Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

URLScan

urlscan

1

http://kemeno.su

windows11-21h2-x64

1

http://kemeno.su

macos-10.15-amd64

4

Resubmissions

Analysis

  • max time kernel
    21s
  • max time network
    23s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07/06/2024, 06:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://kemeno.su

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://kemeno.su"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3732
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://kemeno.su
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1460
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.0.2003652083\330585559" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {577caad1-d86e-4a2e-921d-ac63b78e2cd8} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 1832 155b9fa9558 gpu
        3⤵
          PID:700
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.1.12415090\1708562606" -parentBuildID 20230214051806 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b50a5add-5ed0-488c-ad18-326380a168d2} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 2376 155ad289f58 socket
          3⤵
            PID:1808
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.2.1710793858\1300375075" -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {745a4519-36d5-4365-84b0-3eb832a51165} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 2960 155bcf49b58 tab
            3⤵
              PID:3316
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.3.490594453\445794086" -childID 2 -isForBrowser -prefsHandle 3416 -prefMapHandle 3316 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81021ec9-e9a8-4d28-996a-06a9c0c6ea1e} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 3576 155bfa0d558 tab
              3⤵
                PID:4256
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.4.685519827\2098727564" -childID 3 -isForBrowser -prefsHandle 5236 -prefMapHandle 5232 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66350b7a-a054-4666-ac75-d7f57f35a38a} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 5248 155c2305058 tab
                3⤵
                  PID:2556
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.5.1894834777\400090628" -childID 4 -isForBrowser -prefsHandle 5408 -prefMapHandle 5356 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0d91efd-a2d7-45f2-abaf-6e2a2c36c04a} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 5392 155c2305358 tab
                  3⤵
                    PID:5040
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.6.1303847986\1878846577" -childID 5 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c1e1ce9-9871-4bc0-ae1b-18a9671a2c2c} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 5416 155c2303e58 tab
                    3⤵
                      PID:1980
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.7.94933518\675293531" -childID 6 -isForBrowser -prefsHandle 5852 -prefMapHandle 5808 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {945a521c-cefd-4175-8eb2-ef33675e6ed2} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 5864 155c28d0e58 tab
                      3⤵
                        PID:2308

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    28KB

                    MD5

                    4f59bef299f6f867ec6eb41fe5e272ce

                    SHA1

                    f8afd4daddb6adf305cdf3a2fffe5954d344b49f

                    SHA256

                    b7a2173702240b320bdad54100d16e6fcc45478c397e876f2ec56cb62ae59e5c

                    SHA512

                    a2808d1a4840e1c3e252afe24a73ad42fd574936ffee762ae2ad71bae323ff199dcd2e03c7cce1202c82048ae6689a8cb4dcf31f58e75f22741c4e233e159c84

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    947eff47c0fc027438ff57c57ae16660

                    SHA1

                    bcd72c0c41af6f65eae20935a4762852552a4582

                    SHA256

                    5bce83d38b90f56fed96146ceaffa3f2c67fd11fabb7fde133600fc73a04341f

                    SHA512

                    5f97afd0c3607fd78329279bf9b4d63f744e64060e71b3dc85b96d3e817e300d77157b501c5c2c1696fd8c1966da81fd56b59b585fb0dc799eb1c1e6d4286171

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    063a9a918a16d5bd8588cd5ad396ce28

                    SHA1

                    0d544d921e77bcbd0cb67f58c7b2333f7d8eccd3

                    SHA256

                    b061e743ae62545c3e351ecf523fedfd6f1c17774f8aa567ed70192e2cf683f2

                    SHA512

                    c0e6ed1216c0cc4fb78bf188f44988b317a25786f26bf48156f538c9efca7ead320555edc9a364b051510640a77b50e5ef9004b8d506c1f840d77c86aa6693b2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    2KB

                    MD5

                    f2951f4f8f316321fe749df48207c715

                    SHA1

                    d46e0a1db60cbf4f21ebaf8b099efe99e234475c

                    SHA256

                    4103d48712426dd32127fef2bea6948dd299374a79b3d06e901c8708144b2324

                    SHA512

                    416a31a96bc9f2f466aad9ba94052a3e131d68726a79da118e075855a98b0d42aa3c54bda37740bbfbbae863c457367791d771ce4581519de8e02a624c7def12

                    Download Submit