Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

dont run.exe

windows10-1703-x64

1

Resubmissions

22/04/2023, 00:12

230422-ahh76aba63 4

22/04/2023, 00:06

230422-ad5klaba37 1

22/04/2023, 00:00

230422-aafgasch3w 1

Analysis

  • max time kernel
    270s
  • max time network
    268s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22/04/2023, 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dont run.exe

  • Size

    14.3MB

  • MD5

    6fd1a07f5f710341d9e1d4e18b68cdaf

  • SHA1

    43c0d8cac5e2b83af79aadea42d7202fa78ddd9b

  • SHA256

    0ecb876346cbf85ff36f4983bed844f1939c395e6453b6cfed28faa3e796d345

  • SHA512

    d1b8fc83eb09fd14df78bf3463659f3b29e956acaa70eb54c2ac6d5698467e411e51af0c79cc793193b3d40cec9893b9163fe10de1e5bfa4a42b603a5c5f5006

  • SSDEEP

    393216:lvPJzIS+3WFGw+cBZWOpq9bwJsv6tWKFdu9Ceuqa:lHJL+3WF/+c4uqa

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\dont run.exe
    "C:\Users\Admin\AppData\Local\Temp\dont run.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:4012
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x398
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1832
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4548
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4916
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.0.276655008\785481873" -parentBuildID 20221007134813 -prefsHandle 1672 -prefMapHandle 1664 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da6b74d2-2f2c-44a1-8e75-20e5466ad8fc} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 1748 1dbf5716b58 gpu
        3⤵
          PID:4232
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.1.413341059\1256986756" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6138c3f1-9058-4071-b48f-d51ea5c25e15} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 2104 1dbf450e558 socket
          3⤵
            PID:3536
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.2.1900713326\1663719003" -childID 1 -isForBrowser -prefsHandle 2784 -prefMapHandle 2880 -prefsLen 21117 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65d8d94a-0604-4c6b-94cd-a724b9f9fbe6} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 2828 1dbf846c258 tab
            3⤵
              PID:3908
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.3.1189159676\1851331710" -childID 2 -isForBrowser -prefsHandle 3504 -prefMapHandle 3608 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cbc2bdf-875b-4821-b292-01b0d3eabf8e} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 3616 1dbf4510f58 tab
              3⤵
                PID:5056
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.4.1579296724\149676343" -childID 3 -isForBrowser -prefsHandle 3820 -prefMapHandle 3816 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b71f6e7e-2bde-4ee1-8683-ec6f1e51c374} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 3832 1dbe8e62b58 tab
                3⤵
                  PID:4968
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.6.269420002\1511125694" -childID 5 -isForBrowser -prefsHandle 4928 -prefMapHandle 4932 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a14d1a7-e321-4393-8cf3-14f2e60c84ea} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 4920 1dbfa7f2e58 tab
                  3⤵
                    PID:96
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.5.839031275\39409660" -childID 4 -isForBrowser -prefsHandle 4784 -prefMapHandle 4780 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa0142e7-9652-40e1-8142-f1b02eb93d3d} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 4792 1dbfa7f1058 tab
                    3⤵
                      PID:3568
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.7.363571566\468067974" -childID 6 -isForBrowser -prefsHandle 4712 -prefMapHandle 4700 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f980974-887b-4531-88c6-440063b2350b} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 5160 1dbfac9ab58 tab
                      3⤵
                        PID:208
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.8.1135401888\1381272718" -childID 7 -isForBrowser -prefsHandle 2768 -prefMapHandle 2740 -prefsLen 26781 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2fc88ea-eedc-46ca-923d-6b0f84143b9a} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 5140 1dbe8e66858 tab
                        3⤵
                          PID:4556
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.9.1635937958\1050127021" -parentBuildID 20221007134813 -prefsHandle 5800 -prefMapHandle 5796 -prefsLen 27308 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50f4ac9b-b6b4-4814-a568-e2be15d587bd} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 5808 1dbfa8b8658 rdd
                          3⤵
                            PID:2584
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4916.10.849139521\1019800938" -childID 8 -isForBrowser -prefsHandle 6260 -prefMapHandle 6256 -prefsLen 27597 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {422a6429-f121-4559-ab09-ca6f8a90e38d} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" 6272 1dbfcb56858 tab
                            3⤵
                              PID:3396

                        Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\evlzgz75.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          147KB

                          MD5

                          fa1a611d227d488ca10ac261e46ad6f6

                          SHA1

                          4efa6877d02f89a2b96f7f9bfec3d33ea073109f

                          SHA256

                          9fe1d4657e463fac95a1d6ef777c93310765a4e07cabcb7da655523891765c3f

                          SHA512

                          4759956490ef65ce6b708f1f83aba3697dbe3b7003848958b4c29c1d9e5b08f864d2b674c8b14449065b5c72c95e1e0268ebae46a2b1cdde8231ea1958ef2810

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\evlzgz75.default-release\cache2\doomed\5369
                          Filesize

                          27KB

                          MD5

                          2167d8af0dd497bd06dc28ce509ac056

                          SHA1

                          671d791a1d9f24e3bfaa89f03ede0537bb7f2899

                          SHA256

                          8fe64d8c04fb47a629fd2455e1b6633871df1718726bde02bafcc2f4422eeda7

                          SHA512

                          e3f58a118d4750a3fddf3bd394379e4024a75a007f64e676e941b3871a68c2f7a581a9f24ca3ab4672a6820aa0bceb50225b083953fb61dc843304b4c4355361

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          f843fc3b858888d342076c7199266348

                          SHA1

                          97dea7b7d8486f03cc085ef488fda80fe53515a0

                          SHA256

                          19b6e95d7e0e109333b648d994d42f1f8552467f8f43a4570f84dc5c5e2189a4

                          SHA512

                          9b25cfb2a279bda5827e7d4c3446c75cb5057e7a886e23b7f3eb44d3a2fbb04d19249ff423c821cc41ea7a6d8585fafb0b4f9ae8d54274883250c4a4a1c7c1f7

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          e49d9cb2d0634a593d7b4bf447a9e555

                          SHA1

                          f064bfcdbace5e7e1e3ac0f0017008babadbd2f6

                          SHA256

                          6be047f63be330b6b54450373bbc915298a9623c1ac43c021e75c4ab6024c9e9

                          SHA512

                          93c903e0bc565701e9e91bc59fc65bd5f6bf6479d89c3b0ce533f3c18b438e33a4f2c51e0312a04fa0e5d00a2a43e74b44bdd7c1cea998c57f961c25ad310dd2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          27cc5b8f219e21e9128575f5f01da500

                          SHA1

                          d4c4a564a828ec982e3e5751b54092196f2e6a6b

                          SHA256

                          6b8caeaf37d098ed6f7dbcefe9d32c1bdd4db791700cc5c483deec2a621290c2

                          SHA512

                          5030827140d75043b340b2af0f6fad739b7b86cd4074da0a8320ba51457eeba99e998562da8a95ff2213a6046411ad02d8ce2f686a8ac6a11cae35c6e830a607

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                          Filesize

                          184KB

                          MD5

                          402363c50327eea93c1e0c93f8fff430

                          SHA1

                          2025cfefdc1aefe4ceda405115831d87a10c0fb0

                          SHA256

                          f2f456dbc896b6350a53319e03e0dfe8dbba80538f02248b3ded3b8c6c0a484b

                          SHA512

                          fdc86d9df987fbbe3c782f3db3ffce4418de7b0fd787197f0f5167356371199191b38c313ff984df186bd5a1fbb3565dcfe1664c1fcf51cd317db7e4df68f42a

                          Download Submit