Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://p1t.fun/?l=10...

windows7-x64

1

http://p1t.fun/?l=10...

windows10-1703-x64

1

http://p1t.fun/?l=10...

windows10-2004-x64

1

http://p1t.fun/?l=10...

windows11-21h2-x64

1

Resubmissions

15/06/2024, 11:23

240615-nhcx2aydmb 1

15/06/2024, 11:22

240615-ng1byaydke 1

15/06/2024, 11:16

240615-ndewtsscnq 10

14/06/2024, 17:58

240614-wkcn2svbrk 10

14/06/2024, 17:57

240614-wjtaeavbpj 1

14/06/2024, 17:56

240614-wh8npsvbnj 1

14/06/2024, 17:55

240614-whjdtavblj 1

14/06/2024, 16:38

240614-t5wxbaycqb 10

14/06/2024, 16:38

240614-t5hppaycpe 1

14/06/2024, 16:37

240614-t42feaycne 1

Analysis

  • max time kernel
    552s
  • max time network
    562s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/06/2024, 11:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://p1t.fun/?l=1031

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://p1t.fun/?l=1031"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://p1t.fun/?l=1031
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4756
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.0.355141026\933522050" -parentBuildID 20230214051806 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 22244 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {06af9629-049e-441e-95ad-055efdcc9f68} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 1824 2435b10d758 gpu
        3⤵
          PID:4408
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.1.870385304\972882112" -parentBuildID 20230214051806 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 23095 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66272703-2864-4439-ab68-68bc6b89f3d3} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 2424 2434e387b58 socket
          3⤵
            PID:1368
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.2.992017353\1541551432" -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 23133 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b981a48c-80c8-4277-93e0-5a1ad40de089} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 3092 2435e12e458 tab
            3⤵
              PID:1652
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.3.1029120472\1938330557" -childID 2 -isForBrowser -prefsHandle 3928 -prefMapHandle 3940 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {157d0951-52dc-4e81-b362-1827cb60e8f5} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 3948 2434e376f58 tab
              3⤵
                PID:3672
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.4.1111327882\1024724601" -childID 3 -isForBrowser -prefsHandle 5048 -prefMapHandle 5044 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f98df0b-a66b-49b5-b9c8-d3af98e3d42c} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 5056 243616c7958 tab
                3⤵
                  PID:3136
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.5.1063466947\1137332779" -childID 4 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b96204b-ee32-4246-a8a4-f78aae248f57} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 5176 243616c7f58 tab
                  3⤵
                    PID:1720
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.6.892523310\614584317" -childID 5 -isForBrowser -prefsHandle 5252 -prefMapHandle 5196 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {671f6c55-aa26-4c8f-9347-e7ba9847c904} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 5240 243616c8258 tab
                    3⤵
                      PID:4364

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  23KB

                  MD5

                  3a21f7d01fdf3eac34c597f93f2bd985

                  SHA1

                  96a815db91d888bf1c06f418e3e00e4b11a2278d

                  SHA256

                  cf835f1578afc41903a1809f846e6f2a828a77ec0d63fbc2217cccf2e281b20a

                  SHA512

                  456e9ad9553f7c06cbdc89fc4687ec63a0aa4b39b35328d99cbd3b115ee1eda2ff75500986d33e70440c3b8a5a90018fc4be0369df901d5290d38f9e7ff25bd9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  5KB

                  MD5

                  2952b81d2d21e63d1528ef53c6018ca5

                  SHA1

                  7ef69f371eeddc52c5954a9c0c2a250cbb17caff

                  SHA256

                  399960af4a42208df9c38da1508f5eee59bb84990e4d019c43e8b04a11054079

                  SHA512

                  eb5dc058f76a8c15075768eaa8ad0cc917596e13f8c55bccff2f929d7809225c79ef3a8cd03d7127f61a2b0978ee956794030f836828471d4909bfea64519a0c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\bookmarkbackups\bookmarks-2024-06-15_11_bcrmR8fzwkXblGL7RICEXQ==.jsonlz4
                  Filesize

                  1005B

                  MD5

                  8102e3cfd21ded28b836217fedf7f7be

                  SHA1

                  2931921905116597f8d97273e282313e53cb8d87

                  SHA256

                  1233c1496182ba282aec0825ffe264ca43b215d1e4b35cf35f752dee79620c23

                  SHA512

                  ea31994d13709f9cd3a2c3002eec184ef3af27577a9c86a7c261afe0aa8a14d3ad906d9cab83e3a9132d7b54eb75eed312a4e900555233cd0aa0bf6bab14bb82

