Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

https://secure.sign-...

windows10-2004-x64

1

https://secure.sign-...

windows11-21h2-x64

1

Analysis

  • max time kernel
    7s
  • max time network
    8s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 07:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://secure.sign-doc.com/XN0VNVXBaYU9vOHI5TU5WditOeGZOeHVNczhOTGVPcEEyMHcyaSsxa1lGaDY2cnI3NHI5MlYrVFdyQlVLVGVudnVhV3NaeWUvZlVOOExvOVJGSzFkMkdDVmxNNlNYdHJ6bXBHWDd2cTl6N0xncE5velJGU0Rsb2pLVzIwV3dQOEdaR2w4VFM5WnMxck5OSHpkN3ZYSlB1NGgvQTBJZEgzcHFvQUNpZ1BTR2xWdGF4b0RWd1BpN1hWWVdjcEZHRDhGU0N1Vlh2ST0tLXlxL0RIaUxQTGFMb2libGEtLStkcTgrZGZWODljK1hVaTFnTS8zQ2c9PQ==?cid=259489278

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://secure.sign-doc.com/XN0VNVXBaYU9vOHI5TU5WditOeGZOeHVNczhOTGVPcEEyMHcyaSsxa1lGaDY2cnI3NHI5MlYrVFdyQlVLVGVudnVhV3NaeWUvZlVOOExvOVJGSzFkMkdDVmxNNlNYdHJ6bXBHWDd2cTl6N0xncE5velJGU0Rsb2pLVzIwV3dQOEdaR2w4VFM5WnMxck5OSHpkN3ZYSlB1NGgvQTBJZEgzcHFvQUNpZ1BTR2xWdGF4b0RWd1BpN1hWWVdjcEZHRDhGU0N1Vlh2ST0tLXlxL0RIaUxQTGFMb2libGEtLStkcTgrZGZWODljK1hVaTFnTS8zQ2c9PQ==?cid=259489278"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4520
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://secure.sign-doc.com/XN0VNVXBaYU9vOHI5TU5WditOeGZOeHVNczhOTGVPcEEyMHcyaSsxa1lGaDY2cnI3NHI5MlYrVFdyQlVLVGVudnVhV3NaeWUvZlVOOExvOVJGSzFkMkdDVmxNNlNYdHJ6bXBHWDd2cTl6N0xncE5velJGU0Rsb2pLVzIwV3dQOEdaR2w4VFM5WnMxck5OSHpkN3ZYSlB1NGgvQTBJZEgzcHFvQUNpZ1BTR2xWdGF4b0RWd1BpN1hWWVdjcEZHRDhGU0N1Vlh2ST0tLXlxL0RIaUxQTGFMb2libGEtLStkcTgrZGZWODljK1hVaTFnTS8zQ2c9PQ==?cid=259489278
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:776
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e02fd981-1de6-408b-a4b6-f454790684c9} 776 "\\.\pipe\gecko-crash-server-pipe.776" gpu
        3⤵
          PID:1988
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2444 -prefsLen 26677 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ade324d5-54cd-4b43-a6a2-ecd5283a4943} 776 "\\.\pipe\gecko-crash-server-pipe.776" socket
          3⤵
            PID:380
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3040 -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 1516 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bd054a5-af20-47a9-b265-820e0bfaed72} 776 "\\.\pipe\gecko-crash-server-pipe.776" tab
            3⤵
              PID:796
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3676 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3660 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a330c6f-c0a2-4608-9a31-2132d68c99f5} 776 "\\.\pipe\gecko-crash-server-pipe.776" tab
              3⤵
                PID:2032
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4888 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4884 -prefMapHandle 4880 -prefsLen 31167 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8598780-d3e8-4742-a5ac-c1ad4142228d} 776 "\\.\pipe\gecko-crash-server-pipe.776" utility
                3⤵
                • Checks processor information in registry
                PID:392
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 3 -isForBrowser -prefsHandle 5428 -prefMapHandle 5404 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f07ad374-535c-4256-a83a-60fbc0137fd9} 776 "\\.\pipe\gecko-crash-server-pipe.776" tab
                3⤵
                  PID:2628
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 4 -isForBrowser -prefsHandle 5616 -prefMapHandle 5612 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7ee80ae-4800-48d6-b4c9-42166d7adeb9} 776 "\\.\pipe\gecko-crash-server-pipe.776" tab
                  3⤵
                    PID:4320
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 5 -isForBrowser -prefsHandle 5744 -prefMapHandle 5748 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edea844b-36db-4e6f-9c2e-ce6dafa9dd1a} 776 "\\.\pipe\gecko-crash-server-pipe.776" tab
                    3⤵
                      PID:2008
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3000 -childID 6 -isForBrowser -prefsHandle 3104 -prefMapHandle 3100 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10bc5564-f978-4175-95dc-11a8fad8299f} 776 "\\.\pipe\gecko-crash-server-pipe.776" tab
                      3⤵
                        PID:4892

