Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
431s -
max time network
424s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
22/05/2023, 01:37
General
-
Target
https://www.google.com/amp/s/ds-260.com%2fwp-admin%2fcss%2ftmp%2f69158%[email protected]
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.google.com/amp/s/ds-260.com%2fwp-admin%2fcss%2ftmp%2f69158%[email protected]1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.google.com/amp/s/ds-260.com%2fwp-admin%2fcss%2ftmp%2f69158%[email protected]2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.0.2134455771\795500559" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1820 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {123d7cd6-3b5e-439b-b23f-884158deb3e6} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 1908 1a08c519858 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.1.929147578\341554992" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4681207a-820e-4e04-9ea7-7dce14bb4033} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 2416 1a08a948858 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.2.1100318863\636836757" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3216 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {097a8ab6-514f-401b-89f8-d63e092acb5a} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 3032 1a08f313f58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.3.1887919616\1882066313" -childID 2 -isForBrowser -prefsHandle 4044 -prefMapHandle 4040 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58b55829-6398-4f3d-b7f2-84f155829e13} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 4052 1a0fe465b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.4.1882005694\2115674538" -childID 3 -isForBrowser -prefsHandle 4692 -prefMapHandle 4680 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddca7914-2172-41c0-8c7a-4f778b50ddc7} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 4672 1a091530c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.5.654472842\2104518313" -childID 4 -isForBrowser -prefsHandle 4892 -prefMapHandle 4896 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f9407a4-9d63-4122-8406-dd7e9df1229d} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 4872 1a0fe467158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.6.1337625576\2021216862" -childID 5 -isForBrowser -prefsHandle 4628 -prefMapHandle 4604 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49a29acd-c51c-40a2-8be1-2d9a3ca9c504} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 5000 1a091bfa358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.7.265989592\686925307" -childID 6 -isForBrowser -prefsHandle 4660 -prefMapHandle 3084 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5eeafeb-9d81-44be-b243-ecf6e63ceeb1} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 5064 1a08f3e5658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.8.1084875460\1693132625" -childID 7 -isForBrowser -prefsHandle 5064 -prefMapHandle 4864 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89787211-357f-46fe-b587-67f50d287e6f} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 4728 1a091530c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.9.620990495\408838623" -childID 8 -isForBrowser -prefsHandle 5584 -prefMapHandle 5596 -prefsLen 26770 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1b2ee71-6084-41d4-bf94-deee16c60255} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 5608 1a092af6258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.10.879957325\608008476" -childID 9 -isForBrowser -prefsHandle 6024 -prefMapHandle 6020 -prefsLen 27171 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95b9c9ab-faf7-4c16-9870-26f47bf65c78} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 6032 