Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://www.angusj.c...

windows10-1703-x64

8

https://www.angusj.c...

windows10-2004-x64

1

https://www.angusj.c...

windows11-21h2-x64

1

Resubmissions

16/05/2024, 16:02

240516-thaqkacf53 8

16/05/2024, 15:21

240516-srd9nsaf9x 8

16/05/2024, 15:16

240516-snm3eaag66 8

Analysis

  • max time kernel
    0s
  • max time network
    9s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2024, 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.angusj.com/resourcehacker/reshacker_setup.exe

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.angusj.com/resourcehacker/reshacker_setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4608
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.angusj.com/resourcehacker/reshacker_setup.exe
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4936
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.0.1922409060\1977000510" -parentBuildID 20230214051806 -prefsHandle 1764 -prefMapHandle 1756 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32bdb3d6-7499-4e5d-977e-497e7f7bdf20} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 1888 237efa0e358 gpu
        3⤵
          PID:4364
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.1.576678692\754837238" -parentBuildID 20230214051806 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc5b450d-4179-420e-89e7-06a51720e811} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 2472 237db685c58 socket
          3⤵
            PID:4928
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.2.178338806\1860175550" -childID 1 -isForBrowser -prefsHandle 1508 -prefMapHandle 2908 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1132 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48d69978-7332-4136-b962-4022497d3b34} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 2992 237f274d558 tab
            3⤵
              PID:2252
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.3.483473538\581903972" -childID 2 -isForBrowser -prefsHandle 3900 -prefMapHandle 3896 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1132 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec1a23b8-8d4b-4b34-8e6e-4544f7bc5d56} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 3912 237f4657558 tab
              3⤵
                PID:3188
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.4.1129624776\270810077" -childID 3 -isForBrowser -prefsHandle 5004 -prefMapHandle 5036 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1132 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1c4c8b4-ada3-4983-96ef-06edd49344bd} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 4892 237f189f558 tab
                3⤵
                  PID:4176
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.5.1707626924\677378818" -childID 4 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1132 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6aaa25dd-9def-4386-9d57-437637e9ef27} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 5224 237f5ba6258 tab
                  3⤵
                    PID:1228
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.6.620481386\1405231364" -childID 5 -isForBrowser -prefsHandle 5424 -prefMapHandle 5428 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1132 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b206cb4-8f03-4351-91e5-6835d0d0890e} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 5416 237f6067258 tab
                    3⤵
                      PID:2224

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  082ed122aa8f879cb18c839e66b5428b

                  SHA1

                  07525bd82634adee0618a2d17504654de36c3be5

                  SHA256

                  b49d8015018653a2c25b9c5f5afa18040c9b1a4f84f744282a263c74aab454ec

                  SHA512

                  d366383e5c5388e735a0fe8258508de38cf364e970b122e0592818234a5d41a6b26fbb87a2c92973607798b0c85552c665350d5e1983f0794126d1b5358dba3d

                  Download Submit