Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
57s -
max time network
58s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
25/03/2025, 11:21
General
-
Target
https://a247d4e9.coralannmarie49.pages.dev/?cjfp=ndsevehdonn&[email protected]
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 22 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 19 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://a247d4e9.coralannmarie49.pages.dev/?cjfp=ndsevehdonn&[email protected]"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://a247d4e9.coralannmarie49.pages.dev/?cjfp=ndsevehdonn&[email protected]2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2008 -prefsLen 27099 -prefMapHandle 2012 -prefMapSize 270279 -ipcHandle 2096 -initialChannelId {6d214d9e-002e-4b0e-875a-3f01ef4a57ae} -parentPid 3068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3068" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2476 -prefsLen 27135 -prefMapHandle 2480 -prefMapSize 270279 -ipcHandle 2488 -initialChannelId {e4d0f110-6562-4bd0-9134-54f587a0d4aa} -parentPid 3068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3812 -prefsLen 25164 -prefMapHandle 3816 -prefMapSize 270279 -jsInitHandle 3820 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3828 -initialChannelId {abf76e46-dc8b-4b42-976e-1c0e8101b920} -parentPid 3068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4008 -prefsLen 27276 -prefMapHandle 4012 -prefMapSize 270279 -ipcHandle 4052 -initialChannelId {37e194b6-5fd3-400d-94ea-c62f14a67641} -parentPid 3068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3068" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 1552 -prefsLen 34775 -prefMapHandle 1608 -prefMapSize 270279 -jsInitHandle 3288 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3000 -initialChannelId {10789da5-2006-43dd-888e-ba4158f7dd06} -parentPid 3068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5184 -prefsLen 32900 -prefMapHandle 5188 -prefMapSize 270279 -jsInitHandle 5192 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4988 -initialChannelId {358a8d09-463e-46d6-b5d0-fa3cac56db54} -parentPid 3068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 tab3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5364 -prefsLen 35012 -prefMapHandle 5368 -prefMapSize 270279 -ipcHandle 5376 -initialChannelId {618de7c7-2cbe-4d1a-a1ca-a4f324cf600f} -parentPid 3068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5132 -prefsLen 32952 -prefMapHandle 4712 -prefMapSize 270279 -jsInitHandle 4828 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5124 -initialChannelId {73345cdb-a3c1-4a95-a237-ae3045f947f5} -parentPid 3068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5688 -prefsLen 32952 -prefMapHandle 5692 -prefMapSize 270279 -jsInitHandle 5696 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5704 -initialChannelId {3f878fd4-7eb3-4317-9ee0-f7e1ec8ae851} -parentPid 3068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5832 -prefsLen 32952 -prefMapHandle 5732 -prefMapSize 270279 -jsInitHandle 5744 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5852 -initialChannelId {c2564e6a-2c21-47df-922f-23c090277d87} -parentPid 3068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 1 -prefsHandle 6108 -prefsLen 35064 -prefMapHandle 6112 -prefMapSize 270279 -ipcHandle 6116 -initialChannelId {00b7615d-d097-4dbb-bd10-3321fb0c361f} -parentPid 3068 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3068" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 utility3⤵
- Checks processor information in registry
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD5f4ea351bcb0126edc3cd722fbe68c7be
SHA16cb60e9fa76f75c14ab76614789f16b411fc87de
SHA256517ec7fa87f03873a47dbc28a5ca0ba11be16bcb1b37183b5e9b4e6bfc2fc627
SHA5120fde60b0b8e21bde3321287af5d0a3475951e880ac261a492957a0761b9a6f8d09c9aa9ef23e68ce0d4c9ad685aabe49b2683c475836ed69c80f15cced0190cf