1a091531558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.11.1377027939\425151620" -childID 10 -isForBrowser -prefsHandle 4784 -prefMapHandle 2816 -prefsLen 27180 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b6bdd42-ba04-444a-98bf-ff6131222238} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 4788 1a092a39e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.12.256244017\1181561441" -childID 11 -isForBrowser -prefsHandle 5136 -prefMapHandle 5164 -prefsLen 27189 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b566c33-2d3e-4fb3-986c-2fa370bd772c} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 4984 1a08dd45658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.14.562153188\514554066" -childID 13 -isForBrowser -prefsHandle 3340 -prefMapHandle 5608 -prefsLen 27189 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3f278aa-b8f9-4b45-ad0b-9f3787016721} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 5140 1a092a3cb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.13.1822960066\2020275557" -childID 12 -isForBrowser -prefsHandle 4688 -prefMapHandle 3268 -prefsLen 27189 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3aac2a7-78b9-4f70-87b3-8a70a3320bbb} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 2948 1a09152ee58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.15.677181153\44018216" -childID 14 -isForBrowser -prefsHandle 5356 -prefMapHandle 5352 -prefsLen 27305 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8ef75f8-2a39-4f57-9059-37921cdb7a59} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 2884 1a091742c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.16.1070849846\723164091" -childID 15 -isForBrowser -prefsHandle 4936 -prefMapHandle 4924 -prefsLen 29246 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6d581b7-1fa6-414c-b824-220a385b303f} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 4972 1a0936a1e58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
158KB
MD5256dfd141dc382b8ad73b45f3c306496
SHA18c1f7c39178c02bbc028fc7903cf2c49c4f2d199
SHA25658738b03d8c1db6e77afef5429e1bf7cbe8655e32b27bb41c89a20fb27402903
SHA5124efb4b4e8dd2c2efff98820a8a2508a254bf6e96b3f88a757c65a8b13a4af588bf643f81eea2790850be66b85fd3773bb3ec5640b243c3e44156d9835fec7c4b
-
Filesize
9KB
MD5bf2f2d1cfa8c18581bdd11f3a45f8d38
SHA1e29021a8c23e310928105656196a5d7a52bbc702
SHA2563fb77632992e0c1a8da412a01815a8b6252ff04ce05184fd7804c65add97fe47
SHA5122c4bcb63720bcca40ec090b4c372f3862452bec577e7b2a10bd2d6f0a24c1905c2c410eaa72c6b49867af91eca2dc4de72d71550626604bb9dac9453a9e21c1d
-
Filesize
11KB
MD5d7eb68d21a27a3635daa2bb56ea7108d
SHA122cf0e50441a549d4b4a796bde924293f33458c6
SHA256cb576d573f31e1f0ef4eddca94c86056849e23792fb0d004c5d1f948e61282d0
SHA51262d2bb8744846eb85f28b28e264c9baa8526b5ca5b0b50ec8239ae8e675e45420aa87afabf74d77d1e4fdb8be9d8d7fbc39e5dae85f1e8bc8b6b3e60e610f890
-
Filesize
11KB
MD509d03f567c218786e1f50a03c061623d
SHA12fd540b46044b5039ece8a4787de36b9ca5c380c
SHA2563845eb6db221e795ad312b8f59ee9818e19735459a693cf8c66f617c004ca2fa
SHA512c6eb31a68b837fc227f5aacb5ac219b20724419a682ab800fb8e66db36937d303eb86ce629c4d52b91f10c29d772afbf97dd2f876bad90f2e8b487fcc0029db9
-
Filesize
70KB
MD5469fbb049ad5765c045e901588c402d1
SHA186f691ab851faee2f4ff03d2e0616be073aae56b
SHA256ba12207407dd533cd58ff36c62bbebc5f5e31cc178b2f8225ed2dc7ff7e8b81f
SHA5127862ecdb69c2825436c6727eb86056c34e2a526d6a8fb3fd0b82a3802ac5137a30f2c33821f29f95c26d967dc6e5d3ea4ab153f4cc8a09c8b66142c4ccc23d1b
-
Filesize
14KB
MD5e7ccc573eb732a22a5abaa33b057947f
SHA15c7f87db5a5d676901888b374570b723fcace084
SHA256cdfad363de8222784a9e70c12cd7270547f5a3be67cf10e8f92478aaafc55044
SHA51299d6beb87c9101e830c6797e9323f92d7d16dd8684d55a85e33a133ddd8392ca8324ac2132d4a6449bca46aa70d1642468215c954b05a57a5ca995d426e76d24
-
Filesize
11KB
MD500b33656cea945ad7c27c27622f90fd0
