Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

Globally.html

windows10-1703-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    117s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29/05/2023, 11:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Globally.html

  • Size

    2KB

  • MD5

    143e6a4ab62c2d279a42654839e16a17

  • SHA1

    5801b5a8959d558e409b63d4351ccdd446595579

  • SHA256

    dd3b0990adc27cde845dfdae6648a952a309cb2086dad5b393bab975a0e20520

  • SHA512

    95d34a0579af6b4012dcc8c45ebe813c003c7b4cc4c99a3386c7cd12dcb79bfcc906adc0808f80b4957fa999f5e4f1077a29d3ebeb1553e34a4596f96382bf8a

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\Globally.html
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\Globally.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1544
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.0.791575798\944716838" -parentBuildID 20221007134813 -prefsHandle 1668 -prefMapHandle 1632 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b29a7c91-9ac1-4660-a5b3-c39f19ab4158} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 1748 1f330d18758 gpu
        3⤵
          PID:2572
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.1.236357870\1313469840" -parentBuildID 20221007134813 -prefsHandle 2180 -prefMapHandle 2152 -prefsLen 21749 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {098c446f-ccb8-41cb-9edc-ae30bb3b7091} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 2200 1f32f13b858 socket
          3⤵
            PID:4308
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.2.7754813\403250396" -childID 1 -isForBrowser -prefsHandle 2688 -prefMapHandle 1520 -prefsLen 21832 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2682a9fc-fe3b-4091-8922-a7a36f5ae9f4} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 1524 1f333c3de58 tab
            3⤵
              PID:1148
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.3.228742047\1469048383" -childID 2 -isForBrowser -prefsHandle 3852 -prefMapHandle 3848 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c60e9697-6cf9-4cdd-a6c6-4d19485a3377} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 3868 1f33528b458 tab
              3⤵
                PID:3752
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.4.1185812964\1712870228" -childID 3 -isForBrowser -prefsHandle 4596 -prefMapHandle 4568 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {368bae80-3e2e-45c4-a935-ad1b6dd53894} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 4644 1f33637e858 tab
                3⤵
                  PID:4448
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.5.1489243587\1002942333" -childID 4 -isForBrowser -prefsHandle 4796 -prefMapHandle 4792 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b07fe079-5358-4049-ac43-a4207fee76d1} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 4712 1f336397258 tab
                  3⤵
                    PID:5052
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1544.6.2138184736\1033458263" -childID 5 -isForBrowser -prefsHandle 4932 -prefMapHandle 4696 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd29041e-f571-4755-89be-85d253ec9b08} 1544 "\\.\pipe\gecko-crash-server-pipe.1544" 4924 1f336397e58 tab
                    3⤵
                      PID:5064

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\510gyhsb.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  149KB

                  MD5

                  dbc62abc0764382cad8b858eeba9a67e

                  SHA1

                  59f17cb87886fc654f46bb178f7098b8d38ec809

                  SHA256

                  c403d4f3d28c4d96fb3caa113af083beff153d11ec51e7cd337a3c9c330a5e8a

                  SHA512

                  6a6098e7488a123b7dfc8dfe9571d58e878039e009c6e82986663b3278f4fdbf6084175e90f62e41ff03b43e46e9631c53565b809b9dfa7f7b1f282064fe1309

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  c205c8a6591363331cd60c7286ad4ac1

                  SHA1

                  7d4c89374e88116484984f5d0b5df0d59aa63ecf

                  SHA256

                  81db871d08aa9e5a991e6e04e462d416753cb92830860bca520d0c73d69b07c0

                  SHA512

                  fd09bd9b7d42c6bfa6e508c071d0a67caba2437ceb56e0088cbf72e85690619ba9e7a81f2bc9956405a93210e2c46b8ec4bbf5aa7341f382457a5926ab9cd7c9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  e88174526d78699625f117a911a41995

                  SHA1

                  51f9d3984b1bd0de880187f1be41374d924b6e4d

                  SHA256

                  2fb9a65e136c604849336b610dc1022e408235181b2e1400259edf58449e679e

                  SHA512

                  8c95968fd9bb0c3f37c12cfce2c61fadcf41be178c441ce7249b117e4e84dcd5b5fabbe474c3f6eb9cfb752feae05b344dc3f815cbe88568c9d17d4bcfbbba98

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  4caa77f5e4d7d4796cdf202535861bc5

                  SHA1

                  07e4f9f9a2713cb317a356bd731ef7f2436cf4bf

                  SHA256

                  5883eb6b1d03ff1f47594b1dca5100d0e05065b121a0ca2fe70e2314d219d3f7

                  SHA512

                  150fc321565ded499c2eb51e2ebb2c3033b0f1ca4973b285daea081ea403a33b6017e3a160fb5e8bee3659392818a2ccdd6bf918333dd3130c7104cf977cd2ff

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\510gyhsb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  643cd63a8abcd7eab522adb4d02ae609

                  SHA1

                  942172af5063027de9d7cf192afdb4bda2d525f9

                  SHA256

                  1986ca783bab9b41c6b6318739e11fb4f3e0dbf96656597c947f7300985b2060

                  SHA512

                  9622b7aaf84f8dfe272987e0c76ced9ddf9588fd51838e32b71a81129fbc5ce77c1180439887dac3cd37c4964a0fc180f1a0026eb2eb8f31584abb38e65e14f4

                  Download Submit