

windows10-2004-x64

1

https://personitionw...

windows11-21h2-x64

1

Analysis

  • max time kernel
    130s
  • max time network
    156s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08/05/2024, 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://personitionw.de/invite/i=3288

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://personitionw.de/invite/i=3288"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:952
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://personitionw.de/invite/i=3288
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3508
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60780f3c-63c7-4663-a993-57a0dee81a05} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" gpu
        3⤵
          PID:4024
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2324 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05827ec9-ad81-4839-bf33-8166eac33c09} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" socket
          3⤵
            PID:2880
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 1 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f43e469f-d4d1-47bd-b68a-a3d7488b45b9} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" tab
            3⤵
              PID:4680
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3656 -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 3188 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d36155b-5f68-4704-bc68-86621401a1a1} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" tab
              3⤵
                PID:3008
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4488 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4340 -prefMapHandle 4412 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee6d6a3b-c31c-481d-aa1f-891f4a5a5bc2} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" utility
                3⤵
                • Checks processor information in registry
                PID:1716
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 3 -isForBrowser -prefsHandle 5580 -prefMapHandle 5576 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee15d193-6a1a-4ec9-be0f-3ea4b2b31476} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" tab
                3⤵
                  PID:2808
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5712 -childID 4 -isForBrowser -prefsHandle 5720 -prefMapHandle 5724 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94ab8e9a-4dc7-4d4a-aa1d-ebfcaca31c21} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" tab
                  3⤵
                    PID:4412
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5912 -childID 5 -isForBrowser -prefsHandle 5920 -prefMapHandle 5928 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b49629cc-1029-42d6-980c-5345dad9f969} 3508 "\\.\pipe\gecko-crash-server-pipe.3508" tab
                    3⤵
                      PID:4336

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA
                  Filesize

                  13KB

                  MD5

                  0aba606a812eb88574a10952d03fa2f2

                  SHA1

                  8c6eb161c208e01e9c087bf32b6db9ff0b8b6f08

                  SHA256

                  e74f5cdf25c4b2c0e16daee53904968d603feda87008c733169f6e92180927d2

                  SHA512

                  1c27eb79362dd51471d46eb259d2b8ce5461c8901204eed1ee4509f930c676d7e79bbf2cc45e6a8abc1e21043aa12e6c8e460525db098b09b2a218d71102425d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  479KB

                  MD5

                  09372174e83dbbf696ee732fd2e875bb

                  SHA1

                  ba360186ba650a769f9303f48b7200fb5eaccee1

                  SHA256

                  c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                  SHA512

                  b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  13.8MB

                  MD5

                  0a8747a2ac9ac08ae9508f36c6d75692

                  SHA1

                  b287a96fd6cc12433adb42193dfe06111c38eaf0

                  SHA256

                  32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                  SHA512

                  59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin
                  Filesize

                  7KB

                  MD5

                  124bb3a88726c34064703c0556eb4f05

                  SHA1

                  b504d9af2094a0a8433686a6a35d5eac609fac7c

                  SHA256

                  6516daf9447f7ce4416eb65d94e19317bbdb3dbf7016a99467816f5340cb72e1

                  SHA512

                  cb838a9703c3ae0d800f09a1f7621ef71508c76977d164c0af5ad8d57bbb5b4924e03b91c98abbffcdf2fd84cf0ff2fab66ac4be5815594e38e384d598bc580c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin
                  Filesize

                  10KB

                  MD5

                  4867d219b298b4d9cd69d0188c66fcb8

                  SHA1

                  aeb8686fde428307b9092ee25333fe787799707a

                  SHA256

                  1025b3db6ebe851a74e4f0e90479aab934c1824326012ac6f9d751852a9687d9

                  SHA512

                  41c2658597077f06b27236824b3f265cab9e3ccdd369b94ed4b8e823b6a03b845f22d3c41fdb10f61927d90d0064fa176115d8e0ca659dec2454d48a20fe0ae4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  d0945d9c7818ad632e15f02a9d116176

                  SHA1

                  b9171c59032e168275cb8254736369037b3fc588

                  SHA256

                  ad6b7b69114ec32dcaa399e8e546134eed361c81611275a3aa4655c99788b5b0

                  SHA512

                  7639c692f88c9fc6ebd9f9937d07db57ae0bc5745b40636dff2bd7ed2e311c55c456b78bf0e5660d1f78708b8a64c482e4a694446797e8a61fc6890cbeec1176

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  4fa6d5e374dffbb5c6a42786bf856566

                  SHA1

                  99bc3fb91599375559ba0f9550d85f5263770d10

                  SHA256

                  d71ded37741e8f3a2128a8d187ef7d03fc37e937110d2ac06740f99d00d0c3c2

                  SHA512

                  494baaa00ece06b3a67fef30d4e7953c7c4a8f072592a1ce6e577b525d807b9f0d59fe7ab409c0d64bbee8c2b20662006abee6c81441ef9d2334a8dadced7e67