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1l89xtkq.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    18KB

                    MD5

                    dba2d3124cd3769e6adfff8cefffb82d

                    SHA1

                    934f749a4b9c49873b75599c1927cf33e75719e0

                    SHA256

                    6dcea08e8b910a133a5f5b1abdb43153228f800714ec63084d601f6132bf9175

                    SHA512

                    481f8f55913c52999edfc1e11fc337a8a16772164d9d149cec510c56027f64a1a90938ed03c98cbbd11e38ec665f40e1bdb125ca3e578a8d7a247fa031ae3d36

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    03dfb8ad8606d7a08954c99f66a95e41

                    SHA1

                    a455bc696474bce057d1df4bc2f60893eea36579

                    SHA256

                    5eaea859b5c663d161255b92ee62a51970c22b7c83d2c4c58d8a121c7665356e

                    SHA512

                    30be34889d9d5020f0c79a4f927b07fcce92639f7c78d617a71e59be95306582556782a1f9fc47ab970a010eb7426264b3124ea84c4c4fd23fa42bde5fbe0658

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    6KB

                    MD5

                    6e74c9df933860d6a5b32e51613435ef

                    SHA1

                    6973b90c354f084724bb0c1f5a4887f1b6a6beb7

                    SHA256

                    23e800a971766f99c37a76144639c408c2e1c9181df5f244d4915e0a6133988c

                    SHA512

                    6e881aad216ec7305bdde973cb489e911fbee53db2d11ae2e54ac8d74afab89aed0f7e28eb53ddfa879397d5b412cc6e3b3dfefbbde492371668d762d80d31b8

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\pending_pings\47c04668-190d-4d5b-8388-b88a83e52233
                    Filesize

                    671B

                    MD5

                    cd246121d2b90c8bccafe4e932a803f1

                    SHA1

                    10a6f2fb05641589d326c0476c392068e6ad21af

                    SHA256

                    4b75a5a07bf56072bbc3044a19414e4530428bcb7c02870bf143f57cdf284a6e

                    SHA512

                    13d4262b6f60aab05f10a54c867b226b28a31100b30b6a09abcc76a712d47d91244d89d04bb64a1c9c275ecf04c7d6371540c71f552c74afec57b9538e4c4137

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\pending_pings\49f1eb4b-38b5-41a7-abc5-34885533b66e
                    Filesize

                    982B

                    MD5

                    4ac177f0cd9ac8c3f08db16917c7be30

                    SHA1

                    6f31d44bb395554ecb68db55f46856e4d0a41509

                    SHA256

                    9046d283ed73c086169a77ea0789721caf60326c10e16389f0c5140841ce5952

                    SHA512

                    238872b09a3ace2bd82f53b63c154d58471e485b4d3e1a652ce78c2fcc57e3ed2258d8199628bd181a9ff741f8b245b4ad52ef90f825c1c36924d268060dfd16

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\pending_pings\f59e4e06-00a3-4715-85a9-97909b46e215
                    Filesize

                    25KB

                    MD5

                    e166f6628bed1dd091dfa9f743c9baa4

                    SHA1

                    54f84a276ca14fe8ebae4f5159cbbfab85c8d903

                    SHA256

                    e9fa38b0290436e34e7e8ec819259441cafff7ec6a0ce5722d5f7abcbdf54a76

                    SHA512

                    0d3bbbc3a681d79cad2f89bb06d274b87e5e2af3179976f2eff3babfaf1ec2e889089e2ca67533beff0850c0effd4703a37affe4989ea9993e587aad4c8b00b7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\prefs.js
                    Filesize

                    8KB

                    MD5

                    bd4bcd5ebad5b9ccba1649aca3d2e772

                    SHA1

                    b19262b710b312f1dc3482367dc313b4542f50ee

                    SHA256

                    5448210101384310c7a5f57646cd6b66afe41ce15d15abffa23ccef7b5aaaf3d

                    SHA512

                    39251dd06aa7d59a12fe871daf664469e78b6694ec192b87c13c2740dde30ccd8fb4683dd8911e05164ecf047b4b6f3837353d418ade00743005af21a3f7ea9c

                    Download Submit