Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
69s -
max time network
71s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
30/05/2023, 08:21
General
-
Target
https://hostg.xyz/
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 46 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://hostg.xyz/1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5080.0.1344865957\1408455621" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1736 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {818bbf3c-a132-41ba-95a8-22e9aca455aa} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" 1952 1478a117158 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5080.1.757448676\1098212886" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4958de24-d49a-4cf0-ab98-e009e1dbc635} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" 2316 1478a653b58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5080.2.2108991211\2018976523" -childID 1 -isForBrowser -prefsHandle 3144 -prefMapHandle 2924 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {242f4b64-55ae-4748-8567-7b5759c9f4ba} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" 2720 147ff890958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5080.3.327998204\710364123" -childID 2 -isForBrowser -prefsHandle 3396 -prefMapHandle 3404 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8897cb05-c04b-410a-9d85-71b31033e5a8} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" 3056 147ff825858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5080.4.1110117751\84780469" -childID 3 -isForBrowser -prefsHandle 3524 -prefMapHandle 3528 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {703c8c3e-7688-401f-8bbe-b63a41a9f1b7} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" 3036 147ff826758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5080.5.1716074633\480747462" -childID 4 -isForBrowser -prefsHandle 3716 -prefMapHandle 3720 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e882ee70-7754-4ff4-84c2-8b84f6a95d5a} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" 3800 147ff825e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5080.6.541596066\1330109522" -childID 5 -isForBrowser -prefsHandle 4704 -prefMapHandle 4700 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43efd4d3-dda6-4463-bf11-b962c7c89755} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" 4708 1478e827b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5080.7.439912456\1834276014" -childID 6 -isForBrowser -prefsHandle 5128 -prefMapHandle 5156 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dff4a8e7-d5d1-4025-bfda-84c3ecdd5a10} 5080 "\\.\pipe\gecko-crash-server-pipe.5080" 5192 1478cad4558 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
471B
MD578e9b4e882c43acc881d686739d07f2d
SHA14e6cdb6d30eb906b050697ee001d0d2205e442b9
SHA256c1358626993d7c983bfaccf9759a8a66fd58cb66710d6af0ffe4f187178ddb91
SHA512ca301a71f7e6c85f1fb2e7af0cb3eac48daaa184ce6c01b4209e62ee9958a293eb3276713acbbdbe74fcb989262c31e6719e5c0a6bf53684ed45dcfc231847c6
-
Filesize
404B
MD5b7111a5fd0448bd726c2745b7d064f13
SHA1e3d0314bb5905b93570d3942d8ad9a341601aef3
SHA256c06f228e048fc396f0c86ee94ee6b08b9d3207a37d5ebea899e2d03d11e0bab4
SHA512a6f396d90de0aeb1f78920a92e0342e9605bacff7a75a05d764c63009b9a6f19357e073927ae3c41b2b7418c7b51cc18127f321f2142fbdb298d119991815740
-
Filesize
140KB
MD5e39a3bccb69c8ced6dbe67d22a06ee1c
SHA10e8eb539ea5e6f734744178015d2e1a0658fe87c
SHA256897102303a4c5ec0347d40d1bf810c14768a0b208f072a8721383c04a5323970
SHA51252dce9c0130d7b743be7de0989a87ced11adcb3dc37ab33085292451b9cfb743a7fbeda5dac4feae78029c756355ef1c8c3e9b5652650b49495ae864f8d2a072
-
Filesize
16KB
MD57da0b8b343dc671b49a136edacf20bc6
SHA155f73674325c899c62067511d6e6cddfd5d6b161
SHA256480af318f36fdf5aab2a56105c66ff4f3a6bc231c0d521f345eafc3c9eff5388
SHA512899dc9fd5f3f47beec694add359e1f2eeb0ef11409267aec33efa536728d54a085d1b20c43ff49e34b08ce5f950b136900896afa4b3a628bb1d4a1cfc5fb487c
-
Filesize
6KB
MD59d43a88abc5e2794feb303be756678f0
SHA15c2935d8fbe3f5f93fd41ec591d5cbe73fd210d4
SHA25669c2426c67260cda6a6d72c9e69bb0375356022f0ace487672eebdf92a3878e6
SHA51224ead49a7ef390233149368495e3a5e2ed2fbc3e31f1a61c9d8246708862255c52140f38dc425ae1556d3b1df0513d764f94c3f64d097a99b639e0763db6f516
-
Filesize
6KB
MD56cef27eea66db27826fe0603070c6101
SHA15abe032b644922c8b05051d587dba18b746b1bf3
SHA256f28ac0b7aa1b166ecca30b59173f5c30e291191b30553740d6424eee6b200a03
SHA512d9d9725eacbb84d337c2d9c44e64d34b96b3658403e29697deb05b19cbcd803a085e89b61981e7f6001f189900b1d15d36caa841baf98bf66fef9513d5c72897
-
Filesize
6KB
MD50d753b2df6ef00f98eeab0c884804f96
SHA19a17be48a280e5370db1e9cfad8f9652c518934d
SHA256d45687fbe0c6c4a368b1ec4c9f114be099a2624520d00f85135cbe500ea86f06
SHA512f2aa6be0b4248d62f33617ec94ec6ca3df8be31b7d950ac78b63fe2f9f083c9618d01886d5e2b46f36ff6797398aed85a486db16095f60ab91c677cf4e2bec2b
-
Filesize
6KB
MD57aec1858d6cedfed8f4a47d9f1ca4503
SHA1d55f035b0d4d3990c0f105bc63682f1f1941d712
SHA2560e048a7445497a1f1f7f281734a1c2ed0ee4b45659f90dd57b37eb7f890c4d33
SHA512c78418dcadb31be41344a641859a95f9a180e3aa40c8d661124485a7cd4d06e59cda8d6c02d04535bb7d9366661d0fe5d15b3d60d43d793944957c064c9f8dd5
-
Filesize
6KB
MD5f13ec5021e02518ba050da2efb70b7df
SHA11a49ceb1a28af49c94fa8831fb3167452bc6965a
SHA256a6dc7f7ea25e46d8c860a76cfc770aba518090f2c6a3e3b0332c424a9049c4a3
SHA5123e8f96b4173df3ff1f167fa5d20479c4b895fb871e042f42420014986696e5637498b181dc767c8d23940fdeb6b520b4c4295fdb7fcefc42e9943264380bddb7
-
Filesize
6KB
MD5feb8a52858c8167a58f36caa1b37f116
SHA17ae7f9d2721ae3c579f9e18e4fea679e8c848158
SHA256adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a
SHA512109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16
-
Filesize
1KB
MD5f65dd19e43ce92d301134273fa3db7af
SHA1491d3cb624a60a2c0d4f1c79bdaa3d1f0f760ed7
SHA25644f4c1f91c8787d597e35891161cb928046696e68b0385c2aefa689c8a4de49d
SHA512469d1a64df5ab81d8839e85522b051c35716d18ddd2e59ccb3d4dc46e8e522effc6565ff57dd436bb8b3f85b29819f7192875c542cb902e3a986c08d5a7c202d
-
Filesize
1KB
MD58dc8a5e0ccacbcd4197a67c4dd85cd39
SHA196de21439bb20cfcb0d583ab690e0dc109df6aaa
SHA256da326a2605c268817c1ccac43d8e6b6664f37a91586843ee081152a8b380c312
SHA512ac476b01ee9bfdc6d56ae2317f2c04a3379d73871250aa9ffef126d918a2a34b98c45a0b415f9a2fa75f2ec3a5dcc10893abdfa44ff476d6bad8c6d002a9f946