Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-2004-x64

1

https://cdn.discorda...

windows11-21h2-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    117s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2024, 14:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1256230068754055219/1259157809417682975/ONYXLOADER.exe?ex=668aa997&is=66895817&hm=788d998ab0dee7e01ab092f414608158d81fe0bb7e2d1338485e3d9318d174fd&

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://cdn.discordapp.com/attachments/1256230068754055219/1259157809417682975/ONYXLOADER.exe?ex=668aa997&is=66895817&hm=788d998ab0dee7e01ab092f414608158d81fe0bb7e2d1338485e3d9318d174fd&"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4144
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://cdn.discordapp.com/attachments/1256230068754055219/1259157809417682975/ONYXLOADER.exe?ex=668aa997&is=66895817&hm=788d998ab0dee7e01ab092f414608158d81fe0bb7e2d1338485e3d9318d174fd&
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:372
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.0.1610761351\549705089" -parentBuildID 20230214051806 -prefsHandle 1784 -prefMapHandle 1776 -prefsLen 21998 -prefMapSize 235091 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d09865f9-3202-4309-acad-c92a52e70204} 372 "\\.\pipe\gecko-crash-server-pipe.372" 1876 2416e109858 gpu
        3⤵
          PID:3980
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.1.884072076\987883929" -parentBuildID 20230214051806 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 22849 -prefMapSize 235091 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65319bcf-06b7-4d54-8d82-639c0f721669} 372 "\\.\pipe\gecko-crash-server-pipe.372" 2496 24161492858 socket
          3⤵
            PID:912
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.2.1583493325\1095420967" -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 2936 -prefsLen 22887 -prefMapSize 235091 -jsInitHandle 1148 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fddb010-f0ea-42cd-88dc-02f671ef8fd6} 372 "\\.\pipe\gecko-crash-server-pipe.372" 2996 2417103ab58 tab
            3⤵
              PID:3244
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.3.902861492\1141590048" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 27538 -prefMapSize 235091 -jsInitHandle 1148 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ed5a310-d540-47ab-96e3-5739c6a97f81} 372 "\\.\pipe\gecko-crash-server-pipe.372" 3652 2417274b258 tab
              3⤵
                PID:3356
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.4.1595331247\680953465" -childID 3 -isForBrowser -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 27538 -prefMapSize 235091 -jsInitHandle 1148 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00a0fff7-833f-4a41-b230-c6809610153e} 372 "\\.\pipe\gecko-crash-server-pipe.372" 5084 241743b2158 tab
                3⤵
                  PID:4404
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.5.184544357\1843156725" -childID 4 -isForBrowser -prefsHandle 5440 -prefMapHandle 5436 -prefsLen 27538 -prefMapSize 235091 -jsInitHandle 1148 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efde1e59-d3f5-4cd0-92d3-196550a79668} 372 "\\.\pipe\gecko-crash-server-pipe.372" 5448 241746a5158 tab
                  3⤵
                    PID:3616
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.6.807062842\212343248" -childID 5 -isForBrowser -prefsHandle 5256 -prefMapHandle 5404 -prefsLen 27538 -prefMapSize 235091 -jsInitHandle 1148 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0356bdc0-f7dc-4054-8479-8e7ce1acbd6c} 372 "\\.\pipe\gecko-crash-server-pipe.372" 5100 241746a6058 tab
                    3⤵
                      PID:2132
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="372.7.1609497321\327928219" -childID 6 -isForBrowser -prefsHandle 5836 -prefMapHandle 5832 -prefsLen 27538 -prefMapSize 235091 -jsInitHandle 1148 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82d85a85-6383-4561-9b54-565124f4828b} 372 "\\.\pipe\gecko-crash-server-pipe.372" 5844 241746a6358 tab
                      3⤵
                        PID:4628

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    22KB

                    MD5

                    46f4e84c8cb338e036609f3e373acbc3

                    SHA1

                    492dc0f8703f9778387f50e59c9a6e4ccf3fc31c

                    SHA256

                    7d00a706cec58160228b942ed70488ac621bade5739e794ab7db9a903c13a9a5

                    SHA512

                    d234e428d1a506ada175ad62e35d7e8655fb062ad10acb65e387fa433781c20b578e1e1891de8fed5f9c68e5694fdc567c40098be76748980cfa6cbcb7e8ef79

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    23KB

                    MD5

                    81305d9eabd6997e22f1844aaccf46c9

                    SHA1

                    5388ed7bdf5011f888504e504600b34fb1a9d35e

                    SHA256

                    f70f3d0dbd9948e37c2761c02d516b53916d21245f4c3003d0b23633df7faf1b

                    SHA512

                    453e1d001ec7dfc35c10a83946f701ecc3fa1a7eb77c040458e5a9b3ad48611b0292e68fefcda0e1292f3895c4f4353a08ac87412333e792bc9aaa4bb07325e0

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
                    Filesize

