Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

R (1).jpg

windows10-1703-x64

3

R (1).jpg

macos-10.15-amd64

1

R (1).jpg

debian-9-armhf

R (1).jpg

ubuntu-18.04-amd64

Analysis

  • max time kernel
    810s
  • max time network
    636s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22/04/2023, 00:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    R (1).jpg

  • Size

    45KB

  • MD5

    39b82bb4683774a7c6dcb4064143358f

  • SHA1

    75038fc9ee8516a75159804cec3481a293ca73dc

  • SHA256

    f06a155a03de5f1f0b535fbb4c762b164ce27f51abb53539d52fb3734546393a

  • SHA512

    383df651808941a2c524ff27dceb8abcaf3b3ce3c455c3b5b6415dba2dffbfe76bfef84d43370adb0c3d3b296b388ee240e41b1b7c18d6d9d0c447f13b526dfb

  • SSDEEP

    768:M49u78rDR35fJZWgt8q6Vem1viLNC5CCEzVChv+/MwbEXepZydDW6P:M442dpDP8q6Vem13tEzMx+Ew9pZydiO

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\R (1).jpg"
    1⤵
      PID:4128
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4612
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3080
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.0.671070368\279493665" -parentBuildID 20221007134813 -prefsHandle 1656 -prefMapHandle 1648 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f715289-5313-465b-8924-4a898b387365} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 1732 1fbe3017458 gpu
          3⤵
            PID:4256
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.1.1988100345\560076856" -parentBuildID 20221007134813 -prefsHandle 2060 -prefMapHandle 2056 -prefsLen 20969 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f7807d7-39e1-44e8-9ed3-d396cd3af5fa} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 2088 1fbe1c10958 socket
            3⤵
              PID:4296
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.2.1105200742\845944560" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 2956 -prefsLen 21052 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67ea1536-6220-4875-b50f-91ed87451a35} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 2972 1fbe5d05a58 tab
              3⤵
                PID:4400
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.3.1779068463\1419191199" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb993b04-1efc-41ba-ab5d-71814ce9be3b} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 3504 1fbd6860d58 tab
                3⤵
                  PID:4440
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.4.1032376646\519150892" -childID 3 -isForBrowser -prefsHandle 3844 -prefMapHandle 3840 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b063c65-40c4-4e30-9489-0cdd640e3133} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 3620 1fbe70ee158 tab
                  3⤵
                    PID:5088
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.5.1154518049\1787998345" -childID 4 -isForBrowser -prefsHandle 4748 -prefMapHandle 4744 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4d0d00a-b58f-4481-b2b7-af4ee0f338cb} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 4760 1fbe8039b58 tab
                    3⤵
                      PID:2584
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.7.660997539\466413392" -childID 6 -isForBrowser -prefsHandle 5040 -prefMapHandle 5044 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7563d5d8-f33b-4744-90f3-ce24e4f1ffea} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 5032 1fbe8617e58 tab
                      3⤵
                        PID:2892
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.6.1895713596\758161049" -childID 5 -isForBrowser -prefsHandle 4852 -prefMapHandle 4856 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d701131-a12e-4e76-a569-60ee44a5f9d0} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 4844 1fbe8619058 tab
                        3⤵
                          PID:2480
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.8.1085656583\1905034803" -childID 7 -isForBrowser -prefsHandle 3192 -prefMapHandle 5404 -prefsLen 26702 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da99aa2a-9566-40b2-9981-20dce99c2b32} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 2908 1fbe51c6f58 tab
                          3⤵
                            PID:4544
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.9.535324074\195902864" -childID 8 -isForBrowser -prefsHandle 5376 -prefMapHandle 4888 -prefsLen 27616 -prefMapSize 232675 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7807cc8e-9735-4ed0-9806-8a6cae4cd8e0} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 4872 1fbe4f90358 tab
                            3⤵
                              PID:772

                        Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\evlzgz75.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          148KB

                          MD5

                          75007c399e6f9a032c8b84042d0473d4

                          SHA1

                          5d209a105b33b89e0bdb6191c30a46d29c3b79be

                          SHA256

                          42610c3122c3175349ff3d9ae1015cd769db063b807162e35ebcc39f7848c9c9

                          SHA512

                          e3535a6bbfbca23d2ee4a60e8b2279d95ee3fd8d53648efd8c1953d08f4fb89c3bb3662193aae7221cce9669bf8af80af564fae4b1d4ea49c76c8e84e1bc80a8

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\evlzgz75.default-release\cache2\doomed\674
                          Filesize

                          9KB

                          MD5

                          f3c7c2e6a09992a0295230e51a0ac014

                          SHA1

                          99cc7e99c3ab31d76079aa4676dec06b65f8df36

                          SHA256

                          56fed04a48c87b2e6f2c0133cd3106dcb50d5abddf754e42b59a824e8517f2f8

                          SHA512

                          238885e9d75e87f2022c563bd0113243181dd108c080b3a4a95058f4719ad30fe031ba2916341f7bc34eddcd3b05d27e48a05ee50b470e61030142fc0b137a5c

