Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

https://github.com/D...

windows10-1703-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    132s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    13/07/2024, 14:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 19 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Da2dalus/The-MALWARE-Repo"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Da2dalus/The-MALWARE-Repo
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2124
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.0.1722141389\1829942433" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20845 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ae7d5db-d6b1-4130-b3a8-fdd6952f0b1d} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 1764 2640a4f0858 gpu
        3⤵
          PID:3448
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.1.461077963\232012620" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21706 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8aaea505-c19a-4d20-9426-e4bc49ecb43d} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 2140 2640a403258 socket
          3⤵
            PID:4492
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.2.1159707290\1843973544" -childID 1 -isForBrowser -prefsHandle 2912 -prefMapHandle 2908 -prefsLen 21809 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aacacd00-5a9f-46e2-ac0f-fee8036fc313} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 2924 2640e4fab58 tab
            3⤵
              PID:372
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.3.580213186\339424571" -childID 2 -isForBrowser -prefsHandle 3704 -prefMapHandle 3700 -prefsLen 26214 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e147ab24-8052-4ca1-aafc-8d4e5c406d61} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 3716 2647f268d58 tab
              3⤵
                PID:4252
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.4.1867901780\795649980" -childID 3 -isForBrowser -prefsHandle 4764 -prefMapHandle 4300 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9c929cb-5bfe-4377-8a7d-d3c29b97a04c} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4812 26411705c58 tab
                3⤵
                  PID:2820
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.5.1764297127\2124900067" -childID 4 -isForBrowser -prefsHandle 4936 -prefMapHandle 4760 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {547f28d3-5943-453d-8bd5-3d7b43b677cb} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4924 2641188b458 tab
                  3⤵
                    PID:4792
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.6.1093207532\1691394292" -childID 5 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2bf44fe-efcf-46de-b6b0-40d864815388} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 5160 2641188de58 tab
                    3⤵
                      PID:4976

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  26KB

                  MD5

                  2738b6c3da0c528c5fcbc46e5bef8ba1

                  SHA1

                  d733158e6a1672025d055079e973736c5a9f3bc4

                  SHA256

                  1395c6fb8d7989f24b72c78b6f6e3c8986be11dd6a9222b7f9d88ecf3e3bcdbc

                  SHA512

                  8a7ecd46c602baee6b1125f8773c780322f46376f0e2e5e3aaa13cfc9c79cfe0ce15d78de0043ae3d3193ec50d47ec1d8c6381daf06c81cbe6d65295f729d9ef

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\8254
                  Filesize

                  47KB

                  MD5

                  62221dd08f6e5aa9831ceae130436e0b

                  SHA1

                  60989febf99394c736d472496ab109807dd0eccb

                  SHA256

                  0ddf83c9e9c6821d9a1f3661280f3f4ad66dd0a66d85526444c9100dac8024db

                  SHA512

                  1ed4c088b254663e2b0a32846d2bc286caca4f924609d4a33271dc25cf3a542c48467d6aa52557bf8cb50020049c94570c4667c0a4949694dca14236384500e2

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\E594A14BBAB7BF4368A030D65BE7D38F383489B8
                  Filesize

                  47KB

                  MD5

                  67c1b2c0ccaf7c088270ef857998e780

                  SHA1

                  7820247a6da40aa387aa534ae5c7c1f47ac4080a

                  SHA256

                  f051efaf4d1923bd5e14a3df67f310b912b813dc5f7d081ce718dbff876240ef

                  SHA512

                  0caa7abed31b781d68f8a3ab73b8250a5dd3b3114fe782e9618bd7295845e32227d9e2577441d5d3aaf9138e5c7f53e5f966d0751016f05b7eff1d5eda3b8445

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                  Filesize

                  7KB

                  MD5

                  c460716b62456449360b23cf5663f275

                  SHA1

                  06573a83d88286153066bae7062cc9300e567d92

                  SHA256

                  0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

                  SHA512

                  476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  1aa57f1d5f1e4120819118c243420fe3

                  SHA1

                  a6d4d88a37d2af033283c2df06077fd6a10e50c9

                  SHA256

                  113c3c6072a49a323f2e6b6aa252137125ad555123fb193d0aadd95a7771a5a3

                  SHA512

                  d1be0caad5199b815c624f4ae5d2b609415d42ebda207bf61c53fd262303f64051365d7969552197c63e1e795bd43c5fa56ac5d436ba85d29a7697d9b3627667

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\c161e3f7-bd4a-4c4c-9723-a0c7cdbc21fd
                  Filesize

                  746B

                  MD5

                  cc6297846c60047d77a8cf8a9c1273c5

                  SHA1

                  8231e8870ae26b9186343aed8979ccf1a8fc4dbb

                  SHA256

                  328c90d08c3e0e21ba0e6d40ef20425b594c42a43b059cbe93692562d478ec7f

                  SHA512

                  6c1050fccabfd67460aad8d4f0739d71139a42e181c79aff98c608cadff4496ec2f30c0d5d02447098363af8362ee2e6dab3f7faf27f68fc2de748e172e34f48

