Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
18/05/2023, 15:11
230518-sk226abf7v 418/05/2023, 15:08
230518-sh8rxscg35 818/05/2023, 15:05
230518-sgg8kscg28 318/05/2023, 15:02
230518-sewcescg22 618/05/2023, 14:59
230518-sc2fnabf4y 3Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
18/05/2023, 15:02
General
-
Target
Word Art.png
-
Size
285KB
-
MD5
5e1e55ce7c0e73d9aa5c24576d2bee38
-
SHA1
9998739431d728d3c53d6fc5d78a885a41a83cfd
-
SHA256
2fc5195f1f3e184fa69ee23738987a33747bd904b5cfd1ebaccf0fce5cc0a031
-
SHA512
95522315bc4511cfead41f34b80eb18e4b75c6ae842aed488d5b4b3fbdc5b6dfb5cf095c4b8b147f178f965269f50017b276c90df274dbaaa6c3a748570429e1
-
SSDEEP
6144:Rz/OcxfSfMFUxMAOtdgVFn8tVcIFKtunpO2A9itU5FIXwibFOw3MpujR1ZT:VpxfS+fdtdyn8zcIhZhU5FIvvBB
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 6 IoCs
-
Suspicious use of SendNotifyMessage 5 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Word Art.png"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.0.1965053772\2143401188" -parentBuildID 20221007134813 -prefsHandle 1792 -prefMapHandle 1788 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dbf29d0-7278-45b4-b2e4-6b882b61f9ef} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 1916 1d83f9ece58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.1.718296884\326648139" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99f8217b-6d2a-43af-adb6-546453330923} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 2316 1d832a72b58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.2.599443449\808751873" -childID 1 -isForBrowser -prefsHandle 2828 -prefMapHandle 2924 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06f4487a-1e0a-458c-8c57-c92c2fabb457} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 3036 1d842d23258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.3.652886171\21464113" -childID 2 -isForBrowser -prefsHandle 3332 -prefMapHandle 3324 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47dbdb53-937f-49c3-9551-c222322d0331} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 3344 1d8431f9258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.5.1022516605\1824682687" -childID 4 -isForBrowser -prefsHandle 3692 -prefMapHandle 3696 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {238fd780-94e7-4daf-b276-f6fc5517268b} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 3680 1d843269b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.4.163574189\764450892" -childID 3 -isForBrowser -prefsHandle 3500 -prefMapHandle 3504 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9e852ec-d304-4864-8826-ffd2bdaa2891} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 3488 1d8431f9e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.6.1227450675\819856031" -childID 5 -isForBrowser -prefsHandle 4656 -prefMapHandle 4652 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc6ca20e-64b7-41e9-a8ec-67ba8ae300db} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 4668 1d832a61958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.7.1351095077\1790991725" -childID 6 -isForBrowser -prefsHandle 3296 -prefMapHandle 5496 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a26544d7-b67f-4ec6-ab6a-9608cbae6f1d} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 3956 1d847473758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.8.1404568396\1112992290" -childID 7 -isForBrowser -prefsHandle 5632 -prefMapHandle 5636 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {546f3a70-ef8e-4749-af94-29c395941b4f} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 5624 1d847474058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.10.645253261\1739087300" -childID 9 -isForBrowser -prefsHandle 5972 -prefMapHandle 6032 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef1721bc-a342-4a0b-9b97-9a2ad2b3d921} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 6072 1d8479aa558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.9.1127302995\548290784" -childID 8 -isForBrowser -prefsHandle 5840 -prefMapHandle 5856 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18fbb302-b818-4bdd-b3e1-c4616701c160} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 5972 1d8479a9c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.11.1292975480\168037396" -parentBuildID 20221007134813 -prefsHandle 6264 -prefMapHandle 6056 -prefsLen 27195 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1442ff3d-e6d6-4c1c-b3a9-5909fed6cdbc} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 6296 1d847d76558 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.12.790330864\299917245" -childID 10 -isForBrowser -prefsHandle 3516 -prefMapHandle 3340 