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                          Filesize

                          442KB

                          MD5

                          85430baed3398695717b0263807cf97c

                          SHA1

                          fffbee923cea216f50fce5d54219a188a5100f41

                          SHA256

                          a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                          SHA512

                          06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                          Filesize

                          7KB

                          MD5

                          f484b6bbeb873d0200919e4fdcc8d2b9

                          SHA1

                          06b1a1b380fa729c0bdd693f1818e5d7c36b4158

                          SHA256

                          f164a22520b4f14972958bcd087323753a32f984e4e4403f8ee0a5e5ca68e208

                          SHA512

                          9a9a39e43b21c6cd802d6f5f72f0531a9a5ee4de4a2ae2bd8aabc191a5fe124e1f370a0a21e57d2bb5427b5ecb28f1c2a040dd228752decf010fb22cd7a898aa

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\bookmarkbackups\bookmarks-2023-04-22_11_yyzQT6zYKGzzlFbJAldNzg==.jsonlz4
                          Filesize

                          944B

                          MD5

                          6e888dd6fcaf9594a8c4264b6803875b

                          SHA1

                          b2437376c810d15fd5bab09673a2d2ede1c088bd

                          SHA256

                          26e32f944b43b35bb48ccab93e4b9e63d490da27e0f8c26afe10a193a21b03e1

                          SHA512

                          cc88f691a29b9a30abaed808025cfbccaa251a2d71b32fccac292930142f0b8450cfd2e4a14a6e65fd7d3f4dee562bcde642648e0affe0763b08d34c1f699a84

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\broadcast-listeners.json
                          Filesize

                          204B

                          MD5

                          72c95709e1a3b27919e13d28bbe8e8a2

                          SHA1

                          00892decbee63d627057730bfc0c6a4f13099ee4

                          SHA256

                          9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                          SHA512

                          613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\cert9.db
                          Filesize

                          224KB

                          MD5

                          1c70d2de1790c497298e5a9ddc702122

                          SHA1

                          8334cd97d236085c9824a8e507f804d3a44b5218

                          SHA256

                          c3badb32fca4ffa40794bc5814901993bb023fcfa36a02166a291fa8e58e9fd9

                          SHA512

                          5e7a8179d97dc9eaa93378ffd7cbacba5e7da35af022b4c087b93c70092eb13dc5d7d065330e398bf6c7f1de478df9980cc0a1925d006dcf7665b85633ee1cca

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll
                          Filesize

                          997KB

                          MD5

                          fe3355639648c417e8307c6d051e3e37

                          SHA1

                          f54602d4b4778da21bc97c7238fc66aa68c8ee34

                          SHA256

                          1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                          SHA512

                          8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info
                          Filesize

                          116B

                          MD5

                          3d33cdc0b3d281e67dd52e14435dd04f

                          SHA1

                          4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                          SHA256

                          f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                          SHA512

                          a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          f843fc3b858888d342076c7199266348

                          SHA1

                          97dea7b7d8486f03cc085ef488fda80fe53515a0

                          SHA256

                          19b6e95d7e0e109333b648d994d42f1f8552467f8f43a4570f84dc5c5e2189a4

                          SHA512

                          9b25cfb2a279bda5827e7d4c3446c75cb5057e7a886e23b7f3eb44d3a2fbb04d19249ff423c821cc41ea7a6d8585fafb0b4f9ae8d54274883250c4a4a1c7c1f7

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          b4b0b369d291f153285df3319444186d

                          SHA1

                          b5cd97e8da7a2657ccdbdafe5b7a66afea452220

                          SHA256

                          a128289ac42174ca069b84624045f4e5b82c390f3a132c02952132f5ff7e8a8c

                          SHA512

                          67ddf2f87f4991182d89baf66e3c353df748a53394b751395d80eb55bf4b259287ede3588454b3322211a4eb10aaf1e744546277ef6dccdd34fa2a2500113f8a

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          0c0928e321f3bb235804e91eb4360955

                          SHA1

                          610e97e29983674e7975d682c520f3454e7c67b8

                          SHA256

                          5f2ad49a4d3770832e59d2dc26cdbb07889b9a90ec0973b2032fddb9083350d4

                          SHA512

                          f169766508607f35373f9a388e02cf040567599d386552f68d9484f0a039564b7910275d30d341ac357cff81c81be0f7529f806fd2a22a3f408c5775ca67f92f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                          Filesize

                          184KB

                          MD5

                          402363c50327eea93c1e0c93f8fff430

                          SHA1

                          2025cfefdc1aefe4ceda405115831d87a10c0fb0

                          SHA256

                          f2f456dbc896b6350a53319e03e0dfe8dbba80538f02248b3ded3b8c6c0a484b

                          SHA512

                          fdc86d9df987fbbe3c782f3db3ffce4418de7b0fd787197f0f5167356371199191b38c313ff984df186bd5a1fbb3565dcfe1664c1fcf51cd317db7e4df68f42a

                          Download Submit