Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

https://lawbusinessr...

windows10-2004-x64

1

Analysis

  • max time kernel
    14s
  • max time network
    15s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/05/2024, 12:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://lawbusinessresearch.eu1.echosign.com/track/CBFCIBAACBSCTBABDUAAABACAABAA_rOKaW4pzp1e6J5S3JZB4CjZJY_Vz1melvTziQsHqs7RBO1LixPN-6zTMEWZIN7uofnLNMTTY7wwLeJAPLRc7KmheppYApgmwI-oZyBjee4*/blank.gif

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://lawbusinessresearch.eu1.echosign.com/track/CBFCIBAACBSCTBABDUAAABACAABAA_rOKaW4pzp1e6J5S3JZB4CjZJY_Vz1melvTziQsHqs7RBO1LixPN-6zTMEWZIN7uofnLNMTTY7wwLeJAPLRc7KmheppYApgmwI-oZyBjee4*/blank.gif"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3192
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://lawbusinessresearch.eu1.echosign.com/track/CBFCIBAACBSCTBABDUAAABACAABAA_rOKaW4pzp1e6J5S3JZB4CjZJY_Vz1melvTziQsHqs7RBO1LixPN-6zTMEWZIN7uofnLNMTTY7wwLeJAPLRc7KmheppYApgmwI-oZyBjee4*/blank.gif
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4540
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.0.1967128413\651964129" -parentBuildID 20230214051806 -prefsHandle 1804 -prefMapHandle 1796 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c75593c-daab-4d91-9f2f-fe78f5b57430} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1884 1817f011658 gpu
        3⤵
          PID:5064
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.1.1913138170\11053971" -parentBuildID 20230214051806 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {436ee704-cc48-42e6-aad6-4d9b03b9e353} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 2476 1816d68f858 socket
          3⤵
            PID:4716
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.2.1136085737\1670794245" -childID 1 -isForBrowser -prefsHandle 2900 -prefMapHandle 2956 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1016 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8a3b4a0-ffef-49c4-b709-3398dd520531} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 2940 18104a33558 tab
            3⤵
              PID:3412
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.3.1839536002\1460533086" -childID 2 -isForBrowser -prefsHandle 3836 -prefMapHandle 3832 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1016 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7e745a6-aa94-4175-9c43-5ae310ed6898} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 3848 181066c1f58 tab
              3⤵
                PID:1124
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.4.768181336\1740795431" -childID 3 -isForBrowser -prefsHandle 5128 -prefMapHandle 5124 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1016 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d48d17a7-0992-4206-adcf-b3d6f6098331} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 5140 1810832a258 tab
                3⤵
                  PID:456
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.5.1012102131\985105846" -childID 4 -isForBrowser -prefsHandle 5288 -prefMapHandle 5296 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1016 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8604cfd9-91a5-4d12-a111-a988346edb50} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 5364 181089a7558 tab
                  3⤵
                    PID:3876
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.6.86469984\334570318" -childID 5 -isForBrowser -prefsHandle 5560 -prefMapHandle 5556 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1016 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8a52b23-063a-4825-bf5c-09b85903d805} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 5568 181089a7858 tab
                    3⤵
                      PID:4536

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  948c9816515813b57419fec1a86eb6da

                  SHA1

                  79b82aab354f1ed9234654b066a68cdd10559a7d

                  SHA256

                  3d130d3367a8e3f9f9f7c968ee8a11b7164cd1408a4b5cd234df2dbfa038f35d

                  SHA512

                  e415e817a5b1a6b3045c12e24f12126952724592f6b1d1b9126fe5c58e1ca37409e33f461b21270bf2ff1be96f59512a2468e05e5dbf8f4a255530775b6d7490

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  d39d73f62df27e4aeaa959e5fa9936d7

                  SHA1

                  39a02f25b5c937d85244a91ff6fb6d879c481f07

                  SHA256

                  4f51572292e3e3977d9d6dc83a4f89de02fb6acf092dea5d85547ca0ebd67ca9

                  SHA512

                  36ba9279382c333a82f202faeff48d8be76dc5e132b4a8bc7bfd906e6cbf2c2311749e08aa2df268ad05272ef662e75246d403e3852b879640c970566a5c1fc0

                  Download Submit