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6b39c73-51c5-4d1a-90af-bb4b1895050a} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 10488 1d83fc74358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.13.1492258705\1801470765" -childID 11 -isForBrowser -prefsHandle 3752 -prefMapHandle 3348 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13d55d09-434a-4131-be2f-e7f57233fbdb} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 3628 1d84352d258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.14.1539283350\1832424667" -childID 12 -isForBrowser -prefsHandle 6448 -prefMapHandle 6452 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50d59723-04a7-477f-be81-d53dcb430217} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 3388 1d843540858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.15.1745873256\495891126" -childID 13 -isForBrowser -prefsHandle 1392 -prefMapHandle 5772 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8219e07-0b43-4593-9d8a-24317a6c3cd6} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 6204 1d848270058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.16.801641707\279004907" -childID 14 -isForBrowser -prefsHandle 5592 -prefMapHandle 5924 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c131310-fb6e-4dc7-a2d6-9a9f2853a1f9} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 5484 1d849926858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.17.625496085\1651028271" -childID 15 -isForBrowser -prefsHandle 3588 -prefMapHandle 3904 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3a821b9-56d0-4059-8130-1c362d73fda7} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 3624 1d843269e58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
154KB
MD5e226f9ac5b0f6f0d69fd7f9853dc2678
SHA18bcc834f353a0cb8a1ade8a4a16def03d3364412
SHA2569c5b1657fd6e9aeecf60cac0f335d117ddded0be96d75054d251575165d39a94
SHA512123495a6562c8270c117050ba5ae77183b2d2d2d3122dd8df562adcf3911f24a739f10359aec0b822f1d070991e2ad22ce06112ab7e247f884513ec856e57fdd
-
Filesize
15KB
MD517aeafbb1008e02c1d0c78cca62d299e
SHA15249eccb394a6b25b7f8fe5a241f36b07bd2070f
SHA2564b7930130eed0cc14356ba7fdcfbabf503a917eab287dcd2e5947e08c7b563b3
SHA5120cde9c129bb80f16f8a20a86cc635468dff7a8801731272947fb821b04743b060d505f09893b461b02baba665603d4220bd144f3392e15d752ea17f8cb84a0ac
-
Filesize
7KB
MD594518615400287187449eaee409eb320
SHA1390bc4c853034379bfee22abb37e63e147cd8763
SHA256f1c8c9fd5025961422c24e23fc6b294d39c02f28f39ce82d929736f041a8bef2
SHA5129441fa8605500268824a4df729800568e48b777e69f8196f3ab61e06ffcff7c72cffc549e216f8c79b11104359f0d6b472e48d2e6f9c3e7632cd8a5cd104a49d
-
Filesize
6KB
MD5701410ac8004ca24f132857792d33528
SHA128ccfab938ac49755b14de087654fa76951e2d44
SHA2560944aa87d21a5f85a38e240f076be5bd21403a8e4aad02d5c6afb99e56fe30f7
SHA5129e39fde9ef1efabf5ec0115f7f1cb6019b98c8f89d601b29f0cb5174a3f12d8c665e6bc24ee6ef77eccfa99629debee52fae612268c264769354425f7dc2f19b
-
Filesize
6KB
MD5d68162a0aacf26ad3ec2eb59222a82d1
SHA11e8af5443e58d76227acd67fde767e5969d4c605
SHA25600d3863267714214265f448f6a06b8fd6c5262c28d4b856d0b4d476ebc2d0c45
SHA5128dbae00ec8f94f99c1e79f74cd704133f31364ecbbcc92f9e4fd4dff5b6d8c3c341cdc91fb18e3d620893bde037a89c529d4ce7fb3030ca023bf7e4424c249a1
-
Filesize
6KB
MD5c50181aaaed0d80143cbccea3999bf1f
SHA1f1b2f7b75e527a596a583e936df4e5c1958ef927
SHA256a97c3da5e86dbcdff66e9f94aa0e5f743a2b73101b589b5c15c27ef8f4aa0678
SHA5123d1831c1fd7e3af4498ae0fcdfa70b8711224adda832fc4413b3a9ea80eb1d5e392f049f0986a063dc581071f38bee1b7568652539b308417c5a753d304227ad
-
Filesize
6KB
MD52f8d1982e88650d122609c395be586e0
SHA1a8fb2020ef775356399f52396c034831ac79a6bd
SHA256437a19bac4358007632e623ed76d495424cceebe296a9ca145a4360175e8926b
SHA5124d85c6d4524dcdc90ced0457b06fbcbe88a7175263bdeeb16fe993697cca55c9c97116d8112e4a22ba4f75e449f4e9ae927ef4146725dd33a7050d7ca39a3d82
-
Filesize
6KB
MD5f73e52d124620d05267ba934f3b312d3
SHA134121aa291d9f88b3e8e3a2fa37cb1c06cac2d30
SHA256fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7
SHA5124ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46
-
Filesize
1KB
MD56df97270d5a301f35fc7cfdf752f70a5
SHA1a0e5fe898fb687bba25bef9cdf2e549b462730f0
SHA2561a2a850d1fe305e3054ef16d36c71174588e6e46e57a0cc249569229662763f9
SHA512cbd7e2f8a88df2325087bbaf4065f3de0118546a94d3f128722695cd85bb4706dde74eba2c07086652be615d342987196ca817cbf31397b86a216ec7c293c043
-
Filesize
1KB
MD57ca719855328c4b075be512a12505f50
SHA1799a98a3f2274871caecc18d3e0f3f6f574d7360
SHA25613000ec31c46ee15f70c81555e89a3261d22165a3deac52b1ad0ba96f9fccde4
SHA512de27314b600662d1e2761a91c6617fcb45a34cf19f24dbac52c1ed65e2a4fbb9196117c40dd0e7aa52c1a5517df1f2e33d40ad3c690339d8460b579b5048a2a2