Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://stock888.cn

windows10-1703-x64

1

Analysis

  • max time kernel
    43s
  • max time network
    51s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    26/07/2024, 12:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://stock888.cn

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://stock888.cn"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5096
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://stock888.cn
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4656
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4656.0.537284475\722812674" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db813e0a-71f9-41d0-b2c2-b5a1da985d7f} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" 1776 2c2111d9658 gpu
        3⤵
          PID:4068
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4656.1.51152699\194122192" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66eb0ba6-d9b5-40f7-bd0f-70761d74fb44} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" 2152 2c2110fbf58 socket
          3⤵
            PID:4184
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4656.2.19635223\587454997" -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 2904 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e534434e-9ac2-4e8a-9768-a9d0e20e59ba} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" 2940 2c2151dca58 tab
            3⤵
              PID:1884
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4656.3.111996791\1211678741" -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66b3ccdb-2406-4fde-b541-01de205d0870} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" 3672 2c21681fb58 tab
              3⤵
                PID:4856
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4656.4.1966374038\1405921038" -childID 3 -isForBrowser -prefsHandle 4212 -prefMapHandle 4208 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d715a83-62af-49a2-b7de-dfe495176df2} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" 4692 2c2155d3a58 tab
                3⤵
                  PID:1984
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4656.5.1425995156\1557632348" -childID 4 -isForBrowser -prefsHandle 4828 -prefMapHandle 4832 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4eea9b4-5a6f-4ff8-b835-980ee9e510ee} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" 4820 2c217894558 tab
                  3⤵
                    PID:2360
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4656.6.1920249908\1537932920" -childID 5 -isForBrowser -prefsHandle 5020 -prefMapHandle 5024 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {957aaea4-2a68-4331-bf7b-f7eca07b44b4} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" 5104 2c217892d58 tab
                    3⤵
                      PID:2688
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4656.7.391236648\225562406" -childID 6 -isForBrowser -prefsHandle 5400 -prefMapHandle 5396 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aff35c65-d564-466c-b341-c4982cc49888} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" 5424 2c217871258 tab
                      3⤵
                        PID:1820
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4656.8.533116201\653706415" -childID 7 -isForBrowser -prefsHandle 2784 -prefMapHandle 2848 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3f5974d-0199-4511-981e-dfc461950504} 4656 "\\.\pipe\gecko-crash-server-pipe.4656" 2792 2c21637a958 tab
                        3⤵
                          PID:4108

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      6060600089ea8490c333c25a3f0ded0c

                      SHA1

                      dae3a2f4a5d8d9364adc1dc441fa1fcfcb228ecd

                      SHA256

                      9deebcf6fd2375c3b06cd87ec8f5eb32ffaebffed22fbbaa5ebd5e7d2075d111

                      SHA512

                      4a8446a50692ac1c59396232968819b86405cba0389aa073e2d49ad65b8b2c91755d813dad2c6d5d0110fc6a2049797d464e6d7c585a5a6b35c43d14b283c231

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\1bd6258c-2b19-49e3-ad49-4d1a3d4165d2
                      Filesize

                      10KB

                      MD5

                      244f6df4d2ca2f89978241175f28220a

                      SHA1

                      cc0c2d74e32621435f26bf86379847db1dca2dcc

                      SHA256

                      3697924b2e378e8917740812a30b7439d168a91bd92aa3fa265b1fbfdddb00d1

                      SHA512

                      8cbc805b11d2bcf5d5991d52038ab2068e244c5ac68cf2ef3e2533d59992947292cd7929f4cc7b1587f284995031b81f1ff524e37b3c833eb9abbf0cce37abf8

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\1ee1bb48-f939-454f-af27-c65c3c9b1ba6
                      Filesize

                      746B

                      MD5

                      5e10e80f1ab71a24ae513e6027abce17

                      SHA1

                      86d5ba9c850a7d5477aeab99ff9746e5a08cd87c

                      SHA256

                      6493354c8a464135fc9a094260b97b24410705040ff7fb4a1a7a47d8a7b64c0d

                      SHA512

                      3f8b6b5b84fdfa8880490230ce4f3e7463398f6437cc8ab3195a82c14ac6cf3dbf2e6b829fe80a675d0aa9da3947ac9ebd61139c220aa17203d21a1ab9bf5b4f

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      884001ec50377df328307a772c42215d

                      SHA1

                      30171a0917674b2755c94eba338652c4e1e3e598

                      SHA256

                      486e3eea79b3b198de77335620334bf7cd577168ad046204c7df41c57ab40f97

                      SHA512

                      47e2b2aa3272119437ada31b21851bdab0dfa6f129dc36f0324e9be36990261ee892a9d796ffcc23e4053a756b66c13bdd04606e8dc88021097e8f128cffe9f1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      cb0f2cf0c051fecb6266d6c60028565e

                      SHA1

                      7d41ec24083750eab7857f985095bbff67c09fda

                      SHA256

                      c231ed30682b90ceebb04639d751d7f2bf159ff78b43bb21de70d02773f8f301

                      SHA512

                      c26a14745ae67584cb8d669b8ff593decfccdd4839f28a75852f636e9629329d788911e88dbb99ac8c487af8a93321340f0e97e2ac40fb789db86166819d4f75

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      26ad254337318d0ab0298e7f712ac30f

                      SHA1

                      2a80169ac3b2e9868f6e28f902e7f665b63a2cd1

                      SHA256

                      c7d0c67854cc024ba012e6b2c443aaaf10bff67c7b1166f87323abb2ef6d8ee7

                      SHA512

                      90cb1ed74da87c832faeb2fdcbdeb89614222268a1cea79fa80cde3eb5dc16cc7608686bb2890311047d27a60156f93dcb1346037bccaad4df95440b5cb416c2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                      Filesize

                      184KB

                      MD5

                      f72c2c8a738f1bdd4a5e24326ff248df

                      SHA1

                      d60277881f6b36509d709948fcf7ed3ec3da74a6

                      SHA256

                      06575a0a693c9e0f265fcf03ee5b6ced4dd922ac999f5d767a9a7d92fb199082

                      SHA512

                      7fa2cc3e4f6e6f9c77fc12e188a0ef4e5dfd9079e1ddd2d689669513bd2e512136ac4485b34aa0ed8587c8cd519572d31eb2496b4091e229b6c339bf25c27d6a

                      Download Submit