Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://hurawatch2.to

windows10-2004-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/06/2024, 23:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://hurawatch2.to

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://hurawatch2.to"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:564
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://hurawatch2.to
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2912
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2912.0.1815805686\1036685704" -parentBuildID 20230214051806 -prefsHandle 1736 -prefMapHandle 1728 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ece07bc-e7b3-428f-8ebc-da8e3fde0d81} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" 1820 1fd8ee0de58 gpu
        3⤵
          PID:3600
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2912.1.2031082047\190337018" -parentBuildID 20230214051806 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e20c9d8-3a24-415b-a6fc-a0508bf6c44a} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" 2424 1fd82089658 socket
          3⤵
            PID:4792
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2912.2.356998797\928568764" -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3172 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6530f564-eedf-4a64-9720-8451f49a1ff7} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" 3192 1fd91d3aa58 tab
            3⤵
              PID:2852
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2912.3.1029739939\465521050" -childID 2 -isForBrowser -prefsHandle 3700 -prefMapHandle 3696 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5ba1624-df8d-497c-a157-f3967f1983a4} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" 3712 1fd939d7358 tab
              3⤵
                PID:2412
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2912.4.314628956\1451323779" -childID 3 -isForBrowser -prefsHandle 5024 -prefMapHandle 4716 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e9059c3-8f00-4d8a-9ac7-3b813812aa28} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" 5012 1fd9565de58 tab
                3⤵
                  PID:4864
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2912.5.2114170091\835976928" -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5424 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53d75c08-6abd-4a60-b573-a85aa89825e1} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" 5440 1fd945a1e58 tab
                  3⤵
                    PID:4560
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2912.6.1247217959\1455428800" -childID 5 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf722461-fb2b-4b8d-98ed-62e4601920df} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" 5552 1fd945a2158 tab
                    3⤵
                      PID:3496
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2912.7.546073588\73825664" -childID 6 -isForBrowser -prefsHandle 5692 -prefMapHandle 5688 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b40371c7-2e18-4426-b5eb-2ab47921124b} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" 5700 1fd945a3f58 tab
                      3⤵
                        PID:2668
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2912.8.205312154\1960813858" -childID 7 -isForBrowser -prefsHandle 5336 -prefMapHandle 5360 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {700a040c-39f4-4bdd-bebb-0b15cabcd91b} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" 5332 1fd945a2458 tab
                        3⤵
                          PID:3672

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0gx8chzo.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      22KB

                      MD5

                      dd2264d60cf2b2e991e35ce121fcd822

                      SHA1

                      d1db97b45945f4fb519c5947d44f519796dd9d51

                      SHA256

                      57205fad390f18c8864da33319f79f629b694546bd2d3db63046e1c50c1ee33c

                      SHA512

                      9a7af37ee7aa0a1d716e37814683c006fd883e269e35ec1e71f55eb01da23fdbff0a1f12c2f01ed09eb04064d935d3fa27e150a3e3ffeb1cd42c1edd6ac2f4d4

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0gx8chzo.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      23KB

                      MD5

                      2400ab94842d750e699eb63243b3e5df

                      SHA1

                      bfd702124d64327607138801440ea60599170bd2

                      SHA256

                      c2743e6fdd0c4dc9e04a559bc8d1462386ee7057c6d9cd10b5e1010cd869eff9

                      SHA512

                      7643f99dfa0c382b0e81a7c8a847918e86e001abcf89340f1a81e5b882fef874e3f181ef325366648aa822a86d2c6c1e64c35034b76405f60a384798797e5a6a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0gx8chzo.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
                      Filesize

                      13KB

                      MD5

                      a5cf1cd2a8efab34277c46f82a7902ff

                      SHA1

                      8a228a047ad109fabf3b93435b6c7f7bc7e1678b

                      SHA256

                      3a5059a1196c92733abfb646114f64b1fb6b90de1002b3b16a6b2dc5efbbdd6a

                      SHA512

                      52303387ca4dd0363f4904cf479025697f7308b31a3f730bb52bdfe87dba926c8287fae31fc384fe5d3e685926349033fb47cca557dd6a0863d78b7ba4a41ee9