-
Filesize
13KB
MD522f56ee89586ff28ffb16b43b6dd0420
SHA16c5c338bdc0c5bd2dbbd5ca76d5e2c24283b5037
SHA25689246a678f507a90db184e73453fdfde08c907464249ec18589576c0d1aa7516
SHA51202a312415b52a26f49c45c2a0e808c319dd1afd16b6d85eef936b7e257338c22603d8ad54555f1f019f38983560bca978be72e82eb937c555b90b30ccb1f5d19
-
Filesize
13KB
MD5fab372390aae457faa37f9c8cb178dd8
SHA1a2fc09e43e774510766afaad8513b308c8627814
SHA256e05aeccb0523f3427924f20523f99947aae8649b449b0ab50d0adcf2d8237623
SHA512a0073f88aa26231d94e957cff8f4154717906cf28dc32d1f746d8daa37b08af8185bad1e3a3ba5976e846be5517a3a9de92da06ac9cdd53d98b17704dc535dba
-
Filesize
11KB
MD525e8156b7f7ca8dad999ee2b93a32b71
SHA1db587e9e9559b433cee57435cb97a83963659430
SHA256ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986
SHA5121211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56
-
Filesize
14.0MB
MD5bcceccab13375513a6e8ab48e7b63496
SHA163d8a68cf562424d3fc3be1297d83f8247e24142
SHA256a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9
SHA512d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484
-
Filesize
502KB
MD5e690f995973164fe425f76589b1be2d9
SHA1e947c4dad203aab37a003194dddc7980c74fa712
SHA25687862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171
SHA51277991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2
-
Filesize
7KB
MD540618fa208ca28ee112e9bc61b39295f
SHA11c0a3eb4fd15d45f41446e1648add51bc6f0c562
SHA256a041b448e31a782f72e011bf35236bc0334401e38e9b877dbedfea075acbfc8b
SHA5121bb151ba1f184c5f88de425c6eab9e01c602baf7b71f29424b0926103a051a594f24b60f5a5da38025b6e94a5b57db2631c5af6f8a7e0310e25552d74d03ec59
-
Filesize
6KB
MD57d5cb69eed926d6e40434e1bb5e50db0
SHA15a2c1d73d61db28d9d299ae51c61ad8b0285d162
SHA25645aeba9046468c7fdb077d86435897642489de5ba900819fbd1b554d3e2a2ef1
SHA5127b6c06f82ee439a90c44edcc9a42808559846745da1f50187153f684a37abec42fdf6adb017ac00c76f2a44d0bea0c14951d8fc9a025b4c55da0fce5aab52a4e
-
Filesize
7KB
MD5ce02c2cd7052b32b2b103d1826d1a31f
SHA178bad54bd17e0affdae1762eb13d1d6501ab59a9
SHA2564f382afb1a3909087ce4dbe5b10014e67f7edf50a695bbc0858defd91bbf287a
SHA5125f7ee083d859900a21a00f77709dd97c823e4197f610c271395b2f90082404d9868e540125c9dab22742d98dadb548fde9c0332df4f3a1eb2b84c1fcb4380794
-
Filesize
1KB
MD5a13428b756b97cc783b23445b7ee57d4
SHA1e2e8343f73e4677b3b04b75d3586ef787cfe9087
SHA25603de08ac29913deab7edc67e1c093006a8efb582004ebbab760c251647669e6c
SHA5127b7abc5a9655c7fd14f40d4e48b3074695dcc608be0e71d2e917ba1586912ddbea05eb700f2067a70d581af6c44a3d0235bf2f49c316a522300d9185e73ba4af
-
Filesize
883B
MD57249fb1d2e5d6bafea94a328d2492d6e
SHA15ca5beb41102cfe9e8abd19cd7f55bf08231a581
SHA25697a1a23f1651395f911d47fe26e748ab4e271d1db3cd4541ed672011d55c2673
SHA512168f2202411f8599e9e505e5d283709c727dfe0fa848468aa55b2fa724b6ca73eb8171dc8f2b8b981c93f9092c78b2ab4080d611c0ea105a205a02a2dfb7d8fd
-
Filesize
931B
MD50d3e6a6bbf91d4a34a144aa462df15fd
SHA1db9478d718b69429b4ac209e298301ad3437910a
SHA2567a07aee25e01c39e2756a17f7613113ac8a79a09f1d5ebec811ac866b51a731b
SHA5127456964c04a05a9083fd51211396a0a644e2d5fe32496c0fe2dd0de93839920916ee0dd4c8758fcd60a1ca4cb2660a0abce1deee38d8ea697e5655e87b56b027
-
Filesize
16KB
MD5365d0a2eb0a1aaa19e15730c0a65a833
SHA13100530298c72c2bf1657b23b4af5779cafc5764
SHA2567b96ae35ebf9054019b5bebc384c0c16d47c8a31b2468ecdd370e0d8925b8937
SHA51290c95c00da03a30ee993ec19349d1462188cae96f4bc9a793fa66182727c064398a1403f0fe19e9cfc715eade0b8a3602b651b53a7b6d69cbae065a81f7da748
-
Filesize
235B
MD5fd89d70466626fc27656d92f9fcaaca9
SHA1e6f4d2400e86b8d9ebce0b9c8d3f316e9b8d83d1
SHA2569c2bf66ec6bba9694143325130c1353c1e078f8d1c8e1e10bfa70706829eacd6
SHA512ea006cfa050b0fab92a45e27225a1d265d858474715f9a61e250960e152f99a7909dadb54df87af27db76b37b1aba3180c22d134822a9f5b8e4aca1ea7a1f007
-
Filesize
2KB
MD54943a75a38c19e948913264c36df1199
SHA1cf4a38314a145587eb4ab3ca63a18f29196e31b1
