Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

firefox/br...org.js

windows10-1703-x64

8

firefox/crashreporter

windows10-1703-x64

1

firefox/de...efs.js

windows10-1703-x64

1

firefox/firefox

windows10-1703-x64

1

firefox/firefox-bin

windows10-1703-x64

1

firefox/gm...key.so

windows10-1703-x64

3

firefox/li...iv3.so

windows10-1703-x64

3

firefox/li...rts.so

windows10-1703-x64

3

firefox/li...ibs.so

windows10-1703-x64

3

firefox/li...dec.so

windows10-1703-x64

3

firefox/li...til.so

windows10-1703-x64

3

firefox/libmozgtk.so

windows10-1703-x64

3

firefox/li...box.so

windows10-1703-x64

3

firefox/li...te3.so

windows10-1703-x64

3

firefox/li...and.so

windows10-1703-x64

3

firefox/libnspr4.so

windows10-1703-x64

3

firefox/libnss3.so

windows10-1703-x64

3

firefox/libnssckbi.so

windows10-1703-x64

3

firefox/li...il3.so

windows10-1703-x64

3

firefox/libplc4.so

windows10-1703-x64

3

firefox/libplds4.so

windows10-1703-x64

3

firefox/libsmime3.so

windows10-1703-x64

3

firefox/li...kn3.so

windows10-1703-x64

3

firefox/libssl3.so

windows10-1703-x64

3

firefox/libxul.so

windows10-1703-x64

3

firefox/mi...alyzer

windows10-1703-x64

1

firefox/pingsender

windows10-1703-x64

1

firefox/pl...tainer

windows10-1703-x64

1

firefox/updater

windows10-1703-x64

1

Analysis

  • max time kernel
    389s
  • max time network
    1818s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17/04/2023, 23:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    firefox/libsmime3.so

  • Size

    159KB

  • MD5

    6a3f8e781058b8674ec23c0f181d74e4

  • SHA1

    b23d3e198c939b3981e91a5c6927d67b7acee758

  • SHA256

    b75e823e834f8ac279cb6f9387c1e29eac084a8f019d3bcb0b27f8ff9b03d2ae

  • SHA512

    b229a1f3de41fe0db915b34a60079361cbaea02910f165f35930b277fe9f7578e556f2cee8afe5a7331e44341b135c7e7459c865e264eeaf67fd28cdabc0f10f

  • SSDEEP

    1536:eNg2yy5Ch5MGSNwKPYkenRxg1CuLpY2YMWtUfSrNB67xoRiuDZ+3rjpSi:qg2yy5CjtwCZnRxwVaL67SEBSi

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\firefox\libsmime3.so
    1⤵
    • Modifies registry class
    PID:2212
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4156

Network

  • flag-us
    DNS
    63.13.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    63.13.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    226.162.46.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.162.46.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    254.136.241.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    254.136.241.8.in-addr.arpa
    IN PTR
    Response
  • 13.89.178.27:443
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 8.8.8.8:53
    63.13.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    63.13.109.52.in-addr.arpa

  • 8.8.8.8:53
    226.162.46.104.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    226.162.46.104.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    254.136.241.8.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    254.136.241.8.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.