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                      Filesize

                      442KB

                      MD5

                      85430baed3398695717b0263807cf97c

                      SHA1

                      fffbee923cea216f50fce5d54219a188a5100f41

                      SHA256

                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                      SHA512

                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                      Filesize

                      8.0MB

                      MD5

                      a01c5ecd6108350ae23d2cddf0e77c17

                      SHA1

                      c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                      SHA256

                      345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                      SHA512

                      b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                      Filesize

                      997KB

                      MD5

                      fe3355639648c417e8307c6d051e3e37

                      SHA1

                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                      SHA256

                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                      SHA512

                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                      Filesize

                      116B

                      MD5

                      3d33cdc0b3d281e67dd52e14435dd04f

                      SHA1

                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                      SHA256

                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                      SHA512

                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                      Filesize

                      479B

                      MD5

                      49ddb419d96dceb9069018535fb2e2fc

                      SHA1

                      62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                      SHA256

                      2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                      SHA512

                      48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                      Filesize

                      372B

                      MD5

                      8be33af717bb1b67fbd61c3f4b807e9e

                      SHA1

                      7cf17656d174d951957ff36810e874a134dd49e0

                      SHA256

                      e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                      SHA512

                      6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                      Filesize

                      11.8MB

                      MD5

                      33bf7b0439480effb9fb212efce87b13

                      SHA1

                      cee50f2745edc6dc291887b6075ca64d716f495a

                      SHA256

                      8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                      SHA512

                      d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                      Filesize

                      1KB

                      MD5

                      688bed3676d2104e7f17ae1cd2c59404

                      SHA1

                      952b2cdf783ac72fcb98338723e9afd38d47ad8e

                      SHA256

                      33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                      SHA512

                      7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                      Filesize

                      1KB

                      MD5

                      937326fead5fd401f6cca9118bd9ade9

                      SHA1

                      4526a57d4ae14ed29b37632c72aef3c408189d91

                      SHA256

                      68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                      SHA512

                      b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs-1.js
                      Filesize

                      8KB

                      MD5

                      e2c96b4182cdb02aede04f2ed857901a

                      SHA1

                      cea9f1e8b1ebdb950cc4adcd35180d284b467832

                      SHA256

                      6002a144cfe2796cd8cf40f0a80f5bec0823e19616a73622aa29d6d7f42de2ed

                      SHA512

                      b8c8ba345f62b2947ce2b7c3143cb9a69ed3eca45c3c25ea7c61ba48294b3761a39f4184eca37b41a5ea95c0500cd6b982aa1e9fa6f5a24c3d4e733c18cdab42

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      bd69378d9c984befbf88ee7a6352df66

                      SHA1

                      0007664cc2a2b253907b761360c38c6547da5db3

                      SHA256

                      8838dfcf6427695442f26bce1e36609e0bf2d88524a9710f281ea647ce9bd6b7

                      SHA512

                      9dbca827da9b84b542224ad4dd9b23fca4fbf83e01dd3e3679ee6704c10d7f10e99ab16edd93195e49eef883b8a03a77b4abdb33f36249df3185aa100bf6ceda

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      11KB

                      MD5

                      8310ba4595533105a06a3b79277be1e7

                      SHA1

                      dea9cf4ba025c199f71b86024268c7f7d2ea7ddf

                      SHA256

                      b6c0a87f30340c9243523438141649043f60b365087c712cfa20eead030de077

                      SHA512

                      24049f8d8ba1d7fa7a4c42e54fa90865204137bb65928d064743f16ae0d3d72c888c8f602c51bb2c10fb79807f0fb48e0aae322af677c94bc4eefb5292c04fd0

