Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://e7wsmhq5.eml...

windows10-2004-x64

1

Analysis

  • max time kernel
    29s
  • max time network
    24s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/05/2024, 18:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://e7wsmhq5.emltrk.com/v2/e7wsmhq5?d=[UNIQUE

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://e7wsmhq5.emltrk.com/v2/e7wsmhq5?d=[UNIQUE"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4324
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://e7wsmhq5.emltrk.com/v2/e7wsmhq5?d=[UNIQUE
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1988
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1988.0.1401573366\1786966577" -parentBuildID 20230214051806 -prefsHandle 1812 -prefMapHandle 1804 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39afc883-55be-4816-8549-688f6d0b9e37} 1988 "\\.\pipe\gecko-crash-server-pipe.1988" 1892 20b1f80f558 gpu
        3⤵
          PID:1876
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1988.1.1595175336\1430721983" -parentBuildID 20230214051806 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6e91c40-017c-4385-838a-81be9252f974} 1988 "\\.\pipe\gecko-crash-server-pipe.1988" 2488 20b1298b558 socket
          3⤵
            PID:452
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1988.2.1299054723\1513637963" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 3144 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e43aad96-98cd-46f1-bfaf-3b1521672255} 1988 "\\.\pipe\gecko-crash-server-pipe.1988" 3112 20b2274a558 tab
            3⤵
              PID:316
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1988.3.1718791704\1148331465" -childID 2 -isForBrowser -prefsHandle 3800 -prefMapHandle 3728 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d754ec07-0385-4615-8c69-71c72528d07f} 1988 "\\.\pipe\gecko-crash-server-pipe.1988" 3808 20b24018458 tab
              3⤵
                PID:2928
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1988.4.1234190743\699241116" -childID 3 -isForBrowser -prefsHandle 4988 -prefMapHandle 4952 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d12eb2b5-8813-4274-897d-a016e39316b5} 1988 "\\.\pipe\gecko-crash-server-pipe.1988" 4996 20b25c94858 tab
                3⤵
                  PID:4772
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1988.5.1791789032\1874636594" -childID 4 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {702e6f53-c61f-4500-aa5d-d5d5d3bd9b64} 1988 "\\.\pipe\gecko-crash-server-pipe.1988" 5016 20b25c97258 tab
                  3⤵
                    PID:3220
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1988.6.1531793342\968004156" -childID 5 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41697c4c-4d88-494b-ab10-eb7304638713} 1988 "\\.\pipe\gecko-crash-server-pipe.1988" 5312 20b25c96658 tab
                    3⤵
                      PID:1536
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1988.7.465873966\256903316" -childID 6 -isForBrowser -prefsHandle 2956 -prefMapHandle 3276 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eef79531-07d3-41c3-864b-0fe99f4daa7a} 1988 "\\.\pipe\gecko-crash-server-pipe.1988" 2912 20b2274de58 tab
                      3⤵
                        PID:5548

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    23KB

                    MD5

                    0c05c8719b2746879b4c79db7f78ca32

                    SHA1

                    acf1702afaa00eec3517cadb06d3227d3f8805b2

                    SHA256

                    217ef3b4945c1f4fbcedfe4effadbe3416f17c36c8bb4adff9e78fb479fde8c1

                    SHA512

                    5bad9be8fe72bee35885b91459003e39a5e2bd387c5bda4ddb8c4947d4975de860210b409b8179b5760279af63779f83a1858f0bbfbcf8e0630600142ae7035d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1018B

                    MD5

                    cb135480a2f5a186f3d7ef5ac1e4241d

                    SHA1

                    dc97ccd3d8f721b20f95e0aaa307f14cae422e7f

                    SHA256

                    e886a73da08db4f228f982fad156f2b875a90ff66903f5dfbe9084ba5d89de83

                    SHA512

                    9c210aa00f5ce6f059b2fb0d220be5c68663f504656136f68793588386f98219c439dd74b37999ce5994d89b5a1d12ec32a8ae01cad53f32489136dc5003f554

                    Download Submit