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\e7351628-1881-463e-b4de-89215e94effc
                  Filesize

                  10KB

                  MD5

                  e220300a21dd549d9ad13988d79d8120

                  SHA1

                  dab7993ff1a9c76e35e1f38fbf4e1e4b26d24075

                  SHA256

                  dac115fa7f2dffdd83fee3ccc69e47bb0c3e5942bf1bc67de7f43f6a98089d35

                  SHA512

                  79b268aa58e886cd261421c1a11194867e9d75e8734c09ebfce33462333ec399a8288a2e0d60028f20c18cdd15c99e411c22e54f7f12dfc7a5361590f4690c0d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  db768f26c61df45fe2d26680ebe28ecf

                  SHA1

                  2de4d5d72f6eff27b90344340447c1a1b2bdc297

                  SHA256

                  c7108371e3cd7e29d9b866613d13bc1ecaf5ab3dde58477d3305aaee7d9ab557

                  SHA512

                  a6d3b762340c06731c8c810cbc2e41ac0709c12ff05cfc42e6f6be74b34cee7033dbb510b58dc32d4716e0929aa77cd8dde360b938c77a65bd320a9885826b90

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  fbc507d2560d61d92c77d1811a88a113

                  SHA1

                  c0109c6097f03a2c0bb752be2967b3174e757092

                  SHA256

                  4e589e72e65381220a1590c025521d2ccc91231e7270612707d00cb83dfa2cd6

                  SHA512

                  e7c6a94e6638f8497239642a762206085dbc26f87b5cb48b4a16d693f1d22fe0b0ac7a49c3b75a4a64ac225fd81f2c8972e47d4ec625c13caf3e7ff5b17719b7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  34ec595e24f4e93d90f678a93e6a9c08

                  SHA1

                  3d4f91969785b0da9addd11e6b411c17583c3068

                  SHA256

                  2a81fe803d384a57d01752bbb4a299d636e7932cabaa153f5b70c22d4b63878c

                  SHA512

                  526f838862133a53a4db9b044d7f0c538df574669c425f49e6082799819551bc06b5e2cbd906f44d2793d5c5545d3037e5ce3181be1420c47db60d258415f617

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  3KB

                  MD5

                  9ff2799eb446e250d8280d663c0d9fd1

                  SHA1

                  dd3fbbea026e1baf52f3ca9de246ef437ff2697a

                  SHA256

                  5a36ccf84f2a70dc8cfd512b87441bbc07809162ded82a40d0c69d12e629ddab

                  SHA512

                  8d5d53b340f897019b74cf219b16d009f05a17b7a4515ae95fa5bdbbbbc94960a87a909e9b4954250b0a9331af8a89bbde2d42d3f11e72d385cfca3c10c03ba8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  3KB

                  MD5

                  2b459c74fb1dfea15b0a02b7746e503b

                  SHA1

                  24d84ac69e5c22a38ddfb5b07987b13aef4a02f4

                  SHA256

                  06a5bb97273f1a812a35ca500ca379ea1a45e7cf30a35c939c0f072a992e3990

                  SHA512

                  d2ca39d8590b7355b7d542c2a92689d6674b47d57a1f3de225e0c55d115a0da7da3d80732c49ea4ac4842027ada3555ae4f70d0c2771e58d7427c4d25446b5f6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  3KB

                  MD5

                  357666efc83c9f76d37cb27c00f2519f

                  SHA1

                  4fd72871906fd72d65f60cefa69d70fa7348d5b4

                  SHA256

                  28b0f600e6716d73a7b3a7e8f38000467cecf768a307b1e35dbae8a063c5be4a

                  SHA512

                  0a47030a4d36a7a8030c34a618423e316c96490c84de5ac04e7f218972979ca1d8604857bfb98b72b4eae9f587deb294b935992e5716133a76a25add8a61ae3c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  3KB

                  MD5

                  f2724fbb4bffa01c08212180120b9989

                  SHA1

                  e4889d468bb9d8baf875b885a9be31e332092692

                  SHA256

                  5e06a581f67437a51d0ee9056def92de8024e7515708865a305d1b4801f1ae6c

                  SHA512

                  f0fc5dbbf2844365b3a52f26950469f8bf85dd37126ce307f2c252493ca6558d2e966c1e8c4e92af3de07c7713a4bb2cd1ebaf7f10d1437f5f07e758d60e0c90

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  3KB

                  MD5

                  45c1a291be4aa55f9642b9fb4f487cd5

                  SHA1

                  c5a8f83e4ece7a4ca11ed38150edd6655e7dd4fc

                  SHA256

                  47190eb06a7b7ddf4e76005fc330cba59b6bae16516ff0051f64f8b7f29cdc31

                  SHA512

                  6a8053e9fbb32a9e3ec700d012315b8496a0aa5f3dbcff1d2266bc1ec5262c3731ce2e43bca36da1667193cba401ca480fba41589c807b90afda97b3bac0a5ea

                  Download Submit