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\broadcast-listeners.json
                  Filesize

                  204B

                  MD5

                  72c95709e1a3b27919e13d28bbe8e8a2

                  SHA1

                  00892decbee63d627057730bfc0c6a4f13099ee4

                  SHA256

                  9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                  SHA512

                  613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  2e353233db6fe09195a162d4ce7ddcce

                  SHA1

                  a398fb03fe74319a5e242fc1ada9b15dd3d10fdc

                  SHA256

                  0ce63a3470d4c3840e1ad7b1ad0471e8158a9c31a7d1e1ddfd06f12a58f5fad2

                  SHA512

                  32055e00040eae0bc49c83a40deaedbce81980c42a92c9c3e3302c786fcecab09742dfba3a2b31b577b523784e18e8a95a6cf643af54351c551df1fa999d68ac

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  a1d1e5fd543c878937a728b826c25469

                  SHA1

                  ee757a860815b6624b75490ac233f01d00607162

                  SHA256

                  aa5a0ef057a48461ff03d92e8ad820731abe2ef49817c7a558628cde1fd41994

                  SHA512

                  e3cd4f35d20210784378713d1453234c6deddc283f122f2354c5c9f764c0527b29441d0861e67c92dfb558b65a2a0d6825050365e983e0ed73e99d1c52f3b611

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  dcf10f2017e42c61e77b74fdadedc5d3

                  SHA1

                  27f1b6e94e2d6a3bdb70b01560378d1cdbed556c

                  SHA256

                  9c9e0648bc5c2bb3383d74c0236b22730e551c9e2990f89da196988efb1f7552

                  SHA512

                  96e62663604a76a681aeb38aeeeb25b18808487d57121f7d13dc1ec9ffbb7df2b4687e604850ec89dfaee5c7297d64a85a3bd8e40d082b2af145392b0750b730

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js
                  Filesize

                  7KB

                  MD5

                  1a947b1ecd52f325cd03fcfbd2215dec

                  SHA1

                  93e4bfb83ebdb142e383f3c9ecd8d024dd8f26b7

                  SHA256

                  525ca0c576f36c929d0f2bdde71204d508e3fc1f53eaf3e77d187bf8bc88e730

                  SHA512

                  27cbb82cf6e2a646c087cfcd156fb304306108b95710ac09196acc80da0c3ab78959e72e02cc3777fec2bc18815983057cecfe82acb34a2f1ccd67fce3ebfc07

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionCheckpoints.json
                  Filesize

                  90B

                  MD5

                  c4ab2ee59ca41b6d6a6ea911f35bdc00

                  SHA1

                  5942cd6505fc8a9daba403b082067e1cdefdfbc4

                  SHA256

                  00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                  SHA512

                  71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1020B

                  MD5

                  6bd211c91f99aeb759c575b39a2eafbf

                  SHA1

                  f08ec954ccca363416c9754c9929f9229fba2366

                  SHA256

                  ee100abd62d5a5a2f061808191c3494d28897978443282b9edfcd4c3d996db5e

                  SHA512

                  5fb5c9e742a0a0711b270cb3c5060e5fefed1ef43efd26b46e7a31d4caba4397c40c627105fa1a4afb3e7d674780a6e003bb0dbb857afc0c39159ca37753ddb1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  7ff9861f06aee23cf000cbe728dbd365

                  SHA1

                  1622087d115fe7a8885a4e1c737ee7ed261aae4b

                  SHA256

                  92b9d1dfc9b637d255f580f13b39d96ffb7a90c48432e4e9b48fe4cc2e6f76e8

                  SHA512

                  5543731a00a46f28d8cb80ae2e33e94cf4fd5447ad57bc49213b017ac6c4a330dfb92801a40a527d449d63ddb184000a306668966a93f35ba1454a1d2e2b568b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\targeting.snapshot.json
                  Filesize

                  4KB

                  MD5

                  b8b5ac6340290c6cfaaddff1277c9d7c

                  SHA1

                  961d09b87cd6eecfb6cd309fd8e9186e22c3584b

                  SHA256

                  022379c76ea45edc01382b2fdd311131e53eb74efd23abe6bd21dfcb6e688c73

                  SHA512

                  f2e90f89bf7c8c845a8a2166b5073fe91f9492cae13357b337a197533243cbbb1e3ea0fd1338859825d1eaf47ce4706ecf76bde344ebbf2356828bd139569512

                  Download Submit