SHA256cbecc6b221892a574d615ba3fd12ef06fd38d6b01be21f270dd24cfce928fc84
SHA512c8c4f18061d696f6f012a030cdc40d23e343deb936eb9f1f6a27a0fd0d3c6d9f41b7055f279aa2d7ba3a1797c60abb5b6b1a37d785cb7c716d7e26078ba8c479
-
Filesize
280B
MD544b6e3b493a6dad2f4a1d1fedd8da5c4
SHA1bdd703e5b4cf417da18dd8f28a6fb24552f6dfff
SHA256edb537b7a63bfe7ee6a633119d7487fcd75ef3d5bb2d1820d4000780ce14f99b
SHA51281053fc9d2f4b87740496ab6d5379e60499c74a60608d691d8ff5bf0bd50cda7c548373e21e714708a0ef18055e93c50af212215b2a83de9deba6bd52f6b233c
-
Filesize
16KB
MD560e48eeb4032afe0cc80f966f8fb4cd0
SHA13e196b4b42ee7ff05ddd84dc8c40b586bf56176b
SHA256557818e928a7de888a316183cb99b64a6754381dbaa5dec562db05699f401b08
SHA51229a7b6c7c5319c826453f6c3b916ea9cf50a7f3c2a655f92acffd93b0e4399ec3768387f1f199af83154d80ada754a32c011ea82c0b54ac4b43e509fbaf7c530
-
Filesize
1.1MB
MD5626073e8dcf656ac4130e3283c51cbba
SHA17e3197e5792e34a67bfef9727ce1dd7dc151284c
SHA25637c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651
SHA512eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339
-
Filesize
116B
MD5ae29912407dfadf0d683982d4fb57293
SHA10542053f5a6ce07dc206f69230109be4a5e25775
SHA256fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6
SHA5126f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d
-
Filesize
1001B
MD532aeacedce82bafbcba8d1ade9e88d5a
SHA1a9b4858d2ae0b6595705634fd024f7e076426a24
SHA2564ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce
SHA51267dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b
-
Filesize
18.5MB
MD51b32d1ec35a7ead1671efc0782b7edf0
SHA18e3274b9f2938ff2252ed74779dd6322c601a0c8
SHA2563ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648
SHA512ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499
-
Filesize
6KB
MD5b6ac28edddfff7deec43c898fd8960e6
SHA10d25d986809df9eecfc73cb4d066e46056357eff
SHA256fffb9677aeb623fe7f8b1e6e176845dc273a80ca7557d6876a798425972f72a3
SHA512eb61b3f0add6a68893d60dc877ff8bc07da35d1a959a5850d1dd47febf1b045d819d4124d05d2dc71910221dd009cf19320d68a45c5f96c66c33a245aca64a3b
-
Filesize
7KB
MD5eb796761b761bdd385a860079fd0e622
SHA1fcde7925a356ec6efbee84ad6eeccc5e0a349076
SHA2568011c8da253666d09e90f72b6d21d290df937abaf2222a413df85e39b5e16a38
SHA51244c0051ca0545e3fe5214193030a8194bdb8fca273ec25deb22284d506fdb8989cbad94228d02cef32adc115a59fe2c76b59c4385c1e8d1fd455bce554d806a8
-
Filesize
7KB
MD503fe5788e138183aa2521eeeca94cae1
SHA1f3614c1ebb5eec2de3011629bca0f6dc51b8d9d9
SHA256e2d302cc2986865085b15b6cf6434a9d24feeb55548492c97da350c49f8a3bb3
SHA512e9f5edaa64af0cad9bdd903a21a27189af8e052f0c0904c3d296f8b3b18037948556bf81b2bdbd028f5fd04bc5048c4cafbd362b108e6713a86a3151f80941ae
-
Filesize
6KB
MD59c096e6e63ad14057296e58aa015bfb4
SHA10d0e2abd4ac1240e4b49d465bd67131f1efa25d1
SHA256e2a1816e88b3845f58464d843952475683c158aa0b023172c83a519cb08132dd
SHA512cf315a47868c752b0ad746be88ea85b7b634462ffa3bfa2e41fff3200990c6a8c424645538efacca58fb6a53e0e0d3bad996fa7ee1dec131e49c7e689a80fe8a
-
Filesize
1KB
MD5981dc33a229ea34945b57bf0d63a22d7
SHA1d8a8489ef37a8eccf09d188a8f12be7612b4e5f3
SHA2562cb19f631efd283772865d8b7a92a6db354b9bb4e389013204580a7a4ce30963
SHA5120a8bc4b721b63e3d1c11c46ebb6d4c9d7fa5d1f28a9fe1309989927130a8edb48f9838b696ed4b6154e056252867bdf4e861a7b1bafaf9cee87fe03f087760d2
-
Filesize
5KB
MD5af4bc7cfd350548ff11653833ab7bc6d
SHA17e96daff48bde3c9052f04341ec67948f674c78d
SHA256d94b2afc9c74e8c7f34626485ce688dfdb8d2df3557fae70b3c79226d8649749
SHA512cffd2e46a51619e4d85a971c6e60f60b5133b152727be8922175fdd2ebc1bd814e83e66b4a9ac88fc7385afeab0a814166cd0582c074e87d84337d90edd27f2d
-
Filesize
3.5MB
MD514e40e6278f643a5aea2ddb8a3b2b015
SHA1145b21810732e64dd98d9969311081a1c2dec7d6
SHA256e6bc30918108b0f4dac70a2cfe76fdb0ce45db1e21a5815aaf81f8b4427c7cfb
SHA51204807a1dadb717313805707c0b1af5a5f95e30591e90307abb2c2dd7c6bbb3f58ef0d228b0839bccdbc278d76bcb13283c4496cecc1704162c879f349646ab70