Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://p1t.fun/?l=10...

windows10-2004-x64

1

Resubmissions

15/06/2024, 11:23

240615-nhcx2aydmb 1

15/06/2024, 11:22

240615-ng1byaydke 1

15/06/2024, 11:16

240615-ndewtsscnq 10

14/06/2024, 17:58

240614-wkcn2svbrk 10

14/06/2024, 17:57

240614-wjtaeavbpj 1

14/06/2024, 17:56

240614-wh8npsvbnj 1

14/06/2024, 17:55

240614-whjdtavblj 1

14/06/2024, 16:38

240614-t5wxbaycqb 10

14/06/2024, 16:38

240614-t5hppaycpe 1

14/06/2024, 16:37

240614-t42feaycne 1

Analysis

  • max time kernel
    21s
  • max time network
    23s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2024, 16:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://p1t.fun/?l=1031

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://p1t.fun/?l=1031"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1328
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://p1t.fun/?l=1031
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3956
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.0.1245042914\405748482" -parentBuildID 20230214051806 -prefsHandle 1764 -prefMapHandle 1756 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f511e3de-8476-4f11-a921-8ede27767b40} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 1844 1e9e7a19b58 gpu
        3⤵
          PID:4420
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.1.1222453027\1122528128" -parentBuildID 20230214051806 -prefsHandle 2412 -prefMapHandle 2400 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18aa244f-33a1-4a69-b984-6d215aba7c61} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 2440 1e9d3785f58 socket
          3⤵
            PID:4916
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.2.1341851600\242532868" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3004 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 992 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0209ca92-4d58-4b07-9614-fd7426db4698} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 3020 1e9eaa5b758 tab
            3⤵
              PID:3632
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.3.1094392014\781648106" -childID 2 -isForBrowser -prefsHandle 3868 -prefMapHandle 3864 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 992 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a7cfb66-f1a4-42e9-9b28-d4c752fdb137} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 3872 1e9ec2a3858 tab
              3⤵
                PID:4148
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.4.56417458\2046881723" -childID 3 -isForBrowser -prefsHandle 5056 -prefMapHandle 5052 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 992 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b05c9bed-9135-4d6c-b6ec-ac70d4edd2b6} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 4988 1e9edf1b858 tab
                3⤵
                  PID:1300
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.5.339026539\914855312" -childID 4 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 992 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0251946a-a716-482a-a012-dd68a9beaf3f} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 5176 1e9edf1ac58 tab
                  3⤵
                    PID:1056
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.6.474602120\1443875982" -childID 5 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 992 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {207de2ca-3260-4bb5-95e1-45f834b6c9a4} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 5376 1e9edf1b558 tab
                    3⤵
                      PID:2728
                • C:\Windows\system32\cmd.exe
                  "C:\Windows\system32\cmd.exe"
                  1⤵
                    PID:736
                    • C:\Windows\system32\PING.EXE
                      ping google.com
                      2⤵
                      • Runs ping.exe
                      PID:1512

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    2be323a25cc146821eb4869a87375f62

                    SHA1

                    570547618b9bd879939f3eb2c22474677cc888d3

                    SHA256

                    f2ae62f018f22637e6d51f78f9abffbfd2384c60835c370dad1239bfe187b163

                    SHA512

                    72df91c2b80b421688edac3845e9aa8d1c662d69a6551d071dfa27db76428ed3cbc8c4a5f25e88cec77558ae9ee496227f41cf04ea8b9252e5726dc2d0aab276

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    20d124cc1b1194d5cd64b0cc8301ed18

                    SHA1

                    06a9dd518ccac57aa599a3254bea14d1bc1c3e3d

                    SHA256

                    0df7685295329b196d6a883182e2c9417328d86ccc4d4bca0057e3b9b87a8198

                    SHA512

                    08723b26e53a9f5f3e0a8359a7b4ac09ca666ffbcc36b28390ed7b802d79e024599a5ee3640ca39eb5f76fd0bd5c3a53eeb03984ee3bf80e25079e884cc70c93

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1018B

                    MD5

                    5b567444f724aac32ee23a1835b504b8

                    SHA1

                    0fe54c3681556097f72904e11d79a27bff0f6db3

                    SHA256

                    99ac98086cfeacd8ed1f7730035f95c345f01151aaec620ea6f82582c910d92f

                    SHA512

                    424d749a746050b3bda980e75eb34f1bf7cce1c502df597f211f864def4057898a98c4c17ef39766af89f12e98aaa3f0a8e8637bf26e0e2f94e6a47dcec9ffc6

                    Download Submit