Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

StandingOv...IF.gif

windows10-2004-x64

1

Resubmissions

15/04/2023, 06:36

230415-hdbaraeh2x 1

15/04/2023, 01:31

230415-bxezqacf49 8

Analysis

  • max time kernel
    23s
  • max time network
    31s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2023, 06:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    StandingOvationGIF.gif

  • Size

    2.1MB

  • MD5

    1c6943c372187ed186416b895f4eb06c

  • SHA1

    5629882515315c3d05bd85d08845add0d7d43b83

  • SHA256

    a4cfee2fc54c57a3a213ac3932a31382b01e4668adf4c478bc460b6088abf7eb

  • SHA512

    e65d0a97a31de0d8d163af469c013844aaf0cbfd98a301d20f3aa5fc077557746426a4e35220850bbbb6a5e143aa999a62ef6b318bde55afa855a15c1ba86327

  • SSDEEP

    49152:M3p5eqstIUiSsGyiQxOO6cGWEsKTMV5kz36SB0z/cEEl:yjjst9s1iQYzcnEVQKXicd

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\StandingOvationGIF.gif
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:736
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\StandingOvationGIF.gif
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2836
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.0.2136263941\1371517432" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9ad4ca9-b68b-42d0-9442-72da5b43e9ec} 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 1936 154237ec858 gpu
        3⤵
          PID:1168
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.1.1901496937\596311089" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {139cb806-91ba-441c-ac84-3c77c02bdac7} 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 2424 15416870758 socket
          3⤵
          • Checks processor information in registry
          PID:3920
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.2.1402271135\1422385549" -childID 1 -isForBrowser -prefsHandle 3088 -prefMapHandle 3084 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {466f4d7d-9000-4a4e-923d-3e8632c69862} 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 3132 154276df158 tab
          3⤵
            PID:4728
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.3.1759417720\153242560" -childID 2 -isForBrowser -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f6e3185-717a-4aa3-ab43-f330b69d6c48} 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 4100 154289ae158 tab
            3⤵
              PID:3224
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.4.2020562912\1862835483" -childID 3 -isForBrowser -prefsHandle 4852 -prefMapHandle 1608 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59c06995-0555-4413-bcd2-9f09d9165c1a} 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 4832 15429d9db58 tab
              3⤵
                PID:4760
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.6.274612146\1052197741" -childID 5 -isForBrowser -prefsHandle 4832 -prefMapHandle 5124 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a61c638d-2111-4b60-9b3e-ab9f25e5d973} 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 5036 1542a05d058 tab
                3⤵
                  PID:4444
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2836.5.335426883\1269508130" -childID 4 -isForBrowser -prefsHandle 5020 -prefMapHandle 5016 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3914295c-7655-410d-94c0-fe30d0e39374} 2836 "\\.\pipe\gecko-crash-server-pipe.2836" 4936 1542a05d658 tab
                  3⤵
                    PID:3612

              Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp
                Filesize

                138KB

                MD5

                419ed59c3c1520e89902047e6fc9dc6c

                SHA1

                b6e4fac4c20619414d1f364c065403f5b258a5c0

                SHA256

                5cc4c4cf75f4022bd56caee51c585778c72ae8e089ad14dcd1911ffa9b0ad04c

                SHA512

                ad55e038683d5e506926854fac69b71e58dea80d421ad7be1f867b314cf2939b871677052881379bf0ead5ec45320c098295cf05a2d0189d195502b209712ead

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                Filesize

                6KB

                MD5

                05498a9fdac34ce6fcaf9bd8d6a4b356

                SHA1

                4b723972fdcf0858aff91c325bb2770b184e2d8b

                SHA256

                ecf3fa1851e19a7e9087d46ddf9372304fba30f0ee00365fb26942811403f616

                SHA512

                d07da3fa255867d4e8b4d3d9f8d28264c31fdee8da7d04248f3eb7ba3353fed1eef99dae7617ad2c7b605d848e7588ad0ea205ff285e798ff4a6b18740400571

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
                Filesize

                6KB

                MD5

                be6dbe847b67cb752be2ed6012a8e06d

                SHA1

                a991bf7ecb3f6fd36d2af0c9219075d31196cae3

                SHA256

                6422f52f1e97c8c2d8cb09f15c68c0f67dc2da67bd87d3ba03e5eb16a4ce0591

                SHA512

                cffc8b17fdbe36c8cacc7967b5ab4dae8aded6b5d0afc0b7a43268f44d506b2242a4ad7b9de2b7cc160fc7d30abd3d6be0c94b838bc546e81268d7c41d007f8b

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js
                Filesize

                6KB

                MD5

                f73e52d124620d05267ba934f3b312d3

                SHA1

                34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30

                SHA256

                fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7

                SHA512

                4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionCheckpoints.json.tmp
                Filesize

                259B

                MD5

                c8dc58eff0c029d381a67f5dca34a913

                SHA1

                3576807e793473bcbd3cf7d664b83948e3ec8f2d

                SHA256

                4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

                SHA512

                b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore.jsonlz4
                Filesize

                968B

                MD5

                1fb81dfcdaff59eb416bc50aa06c9a20

                SHA1

                89d48e817b83eb385459bfe30298e3b3f4bb1508

                SHA256

                750ae5d032dea153ef34e4f939744c1eb8a04b79055ba62f26d0887c4d9d87d2

                SHA512

                979b298279ace07e55b170c045a3ef968e335e2733446fcebeebdb43693c9de9e969b315445121b27f9bc1385dde2a28413692529a3c05f793eb2bf4d9c15b90

                Download Submit