Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

blatantclicker.exe

windows7-x64

7

blatantclicker.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    113s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/04/2023, 05:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    blatantclicker.exe

  • Size

    930KB

  • MD5

    b6f8b023cfb132553b707d3137492421

  • SHA1

    0d4e93fdb9a1bbf6d871c6e69abbe6faea73a395

  • SHA256

    2a05a86b480a273181c5bf324bc6ec85ab5938ad1f5cf255e6ea986fa1313fb3

  • SHA512

    fb9a737c41984a4fcd044f652a843809cddecfb8ae6c37a60787a8448baed63c2214fc9acd6ad51ca50a4732b56e3a1338d9e131d2c981ff759e4ee9c5ed02b2

  • SSDEEP

    24576:wxyYqJ2Lq8ki+TqP0sh5Th9Fh3N5Qk/WOxTGTNE3Mjqa6L8OpO6nAG/fEZ/PKhqM:nqaa8OpO6AIEhPGEDnVR

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\blatantclicker.exe
    "C:\Users\Admin\AppData\Local\Temp\blatantclicker.exe"
    1⤵
    • Loads dropped DLL
    PID:4552
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1260
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3372
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3372.0.1673817398\1843090652" -parentBuildID 20221007134813 -prefsHandle 1824 -prefMapHandle 1816 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b2d11ff-7420-4b92-ac68-a01a4f9a333d} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" 1772 20ea73e5f58 gpu
        3⤵
          PID:3716
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3372.1.240351961\296263844" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c13d6bef-d524-45f4-83a0-4dc0662a6b32} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" 2300 20e9a372e58 socket
          3⤵
          • Checks processor information in registry
          PID:3792
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3372.2.814480356\1705656880" -childID 1 -isForBrowser -prefsHandle 2676 -prefMapHandle 2836 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ed56b4c-822f-4580-89ae-11ba97b45def} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" 3112 20eaafe4758 tab
          3⤵
            PID:1072
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3372.3.990688641\112326601" -childID 2 -isForBrowser -prefsHandle 3432 -prefMapHandle 3448 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03b12d2d-61ac-4a6b-82d5-25991d345f36} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" 3564 20e9a368d58 tab
            3⤵
              PID:8
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3372.4.591329607\1901470203" -childID 3 -isForBrowser -prefsHandle 3824 -prefMapHandle 3820 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c16189d-0493-44c7-8589-cf81b6dc6e65} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" 3832 20e9a361358 tab
              3⤵
                PID:4104
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3372.7.1167979097\830702331" -childID 6 -isForBrowser -prefsHandle 2820 -prefMapHandle 5112 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebd7043f-bd54-46f2-bff9-1d558733174d} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" 5096 20eada54258 tab
                3⤵
                  PID:4796
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3372.6.1512412453\1539025493" -childID 5 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50410c64-8e91-457b-be93-03362355026b} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" 5276 20eada52d58 tab
                  3⤵
                    PID:1220
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3372.5.1117459296\936188168" -childID 4 -isForBrowser -prefsHandle 2664 -prefMapHandle 5084 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29122054-cedf-4fba-af9c-c963b1b5deb8} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" 5144 20eada54b58 tab
                    3⤵
                      PID:5060
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3372.8.1556440907\1818689175" -childID 7 -isForBrowser -prefsHandle 5324 -prefMapHandle 5536 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f98ae114-6dfe-46fd-a9d6-0eb71dea1479} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" 5084 20eaf21ec58 tab
                      3⤵
                        PID:3228
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3372.9.611478596\1991914052" -childID 8 -isForBrowser -prefsHandle 6036 -prefMapHandle 6032 -prefsLen 26755 -prefMapSize 232675 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a4bfc8-d4c7-4efe-a307-12533f6021ea} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" 6048 20ead34ba58 tab
                        3⤵
                          PID:3772
                    • C:\Windows\System32\rundll32.exe
                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                      1⤵
                        PID:3236

                      Network

                      MITRE ATT&CK Enterprise v6

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        151KB

                        MD5

                        d75f26956bd3733515ff1f5cf21b3ee7

                        SHA1

                        b0f5a371d9bbce4331b782161e8fe5ce023dd438

                        SHA256

                        736564cdab10ea4d7462d94e9086b7dc6be69de418f761ec7ecd9932774e6faf

                        SHA512

                        040563bb2bc4923c393903f146581e5bcefeb9cb38e2d9db8cdf806ff9d896ada00234cf07f6e7fa72e7e1140c5e341542ecf9d95b5fcb585587be48fe6cd2c9

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\32a4a32f-b10a-42fc-a699-939a32e55fe5\SiticoneDotNetRT64.dll
                        Filesize

                        142KB

                        MD5

                        9c43f77cb7cff27cb47ed67babe3eda5

                        SHA1

                        b0400cf68249369d21de86bd26bb84ccffd47c43

                        SHA256

                        f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

                        SHA512

                        cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\32a4a32f-b10a-42fc-a699-939a32e55fe5\SiticoneDotNetRT64.dll
                        Filesize