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      11KB

                      MD5

                      8961cf89ed8195bc24aa819c877dd7c8

                      SHA1

                      bef221c823773be014b5ba1fe96c1f452b34c64b

                      SHA256

                      4343466b583ad104a7f175e41b04b424538b0c3cb758cdae6d9debf90a6b5612

                      SHA512

                      ea3331d0422fa24e87a6dbfa8c602d436e153fd288cc2ee5eda48a668acdabe77f01bd0822d5cc09a73e5b2b92434f9e1fabd8a0d53a87d0919f98526184ee35

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      11KB

                      MD5

                      7de51bc6bc7c7737ff3fe3acf53b4639

                      SHA1

                      53938a484cca27a21b7bf99e38dd371987c1c874

                      SHA256

                      48636e2a569aac353e03b226c9148db1292c91a6ca937b81a83679fd9e9c8465

                      SHA512

                      87156d6907ca737696512909157476ebf8654ae9387eb591f38b8313dd58b8bbec318164e5b720bd9f4a950e06dfebac383e0663b59b48dabd86dd5b951e1822

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      11KB

                      MD5

                      dc04bf922578a3088d47f0c561d427bb

                      SHA1

                      4efffedb91b2cdd25397c807ecb06aa2cb8c9921

                      SHA256

                      0505ff5e2ee3eaf86b0969633fd050a3d9615e5b7672a11557c2614f42ac74a7

                      SHA512

                      de281d8c0025e41321ff9be82562112f805f4926af30e08b7513f517a3aee8f9319e567c39c6a9a66df1e1627490076be7dca38f1b6bd07fa2043c81b1340f9e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      11KB

                      MD5

                      2557a8ff356bc03d44ebfd41177809dd

                      SHA1

                      db1367d5cd9179ca79f25f728af644915e777902

                      SHA256

                      e1afbc44a158e4bc24fb185a1720d922ab5201c76779e33aec6d9fbb4fb5970c

                      SHA512

                      081017c63e81a6737df28e5c96f1f69e35fb7228e50583ca3bfd3246945beb9573a530a5519e41dd41498a8d3082b66f215d4aac67ada54dca68291b88570e1d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      11KB

                      MD5

                      21a57044f2e3607fcdc2aaa6ca56742c

                      SHA1

                      3c8be5af4b6360447f8c8413f410f78cce11b060

                      SHA256

                      568537bb245f865a61a0c8a536e84f809d71cbfb8ad730711b5a58396dd81354

                      SHA512

                      18cf3172f3ad0aa8c6351bfc81d7a7c4117d5c89835947e355f91670000a084ea2744f5fedffcf25094b2c89b195d7359bfbd632f7112102be19385f59203fc5

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      11KB

                      MD5

                      0548218b0e9e952fe5070d3b8b63e77c

                      SHA1

                      5fef72abf6520ee153d88f60372572e0e3a08ccf

                      SHA256

                      d88e9a8626bae4df965e90995c34b45d2808f14efb957da2ddd16dee850c4be4

                      SHA512

                      d337c64a8eb22dc8f19481c3c4cfa9e2cb3d4c264950317e2289b55ffe17005503015716e810cf464ec2981632342862d35a23a2e8cee3664d873b482c81e293

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0gx8chzo.default-release\storage\default\https+++hurawatch2.to\cache\morgue\150\{860ea5e8-fc6c-49ce-899b-b3a59c9da596}.final
                      Filesize

                      318B

                      MD5

                      68cfa5d260332d7cd33dd87ed0e68894

                      SHA1

                      70c36a67440305c4871c6ecc378ee0602b166093

                      SHA256

                      5d6a791d44864aef394bd550891a0cc18e6f035f9d2d6758cdcb2e81252d2ed7

                      SHA512

                      5ddcd25fda2b3dc82a1a663d0bd075a7411ffe082de3c22ada63886c248f510cd046311b5f7b998385c9e528e17a91c7ca51afe92c9592e30cd7e52065cee046

                      Download Submit