Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
14/04/2023, 16:36
General
-
Target
https://ia801602.us.archive.org/26/items/ps2bios-by-ps2-bios.com/ps2_bios%20by%20ps2-bios.com.zip
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 29 IoCs
-
Modifies registry class 50 IoCs
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
-
Suspicious use of FindShellTrayWindow 23 IoCs
-
Suspicious use of SendNotifyMessage 17 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://ia801602.us.archive.org/26/items/ps2bios-by-ps2-bios.com/ps2_bios%20by%20ps2-bios.com.zip1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2948.0.1665405640\265893186" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec30748e-3415-4308-ba86-b10d8e5ed4b6} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 1932 25659919e58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2948.1.1483161961\722038137" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a8d30fa-c24e-4370-a782-571e67c76bce} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 2332 2564b872558 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2948.2.1981618373\431660207" -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 3188 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {242433d6-fa90-41d0-9bfd-3c85040c725f} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 2968 25658891c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2948.3.1357173467\660588325" -childID 2 -isForBrowser -prefsHandle 3344 -prefMapHandle 3572 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f88c6a10-946e-420a-9841-f4dd069b8b65} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 3592 2564b869958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2948.4.1004202506\2077720777" -childID 3 -isForBrowser -prefsHandle 3844 -prefMapHandle 3848 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23699234-61dc-4226-9385-06adaa4c2be7} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 3832 2565bf06158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2948.7.1906821857\1839151450" -childID 6 -isForBrowser -prefsHandle 4984 -prefMapHandle 4576 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91a80b3c-34e6-4be4-b2ed-b3349c657c96} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 5420 2565f26f758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2948.6.1826395243\85221871" -childID 5 -isForBrowser -prefsHandle 5236 -prefMapHandle 5232 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47ee07c2-94b0-4737-9186-e1f2e7bf239a} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 5244 2565f26e558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2948.5.1529291219\152957685" -childID 4 -isForBrowser -prefsHandle 2792 -prefMapHandle 5032 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc8b7e42-70af-4345-96c4-65a2d6ce96c3} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 4892 2564b86a858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2948.8.886127198\754618089" -childID 7 -isForBrowser -prefsHandle 5840 -prefMapHandle 5836 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f9858b9-adfb-458a-a5a3-c93e7ba98f36} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 5848 2566093ec58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2948.9.322110818\663167870" -childID 8 -isForBrowser -prefsHandle 6120 -prefMapHandle 6116 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d98d579d-15d1-413b-8ab7-32f922334f46} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 6128 25660b80858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2948.10.1296971266\765446748" -childID 9 -isForBrowser -prefsHandle 6140 -prefMapHandle 4324 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdf0b370-941e-4c0e-a103-45a1a29a4fcd} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 5080 2565b097258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2948.11.402128530\1827900218" -childID 10 -isForBrowser -prefsHandle 6828 -prefMapHandle 6812 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9eb3647-2305-4c86-b535-f6f1e4dc0202} 2948 "\\.\pipe\gecko-crash-server-pipe.2948" 6796 2565b35d258 tab3⤵
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
144KB
MD5071f1e4e1810f5201395213f92b7fc68
SHA18555c52f637b49e4f85eedeaa4b756edde4b5971
SHA256125a8fea8b251cbcf8bf4fc8f5ba2d5776c1b116fea873fd55fb494bc19987b2
SHA5128fa921fa2c1af66b519456b7f64e1fdc5ee56811b1141f8ac49e05cfeac9d90069644bef8ac15554b475033882b8c0daf4f4fcac21e8e7465ae8dccb65b57d9f
-