                        142KB

                        MD5

                        9c43f77cb7cff27cb47ed67babe3eda5

                        SHA1

                        b0400cf68249369d21de86bd26bb84ccffd47c43

                        SHA256

                        f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

                        SHA512

                        cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        96757681841629af0e58932ff682d67f

                        SHA1

                        b83151e19b0860ec23140abfa43524e55fcce9da

                        SHA256

                        7fa47411e13f8a5b917ae76b6c4f6609d117a0cadd2e52ef7dbdc654e1de99a2

                        SHA512

                        77f12abdb40d8480a78b4feab5910ef89db39e7acede9f1cfe616d5451a7063b5cac22b9767b67bfb4b74d201d09e78d1f42e94fdd0eccd9141ca13fa978c2c1

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        81013c55a1be3dead87ca9d505dc6f50

                        SHA1

                        cd1897d5fa4acac0db2781ff29d042c5d7e87bc4

                        SHA256

                        d1dbeb9b2659520b78d6915eeef7d8396e94f477e284229fa90db6c63a6e2961

                        SHA512

                        71e85e6c313a8b52067e4f2969e9354edf0afb96809db6f929d289912de280f243e9a997c57a44ba0dc85a59df5a42980d369ee72bb4f1d9f5971573befd8567

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        6e8967943154bfb4e9bb7a0581477c87

                        SHA1

                        a09888a743f4675a22d8dcabc605463438899fd4

                        SHA256

                        1a0b47915be1c1af0f2184ab9ab165f86653987b5ef79f13bcf399a1cebd6dbd

                        SHA512

                        8bfe296b22323b3c6b9537866875b0b27dc2154bbc245f28962d039352404da83361b615db4d370e53cefbd91f6b87a6b342e408b7d8bff1b50220235e66f98d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        1984b45f201f1fd79d2154406648433b

                        SHA1

                        42f082dc6d4d43333688690bf4dfa7c7f8b618ab

                        SHA256

                        000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9

                        SHA512

                        e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionCheckpoints.json.tmp
                        Filesize

                        259B

                        MD5

                        700fe59d2eb10b8cd28525fcc46bc0cc

                        SHA1

                        339badf0e1eba5332bff317d7cf8a41d5860390d

                        SHA256

                        4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

                        SHA512

                        3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        5616a074e97cb249c02798f16195997e

                        SHA1

                        bf4ec41ae2db9e5c8f88e54b89da6b8825e0bee8

                        SHA256

                        8cb432225151500509796266d15193dba7e70027f99ba44ab7fabf8a35cdaae5

                        SHA512

                        562fde9ff8237aabb1a92001453cdb6642defdb0fe8defab8ccb5d2dc5b138f48c4237ad186d7494f4f563e83c3728d677aee3e275838be070175510ebd17e7e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore.jsonlz4
                        Filesize

                        2KB

                        MD5

                        256e395a31eeb2a3e0f729ed446dd030

                        SHA1

                        ba1939661e45fbc0b3e445bf213f489c345dfa89

                        SHA256

                        542a58794c56ebd7dbf91a1eb882d918194c9fce227f773683ae77bafd64b5a9

                        SHA512

                        1f1fd201b9960608d5e406b0dd0abae05be497e1c95f7831d24e095725da55ab3b2029f23c78b7f516175cd7267ae7fda71f8331884c2ab4bdd9d34e8def9b53

                        Download Submit

                      • memory/4552-182-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-192-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-155-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-157-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-159-0x00007FFCA3A20000-0x00007FFCA3A47000-memory.dmp

                        Filesize

                        156KB

                        Download

                      • memory/4552-160-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-162-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-164-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-166-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-168-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-170-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-172-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-174-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-176-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-178-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-180-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-133-0x0000027643B10000-0x0000027643BFE000-memory.dmp

                        Filesize

                        952KB

                        Download

                      • memory/4552-184-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-186-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-188-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-190-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-153-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-194-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-196-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-198-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-200-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-202-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-204-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-1099-0x0000027643F90000-0x0000027643FA0000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4552-1247-0x00007FFCA3A20000-0x00007FFCA3A47000-memory.dmp

                        Filesize

                        156KB

                        Download

                      • memory/4552-151-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-149-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-147-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-145-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-143-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-142-0x000002765F310000-0x000002765F4B4000-memory.dmp

                        Filesize

                        1.6MB

                        Download

                      • memory/4552-141-0x00007FFCA1580000-0x00007FFCA16CE000-memory.dmp

                        Filesize

                        1.3MB

                        Download

                      • memory/4552-134-0x0000027643F90000-0x0000027643FA0000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4552-11658-0x0000027643F90000-0x0000027643FA0000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4552-11659-0x0000027643F90000-0x0000027643FA0000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4552-11660-0x0000027643F90000-0x0000027643FA0000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4552-11661-0x0000027643F90000-0x0000027643FA0000-memory.dmp

                        Filesize

                        64KB

                        Download