Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
32s -
max time network
38s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
05/07/2024, 15:25
General
-
Target
https://www.youtube.com/watch?v=D3m9UAencx4
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.youtube.com/watch?v=D3m9UAencx4"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.youtube.com/watch?v=D3m9UAencx42⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.0.931751777\1771295380" -parentBuildID 20230214051806 -prefsHandle 1744 -prefMapHandle 1736 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {429d9ff6-3eac-47a2-b7c4-bcb60e320e5b} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 1836 2357f811858 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.1.1407116734\274733642" -parentBuildID 20230214051806 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbec42e0-b4b3-4023-9183-3bb7e2cf1f88} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 2428 23572b88d58 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.2.668610375\597517166" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 3020 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73c5531d-c659-420b-bc8b-8ae655a2f537} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 3036 2350283d558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.3.21696888\1657963090" -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1167ad4-7a0b-4c59-abef-0833351d2329} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 3648 235045b7e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.4.1771241988\1309655781" -childID 3 -isForBrowser -prefsHandle 5332 -prefMapHandle 5300 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70776cbc-68a2-40ab-b43c-10a604b51cf1} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5336 2350561be58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.5.968574545\1131887280" -parentBuildID 20230214051806 -prefsHandle 5492 -prefMapHandle 5496 -prefsLen 27697 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77f7a91d-ddcb-46d6-aa11-c7b7a90faf4f} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5480 2350561d358 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.6.1736221008\523737722" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 5488 -prefMapHandle 5356 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19612c20-384c-4daf-83c9-e9a9b9bf7639} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5572 2350561c158 utility3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.7.1648871048\434417086" -childID 4 -isForBrowser -prefsHandle 5464 -prefMapHandle 5468 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc7fb161-28a9-4345-a0e1-069a86cb7ad7} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5692 2350561ee58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.8.1569799655\109234675" -childID 5 -isForBrowser -prefsHandle 5920 -prefMapHandle 5588 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbf4eae7-b30f-44cf-9a31-7167d5009de6} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5912 23507267258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.9.1354514513\1152898330" -childID 6 -isForBrowser -prefsHandle 6244 -prefMapHandle 6236 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71987677-46e7-45f9-9a39-e36abc2d7ab9} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 6252 235073cc958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.10.1509918464\167606541" -childID 7 -isForBrowser -prefsHandle 6648 -prefMapHandle 6628 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97cf876b-db69-4123-a5ab-ce5139a71c1b} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 6656 235076c2058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.11.1784775322\343107441" -childID 8 -isForBrowser -prefsHandle 5812 -prefMapHandle 5588 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51d24129-37f9-4472-905e-5decc12a7c6c} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 6608 235002b0e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.12.903149882\475541466" -childID 9 -isForBrowser -prefsHandle 5236 -prefMapHandle 5308 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1159078c-a244-4824-9f10-cb2455f9769c} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 6416 235002fcc58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.13.362840992\1831201462" -childID 10 -isForBrowser -prefsHandle 6004 -prefMapHandle 6020 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2979853-6b4e-4c84-8081-23a18c7f49cb} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 6084 235054b5558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.14.850104252\1359097535" -childID 11 -isForBrowser -prefsHandle 3080 -prefMapHandle 3304 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4681f8a5-4b92-4478-b574-d33f904c103d} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 3104 235054b5e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.15.1140496413\1191550584" -childID 12 -isForBrowser -prefsHandle 6520 -prefMapHandle 6504 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1256 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33a8b68e-d11b-4ff6-ba01-720b1c7e24ba} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5696 2350017ae58 tab3⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4280,i,13036770025638384416,811858527135662588,262144 --variations-seed-version --mojo-platform-channel-handle=2896 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
23KB
MD50f214782be307b21d993766abf69e47d
SHA17a35f015bdca3603c15e1a00498c4a7e7ad46e1e
SHA2569298f825bfef791c8e8fec4feda6a736005114693fda4c6998213572b8c3757a
SHA5121cad2c921ff601d5e2b87b7e68cc022237b48b7e630bee35ddb1ae76560afe7c942b1ae51504a9f81c56d1fd7d6b920a3573b2e42c541874838f5d10b517cbcc
-
Filesize
24KB
MD562c0ed11116330eae86f4f3680dd956a
SHA1516c1b059263c5460467db87df27f5ec5f62d8ca
SHA256a902f84f8d1ef3c131157a0e40cb46620573411c99cd64b0392446dac31e41f3
SHA51250aa58b8fbbcc48b1ef3b5486f0f4480ff40a037eefd5b39a0b2b2514c048b1fb722208d955181b1df16ab4dd27c4e31a7e840ead8861288c3542f222842e21b
-
Filesize
141KB
MD5929767fbe87d06a825e41c0b981e02f0
SHA1a3e7d90f1010f05721058cf2a5cbfb5b5faad0e2
SHA256eaab14328076f31b50a1b9589f87e40cdd366feea186eaf6904b3f9167bec6c8
SHA512488ef4afa8cd8ec4cadefab74cc4bde376f07aca69dcd3541ede28f452ca66efdaaf3b2c817892fea4e6f6f8be02c49d83a51be1aeb59ecb96aa2ec60618608d
-
Filesize
6KB
MD57af20c9deb82e89c0145ba478e760925
SHA1b31bb1d1781eb54d54a166f5683386414892c4f7
SHA2561aff24aae431ae07a6283433b3e76a0506f0b8af7c0741dc670543c28420e99c
SHA51274bbf006199e21af64ba10d3f37e1edb6150e7d7bf899349c3d0aada0fb2f939c0b7b00b8022fd8e07da554e5c662d81fc7df42311e52a9d78c8a3f89fc2cdf7
-
Filesize
6KB
MD5beba5728e9b11cabdf661d7f72785b7e
SHA18f247690b62dc5c77caad876b59e6182c1178af3
SHA2562a095c1f6d583f3b64dc94e46ab17220ade2615325aa15fc45f9755167b7f1f4
SHA51248501c7ab153744d3e1c7497749224f4b56ae07bcd7f5887307bc16d7047f89362d6ebbe9fde20c77eec285349a6af25d2fa575c3c0f482ed52222ce7139d00d
-
Filesize
3KB
MD50d8d5e4c597b67eecca8b0de41074f1b
SHA1e6588b3a03abb96d4c24e39e3352d470cc1e95d0
SHA256267c81a86ff9b15c73fae5e46aca6d7fd3b51900ab62d17e0d217ee7eda588f4
SHA512ea13215c63596e96aba94c0e061a2a6318d6d39815a0140d6b8ffb0475d4590b33bb63f47197280058ca752c1c42fa22f1df13dbce5b007272f983f0cd155b42
-
Filesize
9KB
MD59b5804100fa623ae6aa8fd2e1cd87cc5
SHA1522f7b282e5dd1590d32f2b1f43a0bc4c58e4792
SHA256abc9dc0a3cc2784f6d35cb67052461223c6a5e4784a5c8c83f5ef4a4af346d1c
SHA51283d693f38f95cdaf7f00f03159e928b46303a3ad4c8e15c2ef2be8ddf7e868307c152c20b1cb8a651a7a0b146ef590f37e08d4def8d7adb009bbf912e6af62e7
-
Filesize
192B
MD52a252393b98be6348c4ba18003cc3471
SHA140f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA25604cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA51207af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198
-
Filesize
4KB
MD50027a1fbff93e918314a18da544b77c2
SHA1d73bb82aff5d68d28195950f798ef742c2baf9a7
SHA2560c0b1b454cec307cc79ce7b8913f3607cffa8467f9366077ea36c77286d49a89
SHA512673e3ca13a30a214182ded2e7792d0b21272be666c78ec7c318715c37e54045b08f4ef94b054dab447e991039031f5377a37f81df3d787e7d3b882452a31d3f3
-
Filesize
48KB
MD5f99f6bfde0afef7a1e0e82855597fe05
SHA10255edc488e65c72c58b53e075f8d5b6d19c3b27
SHA256c40d3b58d60d7f37f7473bd5d295582704550877925fbda7578bd60d96e7681f
SHA512eacf2ee003450bc9e4d9c1213751169dfe68a60fc497691075cc78a81a6465ae5df13edff800b5d24a5b7306ef103530b01ca388fdd895af84dfd19c850ec8a5
-
Filesize
40KB
MD54b9e291e874ca2347d8b2c61bcecc635
SHA1d0002260935980db5e62a948bfa8f8f9570fc68f
SHA2562014542f35312773f848597e601f657adcbb17795f93f2cb95357ba30c9cb66b
SHA512f67323200d463f5e7aee5cf8a9103412c4b43974fcc1b8d2ab8a4bbe39f342fa713f728ddaac6257f15667e28c695bc3a6bb78fe21b19ff7b80fa8cc7c01fb85