Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://p1t.fun/?l=10...

windows11-21h2-x64

1

Resubmissions

15/06/2024, 11:23

240615-nhcx2aydmb 1

15/06/2024, 11:22

240615-ng1byaydke 1

15/06/2024, 11:16

240615-ndewtsscnq 10

14/06/2024, 17:58

240614-wkcn2svbrk 10

14/06/2024, 17:57

240614-wjtaeavbpj 1

14/06/2024, 17:56

240614-wh8npsvbnj 1

14/06/2024, 17:55

240614-whjdtavblj 1

14/06/2024, 16:38

240614-t5wxbaycqb 10

14/06/2024, 16:38

240614-t5hppaycpe 1

14/06/2024, 16:37

240614-t42feaycne 1

Analysis

  • max time kernel
    30s
  • max time network
    34s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14/06/2024, 16:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://p1t.fun/?l=1031

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://p1t.fun/?l=1031"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://p1t.fun/?l=1031
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1104
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.0.523248857\1448385076" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d920841-341e-40ac-9ccf-53e1db228de7} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 1880 25e2b40a058 gpu
        3⤵
          PID:4820
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.1.1522207255\332982597" -parentBuildID 20230214051806 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c74d648c-8cd7-4c9d-9ba9-81d80c382ef8} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 2424 25e1e884458 socket
          3⤵
            PID:3172
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.2.402143493\778115379" -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 2832 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f610350-2a10-4524-9683-d83ec03e1968} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 2896 25e2e222358 tab
            3⤵
              PID:3160
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.3.1418966609\1944144017" -childID 2 -isForBrowser -prefsHandle 3744 -prefMapHandle 3736 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b46a3264-7468-4115-82e0-139704756640} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 3764 25e1e876858 tab
              3⤵
                PID:892
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.4.174758356\1074836275" -childID 3 -isForBrowser -prefsHandle 5016 -prefMapHandle 5004 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95ea2f84-611a-4f54-8233-e2afff08735b} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 4996 25e32ff6f58 tab
                3⤵
                  PID:3564
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.5.1425895523\556991721" -childID 4 -isForBrowser -prefsHandle 5160 -prefMapHandle 5164 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bffce5ae-f705-4651-a4f3-79839fb80fa0} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 5152 25e32ff7558 tab
                  3⤵
                    PID:3540
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.6.856192301\78526355" -childID 5 -isForBrowser -prefsHandle 5356 -prefMapHandle 5360 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1392 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1a42a6e-29c0-4663-8484-8b115ff1ffff} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 5344 25e33093258 tab
                    3⤵
                      PID:4384
                • C:\Windows\system32\cmd.exe
                  "C:\Windows\system32\cmd.exe"
                  1⤵
                    PID:1908
                    • C:\Windows\system32\PING.EXE
                      ping google.com
                      2⤵
                      • Runs ping.exe
                      PID:4508

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    23KB

                    MD5

                    7731f92de7eef806ab6195f55185ddb9

                    SHA1

                    619761728fa79432ef1dd52ada57754ed544e2b5

                    SHA256

                    684b65bc05066769fc31c801cfeeac8b321bb726c6712ccd1ca1286f68d17555

                    SHA512

                    728ad5c1a8a94300b583ff638244cf2758493914e147964ce4cd27b3f3de1e7c03cdc5d54938ac83eceebbc43632d3b14b5977033fcc20a3f4ccfcc6f6782af7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    28c5452942d35a30dfee99a8d1b7a2cd

                    SHA1

                    b6dc5b40d9adcd6344494602253bc6cecbc2d914

                    SHA256

                    b7bac1b509aa4b1a580fcec2dfd49208ae6d52a6225a5e0d6a68f2bdadd59139

                    SHA512

                    436281e38101309a26c5acf9354194f4a76307219d8f7428d8d614aec0e8ba8f08eb476987e4a7566f258a7fbb112efacd55a55fe6610a89276fca7b6baefce7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1014B

                    MD5

                    bce5ca0ea30adf6ac71b82d5b9f744c3

                    SHA1

                    2b7ada8e4cdd014aeff128c3f075ee8e8c8c0f50

                    SHA256

                    833ffc4aea01845f8d72ca1f0c944d8e1a0ed1acfc3b741becb675b4a9945d9b

                    SHA512

                    342f924cabaa07e975a16e39580a360fd75e5a30b44e5f76696c61e735ce74725925fdb9081f0b0b50cb8a0ded32121278d094a847efcfa333d65af1b3a411ed

                    Download Submit