                    13KB

                    MD5

                    2c8b296b46754bdf017c472fb9f23ea7

                    SHA1

                    1809501e012539cf9d66d39ea263fb11dda2b60f

                    SHA256

                    ae855df4cbd0238f89a52e4d932e3fd0b482b95c4d013a85b32308c78f3c012e

                    SHA512

                    2c89ee338958e852f3c71b1ad86b3bfe5fa59a3f87e28ac352985a47751f49ee730555a055057061f04bfa066e6080ddc6c318c883c7968bb4e1466d8dfecf2d

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    442KB

                    MD5

                    85430baed3398695717b0263807cf97c

                    SHA1

                    fffbee923cea216f50fce5d54219a188a5100f41

                    SHA256

                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                    SHA512

                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    8.0MB

                    MD5

                    a01c5ecd6108350ae23d2cddf0e77c17

                    SHA1

                    c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                    SHA256

                    345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                    SHA512

                    b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                    Filesize

                    997KB

                    MD5

                    fe3355639648c417e8307c6d051e3e37

                    SHA1

                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                    SHA256

                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                    SHA512

                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    3d33cdc0b3d281e67dd52e14435dd04f

                    SHA1

                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                    SHA256

                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                    SHA512

                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                    Filesize

                    479B

                    MD5

                    49ddb419d96dceb9069018535fb2e2fc

                    SHA1

                    62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                    SHA256

                    2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                    SHA512

                    48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                    Filesize

                    372B

                    MD5

                    8be33af717bb1b67fbd61c3f4b807e9e

                    SHA1

                    7cf17656d174d951957ff36810e874a134dd49e0

                    SHA256

                    e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                    SHA512

                    6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                    Filesize

                    11.8MB

                    MD5

                    33bf7b0439480effb9fb212efce87b13

                    SHA1

                    cee50f2745edc6dc291887b6075ca64d716f495a

                    SHA256

                    8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                    SHA512

                    d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                    Filesize

                    1KB

                    MD5

                    688bed3676d2104e7f17ae1cd2c59404

                    SHA1

                    952b2cdf783ac72fcb98338723e9afd38d47ad8e

                    SHA256

                    33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                    SHA512

                    7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                    Filesize

                    1KB

                    MD5

                    937326fead5fd401f6cca9118bd9ade9

                    SHA1

                    4526a57d4ae14ed29b37632c72aef3c408189d91

                    SHA256

                    68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                    SHA512

                    b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    c50b7ddbb9ca616d6e38b4aa1f01d36d

                    SHA1

                    f9c2aef15ddc42d730ac7935aeba75b3644b95dd

                    SHA256

                    bf71fd6e21afb64db57163901d00bb99f26bde5593da1c7e24c30fdff399f60e

                    SHA512

                    9972ade7b0db3dd962a99601a06e2d065fdae16f40f1ab01ebb497f568d69e12304d18282d3acbeeedac7b4f36b43f7298af094f30eeaf36ebc0f03d950ac45a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\prefs-1.js
                    Filesize

                    8KB

                    MD5

                    0f3f9c789d4851f22a03bdcf36c9e018

                    SHA1

                    e9ded817684caf01f45085fe1c5e6aba6859f021

                    SHA256

                    a22311ff2ed03e8eb4225305cf4ed216280d2ff24fd600b8ef4652211b3fe868

                    SHA512

                    ae58bc64e6c0776a83725133182a22c18af6a7cab52aae0e75a2172f15fb06d113a715f819c08d2e99cedcf054c1a9b0b2b9f725a0a759d95e16ba3db512008f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    3b7a0b525015f8ffa01a097771cc2e9f

                    SHA1

                    817f7f8faae808604dcce0dc141e7372eff9c368

                    SHA256

                    d6bacc0c7ee78ace29458782ce6484039fc26eaf16093a42e4c0bb2ea933cfb8

                    SHA512

                    7b888a3e07b0bcda2aafb201636764a44e1d6aa505f19c3d692a18ffcb6637955760306a4177ce913bbfefa227756b836666a59d74fe685e548aea8d21bc6780

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    55c9605fcad8d59bed81ccb30906af8d

                    SHA1

                    e2dac3cee6502d25510168665edb0812fdc47409

                    SHA256

                    8ad1fd17aefe77da7da7b97df26b49b5d703654cb4ab2a1e13ff16175a706a0d

                    SHA512

                    bc1610b47aa1baf9d4ae763299b92a2add7a549f7eeca21cee7fc0dc81b7f71a857645184b38959aa3ecbcd69a6760465cf47cab2d7364a03a8d6a972296824b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    25667a24719d1cb6f8c3a511d3cfbea1

                    SHA1

                    4b578df3661e6cad14348dbac0a8375efc811fe7

                    SHA256

                    7164e8932ff9db445bf0ccdab0672fe294155b85527449f9bb7d67146bc9261b

                    SHA512

                    61422850fde0627270ac3b25bf30ba4b566bae4249ece0f9cbb93ac70142e0578ce812fe5f5911dbc8bedc5f49df0cb0b3023b8aec2773acc76547aa7fc688bd

                    Download Submit