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  15KB

                  MD5

                  fdb8fe0689c51aeb5b1a38e293165f33

                  SHA1

                  23881136332e45831203f603b1373fdc3cd00b4a

                  SHA256

                  14aa6d3e8682cebf78064131905ef6d5390ff227fc4141292ca57ff172356721

                  SHA512

                  c80f9c5f3fdd490aaf13c54297fb352e6837ececd24ba90719824b992c2986068e69f9aa99f5702bd8ea5ecf66530c34362c38211367f66f4f8f1d1f045394d0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\5a2dcfda-7c45-4e16-bca3-c0e0aa5dfddb
                  Filesize

                  982B

                  MD5

                  ca3a2a8eff622fe8f14710f84d5f7f1f

                  SHA1

                  44f72517bb155b0d8d36e93eae034930230aade9

                  SHA256

                  f0de2ae3c52f66245ed5d26df6ab637a5bc7b58a466a9719c2a0676d95a55154

                  SHA512

                  373a90ee0f2d60de2fc209699dbe660ce043d9fa8f030a59125b28d4939be138816488a7cce74a75b4c82f207f1e645260030b70452437ebbc2878eadaf6d8e1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\8eef7c2f-b937-498c-bc1b-591e532be278
                  Filesize

                  24KB

                  MD5

                  71457f7e66249da5e94f1f5a2e84ad7c

                  SHA1

                  3624a8617b996dcf2cd831181c7e1f71522b1138

                  SHA256

                  aa2e430d9097cf1963e697b3a0039a1293286c2ffe875ec90c0477305230d1b4

                  SHA512

                  dddd6bc8207251ffbdb5bc15bc0ebca14e5dfac36ad0219e2fa98c323e80f21b61e91b8340c383170fcc1cfcc1289bb0cf8baf7da2abfe7f3e05595066931dce

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\e2461ebe-3151-4045-8e8d-2e0e15f1db29
                  Filesize

                  671B

                  MD5

                  78bc3b9330201f2e4cba24a5409fa58d

                  SHA1

                  953c850a957e7e581aa3175934d66f2d6b352831

                  SHA256

                  d8314746de3e1c1a3531741cb3078d486a8e638713875c3a5c824fd23f865089

                  SHA512

                  ca1e1b600542b54d70ba309adbac953dcc52103fe6075746b6ea80121458f901cc013c625a05d02d2b7a1952e36eb1e313d3574ee6974ac412640f659c6426bc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                  Filesize

                  1.1MB

                  MD5

                  842039753bf41fa5e11b3a1383061a87

                  SHA1

                  3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                  SHA256

                  d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                  SHA512

                  d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  2a461e9eb87fd1955cea740a3444ee7a

                  SHA1

                  b10755914c713f5a4677494dbe8a686ed458c3c5

                  SHA256

                  4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                  SHA512

                  34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                  Filesize

                  372B

                  MD5

                  bf957ad58b55f64219ab3f793e374316

                  SHA1

                  a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                  SHA256

                  bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                  SHA512

                  79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                  Filesize

                  17.8MB

                  MD5

                  daf7ef3acccab478aaa7d6dc1c60f865

                  SHA1

                  f8246162b97ce4a945feced27b6ea114366ff2ad

                  SHA256

                  bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                  SHA512

                  5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
                  Filesize

                  10KB

                  MD5

                  276e6943bc7361d6e2b481254b7df324

                  SHA1

                  8a063fac326580472daaca17235795ddd93fddbc

                  SHA256

                  ff5106353006fc8b77e8c6e62eb891f92702d54a1aabedc3046cb813ff9b4a7b

                  SHA512

                  c5cc2af138332c592ca8e92fe71f49a080adc23e59b8a171298e8c256a7f5a082780ba8476d814e02265cf05f91c4a10d64291ac529f7d54a133faa4ae8e11e5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
                  Filesize

                  13KB

                  MD5

                  88456654976d94c435b7472ea66fb118

                  SHA1

                  9eabf16d61bb02472db2ce7b3bf70f62892a8fb3

                  SHA256

                  afd904c28ee84d6ad4e09abc5632a958ea693e5b0761a9e1dc8531f6245e676e

                  SHA512

                  1f0700d30e69decb036748ca8831d1652bf175ef4adb45e496130e84b54def57027ad54c315e2e44404b61d89f17a2fd0dda835b208ac32ec74ee6711321aa3f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  2.1MB

                  MD5

                  21e6bc362990802d3320c0e0815c18a6

                  SHA1

                  1a913cb36984dd5ba63dc8c9ae9ccfd7743464f2

                  SHA256

                  4dc610fd12bc6e7443848427b1679dd0596eb0fa2b55f147c996f8b66ab822c7

                  SHA512

                  a8d96f1e36dfbf8d6ca4595faec9cccaa6c7fbb9835a0e06ac61af6205aba5564f04c50242a6faef0184289ccc9ed36254d9b1cc1914a261afb4770627f0da77

                  Download Submit