SHA14a363a447274e56fffd866d0ff42b40f65c6e7f8
SHA256badc9a05a5e524843977241e9155ac33310513d1f165a4932a1c193933d977f9
SHA5124f8f3c7c1f2bd5fa55c97b9ab441e266bd9326a5631e3ff446e37625f794e8d94e7ea21bd406a6bac3f38444d7aab61fa79ffba791fdc8d5dc139a9c7afa9a12
-
Filesize
13KB
MD52ab4718369da42a18446d066db356450
SHA107736e9b7a0fb1b60b2db8ae726020f2d9d73028
SHA256d70ec64404779f14758bbfe832b3df2c4b98d5abc5b643c9de238f376e2f5bde
SHA512a43477a87e555faac5f4b012d02947783ba5727c3c4bcc68409414690b76c3a47bb9980ce2b9235bc577fe51ab5667c4d6f72592d983c817d815e05d8dd2fcbd
-
Filesize
15KB
MD52926bf8626bc76195599cd083979b1ca
SHA1fc74400ecfca8263025f7269797199811e62e32f
SHA256808e12c68bb6483b6eb4c7002ad03c3403c4fb8e8b5397510332640fd5518069
SHA5126b162607aa0246bb13620735a272d476a79c0b340d4541e4c5e9c0719fd9c6323fad33a67696098eb9cfb6c624c74e7622e0fcbefae095adde2b6e40e7c02581
-
Filesize
6KB
MD5650c766fef2f023685559277b5438cc2
SHA1ca0da08573333fa2c22e5d724ae54c7326d78a95
SHA25669b4a5f601f453d814783f7a82de730ae7f3c9048e296cdc7805baa9d94aae5c
SHA512cb7a8b93f0264e942d112e30ff336b4b28a18cc20037bccea2e199744f0c7c987c01b551bf35c6d5d29e90cc09f038a1640aeed910a2986992724af5d4ad0b9c
-
Filesize
6KB
MD585ff0564fb92ab4eb3e43e6bd4ebd5ce
SHA177d933bab1a86f725e3ec2b2931ec7b986f448cc
SHA256690bf0713acb29dbb2cfa477490171b472098e7339d891a052b7d7125ef8cc8d
SHA512278787ff2ae696c0d335f2220a303cfe7ebd7183e5939ab8f3c5c94ea110ed1409868c09a4c2c9283996607feb4457b168c105a4098faf373d668565c081f422
-
Filesize
7KB
MD5dcb0d82dee3c551ef15a175a012dbc0f
SHA1795aefc72708c16038afd77b91c6af478bdd5362
SHA256dab7b456bd1a80529d6283fec6eff77b01c7b3713c1f4f9bdf6a8ca2dec5368a
SHA5121c7067582bfa7180cddc71d00e16c8b16e6bc01d33f553f646ff9963d94b9eac20cb38628d84e0591febbbdddb518ff0d5f23d12f31f453908e3884ff247f9f8
-
Filesize
7KB
MD540284917389b1a0cf67d1c4369d9e7d0
SHA15579a18d8c0dd64c84abe34be3774ab85d0ab352
SHA2562a6958ada5eafeecc8d98452e5ab699737c17b83b001c92188b55b67b74abba4
SHA512d389b3c0c1fb056fb36458d242c137851339017fac867173ae4e52f3ca7683403cf8350781743b2e9aa4dae54aaf1db8e5119ca7e1193274308edbd14eb43bcb
-
Filesize
7KB
MD5a570c19901f46b4e79814cd27f2abccc
SHA1dcc286c9b143d12e0c03fec7d6cbf1c4a36bea2d
SHA2561858d4eb33b15329b52ac03f0ccc8f3e2ce218475e73eb9ab02d029917ca4ec7
SHA512cb56e3cc388633a290f0e68162e892780469a140a0bc0607a086d695c1f131adfdb177906a7867ca162170b1f0a1c25625b2c18a20afb8bd8f0e7d435a13aff8
-
Filesize
7KB
MD5fe9d0cc8132fc22409cb98c786c6e452
SHA12caa7e7664daf425a06f82e489086507fed41a08
SHA256f3d0d1f0a75cff7cb14bc413eb40abe7044afac0a6da9265aa4ba31392dcd7a1
SHA512cceb698c97689c61e5abffb2214ba394da3499a27e895bd086bfd8df1acbf12af7b2de4a7b4b8b5a043d9d4ed9b5817bd1f5d2a00824539ec8e53954a023f519
-
Filesize
8KB
MD5a7294e002682c19576208dbfbca1c4c9
SHA16e5148904037879e59ad200be8790a8b6947bc52
SHA256deed97a3c58de34382ef9c150b032ff86bd9061e82aac10e1d8c8464eeea81b5
SHA5122160747e03e15330ed8305b12f1bc486242e00188132064d5ceda506039bcc47232f053b1f2d567d4812d94122ba4bb9c6e4cd3fdac71599b08b4a69ba8706cc
-
Filesize
6KB
MD5108b97b1ff7efbdb1aecce96d55ff2e5
SHA1bb72b2e0c3d859fe5e821632307a32df331b55e1
SHA256c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e
SHA512e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc
-
Filesize
1KB
MD5244b514a411688897a0889829850cc36
SHA1356369d464b0ae142941de3b18aeb916f4e349e2
SHA25653143f2e04d91e06139e95407f2e9d7974924004d535f69220560e93a3da8d89
SHA51234bb7f3d20e137681e5fefaf69b494b36e23a272749842fba6688d4766373781f8542f3e51596e528277ef87b9acd35eff266eb31cb09b5f2e9ed894bc4dbab3
-
Filesize
1KB
MD5ebb6ee181489fb014cf97d3acabd735e
SHA18ddee72e95168d30d5c4a95c9749fcbf43707c8e
SHA256369fc282ea3d4895845deeb948f86e4e1a3aebfa00bf4422cc3ae200dab5d08f
SHA512a2b4ed94ab8981f8aaeb17243a49dea26bc9471a2932c5671eb01ef7823963ea4a2eb4db0dc72e0b5b7282e5c0371158b2c3e2e27ff05a46f2430e2daa597091