Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.dropbox....

windows10-2004-x64

1

Analysis

  • max time kernel
    7s
  • max time network
    8s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/09/2024, 14:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.dropbox.com/l/AAAiEbuPVG45pX1l86CLXpA9X_tBF2B7qX0

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.dropbox.com/l/AAAiEbuPVG45pX1l86CLXpA9X_tBF2B7qX0"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4428
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.dropbox.com/l/AAAiEbuPVG45pX1l86CLXpA9X_tBF2B7qX0
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3680
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2f92b4b-5b69-425c-9290-1a71fb1c3a80} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" gpu
        3⤵
          PID:4728
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2440 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07f6b013-7ce6-4e8b-980f-e86731521e8b} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" socket
          3⤵
            PID:4516
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -childID 1 -isForBrowser -prefsHandle 1304 -prefMapHandle 1408 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {078caec0-9042-4c5e-a314-a767ec6a24b9} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" tab
            3⤵
              PID:2540
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3428 -childID 2 -isForBrowser -prefsHandle 3708 -prefMapHandle 2776 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {616b9178-7aa4-4718-bffc-2c7676d7712b} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" tab
              3⤵
                PID:3256
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4156 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4112 -prefMapHandle 4132 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc152db1-64db-43f3-834b-66d69b1183fc} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" utility
                3⤵
                • Checks processor information in registry
                PID:4168
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 3 -isForBrowser -prefsHandle 5372 -prefMapHandle 5264 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33ec7610-44d7-4ede-8f05-e0376903c22f} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" tab
                3⤵
                  PID:2340
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 4 -isForBrowser -prefsHandle 5536 -prefMapHandle 5544 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87e07c7-e73f-4abc-9992-47957c956238} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" tab
                  3⤵
                    PID:1040
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5732 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd27c84f-3b90-4682-88f1-0fadf6e29332} 3680 "\\.\pipe\gecko-crash-server-pipe.3680" tab
                    3⤵
                      PID:4008

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\activity-stream.discovery_stream.json
                  Filesize

                  27KB

                  MD5

                  f681ebaefb3752684669ea4f2479ca7b

                  SHA1

                  6d845f91115a11809541da50578d6080e2cba16d

                  SHA256

                  23640de48a15472a83a62b86c24ce278aa4cbf04e501d03da41b83314f3f6411

                  SHA512

                  ad01d084b6f902e4ffb7855ef3c0941ea7e2ad4c9ea71cf9c5447c28c4088c54b5eee85192295f9aa1761500fdf5bb2f23b54cc89ac89c241f76e338474cef0a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin
                  Filesize

                  6KB

                  MD5

                  8e088c17100a1b586b53b02b669b5d9f

                  SHA1

                  769bca39a33199cbad31c2055ac609c8ea160da2

                  SHA256

                  2eb681665ddc6b17f8fa548498a87146477e94540d93b9fe0c01ea2263a10d36

                  SHA512

                  95a58c4b5b6d7b57aa08682aaab3eff15cc82fccd49b5282b79fcddd564c09de4b4e4726142da04b1827afca341b1924747534e5a33aeba0e41b81ee60557182

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin
                  Filesize

                  6KB

                  MD5

                  917e44bba5e2dca9c5f5875dd6f46740

                  SHA1

                  3bfcf6afca7fdb5f2c00c9eeebbfff5508e8d425

                  SHA256

                  d92c0fa12b1dd5083139531ee79c3f3a465b633f886aba764a84b037ea525c7a

                  SHA512

                  a2271fc4db195df63bb4fd6533d328079d9425783f5b71dfc50cbf1c02283d6c453b593b771627aa32c88cb4040793f822314268e2218b26655e4c7249fd0bcc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  d83a4f3f21494cf04bff9eb47c217c32

                  SHA1

                  f598b5c139e4c625ff2e7222e260c01c3e58e973

                  SHA256

                  b20d431304989e62cc4896a4b96bdbd6cb9c1e42ac2dc1f689803e048d5da756

                  SHA512

                  8551f12948a95d48a3e75c67f233b462538e777cf9c09a1d553b897e5ff261f636403316b68d05372b8786850db797247761827321b499c68720a50b4ecbdabd

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\0d4568a2-c7a4-4d08-84d0-e48d699488ec
                  Filesize

                  982B

                  MD5

                  375935bfb73982a9ed0c3aeab48603e8

                  SHA1

                  e6fbc0c4a43a97b0b90be80561fb967de229615d

                  SHA256

                  1f7647fe4387a0f4fc0dac20dfddd233bde7c3c482c55746ecd725b57ccd403a

                  SHA512

                  b4561fc71b1e5736a0e38c5481de264f2222c2eb5a60cf74213fd6db137f9686ce7de6f7b2ecf97d1de812036df7abe8249982d30751bf2e8682f2ffffd58283

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\2bc4bd67-d5ed-455b-bdfa-8c13db72537c
                  Filesize

                  26KB

                  MD5

                  8a5f7bc676246fbc75426c19e997ea39

                  SHA1

                  5eb5c1d51a635738ec2a3bbaa3d355c3dfa2bc53

                  SHA256

                  b0ca2b602d20eb4ed97e1850c3638c4c663f5a03a1d7460a87e8cc43dae158a6

                  SHA512

                  b893e7fef7ec22c178cfb065b2854481aaf65ae1905c79134309421a4d5163e409e33f90158cae6f5c0ae3cba8e862fe2c5c873cd5ea57b49f9c5f53b02639b2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\763a2a83-b8cd-47c9-a5d4-bbaac016ea47
                  Filesize

                  671B

                  MD5

                  87e73f85541dce1556592e8dce3453a3

                  SHA1

                  041bab0b46237617d4268bad157fa63bc61e6b0c

                  SHA256

                  d3bae979850f9490588891d17ad24c49c553123600d362c2523d5303fbab54d7

                  SHA512

                  e26ab29f3abfb536e3d30a2a666c403b25898e4398de3d5f8814c795ae082faabed70264726a1d9a9482a328e8ad8f305b063f70b79d9b0d2dcf00847027037b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js
                  Filesize

                  11KB

                  MD5

                  2a63010f836749a19b73c241d28aa497

                  SHA1

                  c71abebc74aa8670dccf076ebce701b86eeb059c

                  SHA256

                  6f9a61c5147029ce87ca802ff2df94b9e81fe0d96a03521638dc16885fbd79dd

                  SHA512

                  ff9eb0a9d2ca17938c0442c58868f816bc2b2f2bfbd564716d25e4c1eb36c508e790b3e4b42309dafa138f643c4530546e9c534838d4d2d55b27fb148c9396bb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  368KB

                  MD5

                  0858c817b1070f1e765c8dee383217fe

                  SHA1

                  9d1359e988aaa08e5d0b1cc87cc0ad096fd5670e

                  SHA256

                  e5157506ce78208b60d78755e8fd5cede3673e4601e54033664dca3965b9f563

                  SHA512

                  fe874a9379bc8f922fcaf877c7410f51bdccba2bef6cdfa1b65d06d35bf5d89c21a4527cb9b26dd65d07779021128c63c699f2b2e424add08b22ef25807dc815

                  Download Submit