Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
98s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
22/04/2023, 17:29
General
-
Target
https://app.deepnude.cc/upload
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 13 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://app.deepnude.cc/upload1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3924 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4768.0.1785459599\600922273" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0f13132-e22a-49c4-83fb-5d1247cbb800} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" 1916 2847d782358 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4768.1.586196260\958988748" -parentBuildID 20221007134813 -prefsHandle 2296 -prefMapHandle 2292 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33e78477-8826-4afe-b585-2a15fb59cce3} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" 2308 2847c610258 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4768.2.2015656009\1027470881" -childID 1 -isForBrowser -prefsHandle 3180 -prefMapHandle 3012 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6211d563-91ca-469e-be32-cb6741d2a7cd} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" 3192 28401fcab58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4768.3.2087889755\273479277" -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24e9cc7b-4404-4df3-b69f-306c3ac85799} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" 3636 2846f760658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4768.4.1125808466\843517962" -childID 3 -isForBrowser -prefsHandle 3784 -prefMapHandle 3772 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8198f3a5-5775-4c2c-9aa0-e328706fde01} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" 3600 28403568558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4768.6.1480418526\1607497239" -childID 5 -isForBrowser -prefsHandle 5248 -prefMapHandle 5252 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {785fb676-1092-4c8f-85f5-88e31ce73eed} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" 5240 284049af458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4768.5.251012596\87234756" -childID 4 -isForBrowser -prefsHandle 4840 -prefMapHandle 5116 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b514a28-7032-4769-bb4e-d31d5c13929d} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" 5060 28401f90d58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4768.7.546647715\538012615" -childID 6 -isForBrowser -prefsHandle 5544 -prefMapHandle 5540 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fc7cad9-4e70-4918-8181-8171fc4e0d9c} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" 5436 284049af758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4768.8.1992878038\455135905" -childID 7 -isForBrowser -prefsHandle 3060 -prefMapHandle 5840 -prefsLen 26755 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d84db599-cf67-429a-b65e-79f76e02c763} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" 5828 28404383258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4768.9.2002348284\130393965" -parentBuildID 20221007134813 -prefsHandle 5832 -prefMapHandle 6052 -prefsLen 26755 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a898f56-5b4e-440d-a820-978502c60051} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" 6036 28404382958 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4768.11.2098397407\2080238997" -childID 9 -isForBrowser -prefsHandle 6324 -prefMapHandle 6312 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edca1066-e47c-4c43-89d7-fea8cf304b10} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" 6352 28400d93358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4768.10.120841763\596900897" -childID 8 -isForBrowser -prefsHandle 6300 -prefMapHandle 6296 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c0dd46a-6a21-4ae4-aa8b-577371290e58} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" 6320 28400d91e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4768.12.1667395696\728530190" -childID 10 -isForBrowser -prefsHandle 6172 -prefMapHandle 6704 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f48db3c-37b0-468e-a5ca-e9f3dfb5e7ba} 4768 "\\.