Filesize
12KB
MD55dca80b7ab8849f3324b179c0d0ad441
SHA10260f87eb541b0893043144d93b12278025a7815
SHA25688717a120cdfd866f9f80daaaa9ed9cdd7d58bf9868b33f0d1ba09a7e4714be8
SHA512a74611e8a2f9a8c0926c95c85ca38f3153df7f7ab120813908fe58b4635bad11808a4b057b6df640f5f60b10edb231d8afd57cd71f52fa79765a87e6011cf132
-
Filesize
11KB
MD5229e3859eeb189c71960fda1857be742
SHA104f1095fd1fa180b16be16742ec6ad7bd77b4092
SHA2560477c48b16638ca39e794019fb2d6f0e41624780a1be96c3374ca1e0081e796e
SHA5128f1fbca95dff9ff6177e5d75cfb5dfabf7c9a713013efad286a9dcf856bd0118e09f20cb97caa56053c359e2c96446b7b70aa8f905a35782af62213ec7281154
-
Filesize
9KB
MD5822c3fd95429e729c99b2bd1a6c59011
SHA1b4a933c54e032f76737eb7beeaa92c3c36be7fdb
SHA2565508198590dbabaf4c77ab4428da15be3594de2d44078834f32e920264fafd95
SHA51257410dfc3b596d5450a0bc8e7b0cd7b622d9abc8de892aa261f88018c37e7770bb0a90475ef44923b5d4dbe1f0b13a446ba6182ff668ac8855161f93fcd4c048
-
Filesize
9KB
MD590ae3460a56da9762e4d2e0d49ed0362
SHA1f4246ada82bdb86edc355f7ec7db8ee06cbfbf9d
SHA256c94fc1226463f451b47ca6bd630dab999f0db27ce161c66c4129bbdbd2791479
SHA512c4f015972e17328a92df5e3f28341938336a93fee5567c317043577e45178290559a142a068c206dfb5fde048c8e66dd74d595ae50a151cedba1827dd91d4e9a
-
Filesize
3KB
MD53fef9833539ecf7625989a1192319b16
SHA198a69e5e74479847a673c688e44a44a16ae87f12
SHA2564428522c40ebb41bee7c71186c4cbed9c4ef97a435d795ce074895ae055267a2
SHA5121d2a7d78a7af9a46f01f22315e374f6366ddfee46f26ebb15bb22198559b64a9024174f14d2630d150f802ced1e7bfbf3057fa06e6bf575e281bea903a99071a
-
Filesize
7KB
MD5ab0228dfe3ad2e9d7496c7ca061f7a0d
SHA1edadd542f4a4a334f4e387e0b4039916dcb38c75
SHA25601c472687551ed61bde9f5d94e24acd858133a85cd87379fe01bb90566e8aa0d
SHA5123048eb1932ed224337821b32deb7338a889a486a76f0264c1a5b83d37e3748049dc7b5004d0c0fb2a772be4ed0e59a648e63b6e0067a468ee0c5730617c85bf6
-
Filesize
6KB
MD5c73d6c8cb27bcbc06d9572d481f7f6f7
SHA11ce8ba4706a7dde7517f0d767e7d6327ca2b9237
SHA2563ad3118b19dc3a507d205bb216e2e344dbb14bf96357f9222a5651faa3dd151c
SHA5128d65222bf35b47d0cf5a4c17e244809e2965b5b8fad16ee4871264efdce9ec380f0578d5b8eeba786dc69b629ae0313dbc474a9ddc3a374b7d801d1362ba69da
-
Filesize
7KB
MD5eba8ee2f65c89539441adfe3781d86c5
SHA1bb5db19a2793c3f11a0cc487484ab37d5ff83853
SHA256c4a8ae46a43217953bbf38feb08511a531415c6a86cac2b1a428ba6c4bc73028
SHA512a1638cafba4a9d6a3ed684b43d199ae11c8cbf49895b3434833852dfa6579ae5fe9889ebce79bd02d7aeecba63bbaf6629c767b79913b04998d39ba2283f8b19
-
Filesize
6KB
MD55c74d95f86be42f8ff8d623ab7c38786
SHA1a32d1b35ed87f5bc91fdc4a82421660fa0b087cf
SHA256193981c0f99b230c58870d3f663224cd44a06bd99cc49569b52b26aa7425332c
SHA512a829263ea182992697c24767a513ca577aa542a967f19f3464dad75b384c0b3615693b9ba5aa15d27df323b03e6e92877f1ee94e2da832a6ae92e8973488c8f6
-
Filesize
6KB
MD5737a7aaae9acf60913c64870226d80b7
SHA137ef634cdacaa7f6b3c0f8a940e00b5593d7b9f6
SHA256b05168b5829d83682c90a76dbc3f8a799ed3b37b06dd99f6a0582dfd5b3c38cd
SHA5120fa95b7db3dd89847af18df28174c5915533744cdb1db86d43fe64cee231849b137546adb9d9042bedc90ea770accc1cf8e2b51ab8556129cf3e4b5d80d187d3
-
Filesize
6KB
MD5108b97b1ff7efbdb1aecce96d55ff2e5
SHA1bb72b2e0c3d859fe5e821632307a32df331b55e1
SHA256c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e
SHA512e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc
-
Filesize
3KB
MD55f57291e6c5c61174ab15a0d725ee153
SHA162fb41ff59297888c14465e9717c867fad814e43
SHA25629104b7ff94dc201c06530b5578af8caa4e79eb65f9cb45b5963620223ddb26b
SHA512266bfffc37b26c74d7c8d1ec049ba6cbef92020dc5d293b8733af06b8675571a0176664d7b29e24d68d36e46313c99c24f9fd7bbec4912c872e7a530c4bafcdd
-
Filesize
2KB
MD5d773827395c43844f0f176513e195ada
SHA18f1e240514bdd7eff1ce539af3ef2060d2f92fb4
SHA256058603937fec13aac386a7e610fef3553cc6f229379db8ad4a9a366aed131e31
SHA5123d01b1276bf219f59de7dc240202b332aef582134b50c134823e26224c89905a4adaff022fe3979e939c932120fd79763fb048bb7044a75651c5e006451f5dd9
-
Filesize
41KB
MD55540be234e5475bbc6f51ac3ee9436e7
SHA14012dc065be7e708e6ca4c2fb5d22e4b7af470e0
SHA256a3572a41fc816520e874a0c7cea5a1450435bf87a047de18a689d4871b8f84eb
SHA512b1056af568f97aaae4dd6698040921dbe6e66e9d3b97a1412fd57248666008274bf4870faae747818cd80fe6a0c1bb30cef0ea4360af5fa644e512366d6b27ad
-
Filesize
12.8MB
MD500d88b02bc3aada70498ec421092c04b
SHA12d83d33033e31955497e3e962493b9133e7a2c39
SHA256e5b98f79e84d434b44fe4dab6b0e7823772d32744249a8fb9fb2288d0b354b21
SHA512267d2ea6292cd5b0c8485861685547d99114552b6258a8dcc26fd11d64a2ca5d6fbdb11e6a416148b4b1f5ff97118f3cdf1280f46b1677aa54eb1c007e4789d6