Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

6

Analysis

  • max time kernel
    1s
  • max time network
    21s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1c0FT0lY0Ob0V0IzROqiD3IeLEkoLvXa0/view

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/1c0FT0lY0Ob0V0IzROqiD3IeLEkoLvXa0/view"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4544
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/1c0FT0lY0Ob0V0IzROqiD3IeLEkoLvXa0/view
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4704
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e61fae2d-5550-4e1a-ba89-c4536af01e78} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" gpu
        3⤵
          PID:1932
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 26675 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {676c7e06-aca5-4b2b-b807-4ef52280026f} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" socket
          3⤵
            PID:112
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2980 -childID 1 -isForBrowser -prefsHandle 3012 -prefMapHandle 3152 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {190ac9b0-3857-4db3-b6a4-0649788c373e} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab
            3⤵
              PID:2312
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3884 -childID 2 -isForBrowser -prefsHandle 3880 -prefMapHandle 3876 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9d92ab0-1f47-411c-8291-32f535b9e776} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab
              3⤵
                PID:4664
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4860 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15c739bf-b9b0-4d04-a4d6-5e7e13c76f47} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" utility
                3⤵
                  PID:3456
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5008 -childID 3 -isForBrowser -prefsHandle 4992 -prefMapHandle 4884 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b9ac387-297c-43aa-93fc-3de3ed54777f} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab
                  3⤵
                    PID:3924
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 4 -isForBrowser -prefsHandle 5144 -prefMapHandle 5140 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8930ebea-a35c-479c-819c-19d8b4c2114b} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab
                    3⤵
                      PID:4108
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 5 -isForBrowser -prefsHandle 5616 -prefMapHandle 5612 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fc4ade8-7be0-4807-baa9-7b857cbbdc22} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab
                      3⤵
                        PID:1508
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 6 -isForBrowser -prefsHandle 5964 -prefMapHandle 5312 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1811e3b1-824a-48eb-ac44-fc806fe9dfec} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab
                        3⤵
                          PID:2144

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\AlternateServices.bin
                      Filesize

                      8KB

                      MD5

                      8a3c33161c0a059b8465623e0ce2cb27

                      SHA1

                      14d4374cb589c1a56d8a62771d6e2833b56249a1

                      SHA256

                      02a311b2cd3736c1b7393a0e5335c049ecb22fb35e8ddc92522f1354de953671

                      SHA512

                      1d3aab099c4930949dc81a88b2b3b0840716d09d3885f868d1c7da891c417223788604eb3ab3ba4204dffe5266cb9c6a6ad188030950c6e20fbe66054ecb8efc

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      5KB

                      MD5

                      3013017ff5b978132ffc385a4a64c82a

                      SHA1

                      bf019e74b5c64405586d9b3bd76098b6f2b95fc7

                      SHA256

                      4de04871251a2312b8307266868f16bdb5762f499d8fe75b2050ef7d9e2bde35

                      SHA512

                      e9ffd6fc91d71e852e0ba1cfa82b9f80b50dd2ae9c97af63250f18888ce8227163a3139d8b861a155468dc2106416c9f57ebc7eba103fcf5a4c06792bd841876

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      6KB

                      MD5

                      ad671424f945042e85ad1c8d5b130525

                      SHA1

                      bd5ccdfdb2693bcdd74ba9b1a0a29df95fd1d659

                      SHA256

                      32dba54e21bb2493d3cd2c692f2526d7077437e9ea462f3dbc8495a1ccd40b7a

                      SHA512

                      632d043cae0ad9fbe4f3a138b3f21582f84520c918b5c640aa4c114f9065955f29c69b57c42721458847c7ced1c99859e45bc0108278a14c5ab2395185db87aa

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\1a6f4e03-6125-4a59-a6c8-581b66f7b624
                      Filesize

                      671B

                      MD5

                      7b8bba23992fc1f5a1976e967e385e42

                      SHA1

                      c275bd687ef94561f13e6e380b65a107f4f49f86

                      SHA256

                      de6d91fda2843ade1d8affd3ad2fafe3a56beca42f4ca19077fea8121d464407

                      SHA512

                      956e17c421fd841da8854ca7061470cc3817a4a8c0dfd98357bc9e40c20bd6f62757322d9b1a3e3d00be7449cb837216ff760f559d19de7482d97270900d452d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\8cc49163-6eb6-48d8-b7c6-a16be5f9bdbf
                      Filesize

                      25KB

                      MD5

                      ffe43b7e070efb2d312c1d1f18b3956a

                      SHA1

                      daf38be22ec9757bda3d967185e8a758e3287e04

                      SHA256

                      c2521e16a633ed4b99629fa7088569e89927d2ea28a690c6abea6a3fe25a5892

                      SHA512

                      37d21498a1448f5cce650fe5b8534e2ec545eb67b9c0e79f6deb0d8cc8634209c8e7c1ca467fa37b197421baa4bba20fb8b20fd57f00a9224c5ddb0973a3632e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\991b603c-8bd2-4746-801c-50b7557f4e2a
                      Filesize

                      982B

                      MD5

                      05573275f5c95259af7660c56f8fce6c

                      SHA1

                      948588465429138a1540ec757554c0a19af355fb

                      SHA256

                      c99362ca58b2f8b8c04e37e2d4e0f1c75f09f72c34abde4b9d35fe5d895d56d2

                      SHA512

                      992a443c02537505fe8630a21355b739995944771cd6c2a15651cee996d11c663ab2d08068a72a993a641db27f6984e7ad09727811621daeacdb97a93cebab1d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs-1.js
                      Filesize

                      10KB

                      MD5

                      9877d51804bc1b472d57919cbef63a96

                      SHA1

                      f595784a3cd1de0fedf566aeff22ed17b4ec6897

                      SHA256

                      a66bdf6a4acf2c0cd7447f809d6c20b3337bb0dc53108fdf9609a8b3ccb11c35

                      SHA512

                      98311f4acfbb648668ee49807af52ad4c3cac81cd995875447019b9040d1ae44c7e53d76c2aee6fd6c9a15ca020fdb60b5f00df6962b31824c51d811cf50a2aa

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs.js
                      Filesize

                      8KB

                      MD5

                      1028c0df36cb6d0c69ddccbe86a774a0

                      SHA1

                      c18ae361b9a58d0caf86b2a6fd0877f500a256d7

                      SHA256

                      df11c6e6fee95617652f5d895e55806458dba906a0a502c35f2a4042f417a8cd

                      SHA512

                      a6fcd92f9bfa6df87b3776c0641c175f9ad323a75d1a263bb75992966b005cfae35aff9a42ee0f5edcfb1b46395452815f65db6e8677f4ae8e31384127c7bcf4

                      Download Submit