\pipe\gecko-crash-server-pipe.4768" 6752 28406baec58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
146KB
MD5427c35fb1af4e761772084a9cdd87ac8
SHA14c299ebf7c2f84d6fc0e2ba37bc82e11711c8c5c
SHA256f8cb3ee19953b906e8cfe9cc4738352b1663b22b5eec598499b36d5403c32a67
SHA51280cd0fc8dd0c6d6a81cce4ef24d1d8b698a5ddd37bef4f8b173173be4e00b122e648dba64e61862db3dd16bb6b3c50c3f367977588bc3812b4363cb70b8a8bde
-
Filesize
16KB
MD5fafa92f84a23797cbe9adfb131a8c064
SHA182f32398ab68aa318a9e24efeed9694cdbaf7e60
SHA2568934898bcdb2cd86d9378b7b51fb27301e65589076348aab340cad41579dabda
SHA512a84e11cd97f9e6fa573145bd09c17116780605afbda7eff2357d9080e56f9516272b55c5e312235ec89d71981c98425c00b006cd3975e7086769ca7fe724560e
-
Filesize
6KB
MD513bf3c975405f6cde52b7cbcaa8540f5
SHA1c066ca61501e7709a10f84e8f26656808c651156
SHA256a0c47f6de0e4a64cc98c439fdf2450b983f4071603036ce04f6118389b528af5
SHA512d179d4423a3e4559f82660aa13c6af28b04b73b053b76e44c24413beb0dfb3e39c90706b98907eed46b6f9dcfda123ef115d8ff484499e84e103c02cc548ddfb
-
Filesize
6KB
MD5089067587dfa318a25713b9e0e8000a1
SHA1a99e84b72b1bd17cb14a3ac0dd5c66e7af83485b
SHA2562e16ddc01065f2c196fd1c973b10e2c3bc3ae34e4399e0e32c10d33c0cdf27d6
SHA512b1259e5acde803dabf942db5e3de57a75a38a327b54ce40663f76b0fd18163be090e000f8a8a380e1bb10f8de7a2b743e39a68837a7a74bc9efbf2eb21c88f46
-
Filesize
7KB
MD5e7d14b9e201d1814c2d12d15660ea3f8
SHA163a3848a5cf5f6ffc0ef8a36f2e83388f7ce3abd
SHA2563305b6ac2ea32242d88bf044fe3cfe6ad16f3fb0cf2a9d8f0ed09f0e82447c6e
SHA512c40e02ed9fc28cf30d4162dbc125a61ba8e278b788ec6fbaaa19eaec8e2dff2e6eddd3c636ea934d8b357ee416c77ba3ad58a089e2346c2b863119bfc994422b
-
Filesize
6KB
MD51984b45f201f1fd79d2154406648433b
SHA142f082dc6d4d43333688690bf4dfa7c7f8b618ab
SHA256000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9
SHA512e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc
-
Filesize
259B
MD5700fe59d2eb10b8cd28525fcc46bc0cc
SHA1339badf0e1eba5332bff317d7cf8a41d5860390d
SHA2564f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea
SHA5123fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4
-
Filesize
1KB
MD5a0e29cc81fa03e6cbb63cd65acf93087
SHA18c28f4a6bed6fc347ade4c8c1a89454caa355302
SHA2565028e56bb525fbcf31ad8195fe6a257c6a46b515704a4ed4a780dbaf0b273bbd
SHA512c92a8927688c92d435e7d68dd1a7378e1c6977f83f2d59501be2c83a7c38c0217198ed49991ebaaf20b0b1c2feacb0b4efe40001d861616b39bbe362fc72c471
-
Filesize
2KB
MD52536ce43a69ac6a344738d00f8cb4e58
SHA1ce42530ddb08a5673458a6db773d4a593332fcf1
SHA25609edb30d48d2883d78ffc427eb321f27ba82b50fb88abb2b2aff5c5ba200938d
SHA512b1a1fb6a6ead27b6a41418a037eee604d781353666ad1322350204478eb6fc4f848c0d9389da710af930f342fe8a574927b41dbb148ee7ee8ac54ca8944bdbba
-
Filesize
2KB
MD585e7d02169b0b5bed817d79be0e3f943
SHA1f2d1e76738c2400ce0336a5f29958b52e90b4478
SHA256521313e1eecaf5d63d03f3c4cc5bb41f7497bee12d45611ce6e619ba2c6b6197
SHA51284ebcccce2e5ecaf413c68d5aab46bbe74efec9417195f00db39561eaf28ef19e3891d7b12c532ac5b21e891ad9f386d06d4dbf5000c0580af9010163e65b390
-
Filesize
456B
MD54849126d62348e96de9f534891ee372c
SHA104208116ad7cb0edcb2c7c754042554104172d10
SHA25692930e52c17a5e42a09f648d090ba0e48384fe2b6f4f6b3e3fc70bd8a0e6ac5d
SHA512bd7769637a8707a21027e442faf6911019a2c731bff17fc11b9da0b74490162ea4eba2fca41942a7c114cc75ab1941f208c1fcc789bdc0a594b5ed269f6e6f25