Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
-
submitted
19/04/2023, 15:58
General
-
Target
https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=781025a2-a0c3-4243-9219-97c9e7c3868d&source=versionChange&history=true
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=781025a2-a0c3-4243-9219-97c9e7c3868d&source=versionChange&history=true1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoryViewerPage.aspx?aid=781025a2-a0c3-4243-9219-97c9e7c3868d&source=versionChange&history=true2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.0.1001725833\2101264337" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {919ff03f-3db1-499f-8282-ea443f4c87b6} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 1916 1f73df19258 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.1.1733916483\1783115361" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a230da5-9fb6-4447-b4fd-06a4b3c466f0} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 2424 1f72fe7e558 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.2.1246116765\1799238776" -childID 1 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5316799-73f0-4027-95a3-8b666ae1a2a1} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 3216 1f740d0b858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.3.1582826810\103873916" -childID 2 -isForBrowser -prefsHandle 4032 -prefMapHandle 4028 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c1c9ffe-560d-4347-95d3-00ceade3cbbb} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 4044 1f72fe6e858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.6.1000495530\568793886" -childID 5 -isForBrowser -prefsHandle 4848 -prefMapHandle 4856 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1f3301e-a1ad-41a5-9a8b-1992888255be} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 4972 1f74360e758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.5.1266262095\2088864386" -childID 4 -isForBrowser -prefsHandle 4936 -prefMapHandle 4932 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52f85ecd-4d28-4c11-ac6b-e45cecf8a0c0} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 4948 1f74360d858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.4.1515061436\1982058939" -childID 3 -isForBrowser -prefsHandle 4740 -prefMapHandle 4736 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aad457cb-558c-420d-be63-82c7cf2640de} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 4600 1f7432f9558 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
162KB
MD5fa2a7cd56a99dbc790233ee652d65894
SHA18102972015274bf4205b3ea331483151934532f8
SHA2569194a502a4ae5242e7cd4f3422ae9e5c89b5a35ffd0e893365a70220f3f56a8e
SHA51206d4e77e9b5d306896f62804f9c2ca74b08dfc0244596c54328a689fd1f2834f9a0fc2e05b4629e8a96e5e9fe497f4d6f224695bb54d1358c8cd9435f39658c3
-
Filesize
6KB
MD57976cdb15ff400f57f1d1bc37a9b73f2
SHA121d2e1d1c58775d75f82ad80c7b484a6b66d0106
SHA256258e7b1529c9469b2f5acc5ca886e25baf149f8a3d1dd1ce83db1a55cc62f33e
SHA5124752090203035db52f570384acdb1518d7170764c162cb82d6f423001c4c2333e64e171ddaecea15f2c42b45ca01e7cfd7893d912d3d32e8319977b330389cfb
-
Filesize
6KB
MD5fb53b2edf92d353be14cf85e24b92ed7
SHA136fbd6270cea09d1e3d74b0ca03c414ba61495a0
SHA256f30508cfe3615ece681bd73c0dbe671450d0479ebafef719f2cdfa1a6909fd5c
SHA5121daa1ac0eabff40d7408f531bc8c7b3a19bb42c80477e2952052e721b4167b66f2a9aae0201ea89fcc52bc776afca8a2577530d9315e23d1d1915353eab365cc
-
Filesize
7KB
MD5fbce59fe457e2e40ce3c7f695b0c6feb
SHA1c4919574a8e3ee991d53e0787b6601bdb6e3f26f
SHA25642ba15831d2bdad3d512f3defbdfd9369802a9e66746a6917364eb2ea298e310
SHA5125de274d4c17399154d36568febeb94bb48305ec6ac47fbeb1118a0ba6c9efe24938f0aa952db72b6fba835841a5a1a08229e59c74ab2f4f0757c802d233cbe4c
-
Filesize
7KB
MD5912ab106bad8e873d2a6cfb0b50f6c84
SHA1df80f5a7168a43c2446a7f2951389e1185f47a40
SHA2568b21ba93962b1d495fb9573b3f15d37d93f4bc27324f4cf3846dd3fa75a3bebb
SHA5128b9380b9a318a411fa67866432d28f5d1dae5a4795b1d12a316227dd4cb0686810e7c5a9ee979e5cfc4551cde55ee26300339646ddebbc5dc3a04d84f8c27eb4
-
Filesize
6KB
MD5fcd5f37e5e4066f7cffe8eb106b6ce19
SHA1b0a1c4d3d5c96271429fb09cb71055d177c13402
SHA25638dbdb91f24f8e138803d71d0f7e4758fbb78e7f657208325fe30a501e225c67
SHA512afdf7697bc784c3c85f30a8a1e4caa32459cf7f19c1ffacde04f62f089218ff1899ffe69fc465677d719546c8f91bea0d04807b13d58096f79aeba8eef0a0a15
-
Filesize
1KB
MD50fc047423876495662860cae1f437c61
SHA180873c1d97c7426294295a7d3377215ce4c7722d
SHA256f8a5f75ffb59df1fda89ca217c7a44d3b6f0921de3d4eb275544c7f508193695
SHA512a271f276238056eb832871ffd93b57775c43ca68b3a989065d2d54cc667ce8eac6c8412a73ba67379b7076e700ca9be55ec56353fc0e209cb617e4195999eebe
-
Filesize
1KB
MD526f1dbe29ad5cb540c231b86dbd37193
SHA1488884fdb8b777f626b8f2c38d0befe26fe7d9fc
SHA256a2729d32539434d5d6f96c117cb9b41666915a02b46dc18817d990012e584450
SHA512d950e861f032414799838012183fe76d624ce9f8d0f6f03e2756f9d5dcf2bd876b62e16004b049c92edd69edcd0aef9c498ffd9052b1abeb2656aba28531ef65