Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
270s -
max time network
272s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
05/06/2023, 19:10
General
-
Target
https://in.xero.com/U2FGRgKV3ngh3Rl27BYBn2xX0TcUg1i7wzESUyzK
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://in.xero.com/U2FGRgKV3ngh3Rl27BYBn2xX0TcUg1i7wzESUyzK1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4052 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.0.731159088\388490959" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33abe64f-aa80-4705-92b4-b097a708f892} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 1936 2f83e206858 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.1.1374109042\2024259234" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b53d047c-0853-499c-8ff8-1d63dd19ec26} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 2316 2f830272e58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.2.1655670342\1602546006" -childID 1 -isForBrowser -prefsHandle 2832 -prefMapHandle 2812 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {662740bb-f87a-40e5-bc92-c71a57f775f2} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 2820 2f83d181e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.3.1892251855\1610793968" -childID 2 -isForBrowser -prefsHandle 2452 -prefMapHandle 1460 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d66494f-3de4-4523-91ee-be75cb46dbf1} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 1076 2f830263858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.4.963109255\2068233068" -childID 3 -isForBrowser -prefsHandle 4032 -prefMapHandle 4040 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b0c3785-1d00-4507-b113-aae1b3952d31} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 4108 2f83026d358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.5.1286551759\878041597" -childID 4 -isForBrowser -prefsHandle 5116 -prefMapHandle 5108 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4deefda-1df4-4d14-9692-d51ee37fefed} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 4984 2f843a11158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.6.1968316211\1368571666" -childID 5 -isForBrowser -prefsHandle 5244 -prefMapHandle 5160 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {532c530b-61ea-4be2-9d41-135e6055e0da} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 5236 2f843a12c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.7.407021320\784213820" -childID 6 -isForBrowser -prefsHandle 5332 -prefMapHandle 5336 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5b3992a-00ba-43f6-98ea-b9a8a2ecd16d} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 5324 2f843a13558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.8.1353834284\922985526" -childID 7 -isForBrowser -prefsHandle 5944 -prefMapHandle 5928 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed7539b3-6049-4eee-8fb0-0c66047ac905} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 5956 2f844cbb358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.9.1086718403\2091396265" -childID 8 -isForBrowser -prefsHandle 6116 -prefMapHandle 6120 -prefsLen 26674 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {439ed4e3-f488-4dd3-a5af-55eaa778604c} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 3924 2f830271358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.10.1582651104\495381808" -childID 9 -isForBrowser -prefsHandle 6224 -prefMapHandle 6212 -prefsLen 26674 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7712adad-8f97-4791-8677-def09a1b1a38} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 3700 2f83fa79b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4068.11.594187509\1522816500" -childID 10 -isForBrowser -prefsHandle 6228 -prefMapHandle 3700 -prefsLen 26674 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {168785bf-650a-492e-aef1-8a075edeb56e} 4068 "\\.\pipe\gecko-crash-server-pipe.4068" 6232 2f840044658 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
Filesize
88B
MD57239cf583b8adb1ceb9414edbc0f6cda
SHA11ecf03844c79aef1e4185d189f5627ed93c4aafa
SHA2565f6fb58ab3f3b91b7013aad88e09073fe1b51184f3ded8cf04e4d61f44a0ddf3
SHA51218a8e3d04190b15360a88d28eae0906467e2b5600e60687a7a1c0a4d0e336c18596d34d4d8772dcf1321c5b9de359fb8986c65636ae5a58c56f3f0b92617aca5
-
Filesize
88B
MD57239cf583b8adb1ceb9414edbc0f6cda
SHA11ecf03844c79aef1e4185d189f5627ed93c4aafa
SHA2565f6fb58ab3f3b91b7013aad88e09073fe1b51184f3ded8cf04e4d61f44a0ddf3
SHA51218a8e3d04190b15360a88d28eae0906467e2b5600e60687a7a1c0a4d0e336c18596d34d4d8772dcf1321c5b9de359fb8986c65636ae5a58c56f3f0b92617aca5
-
Filesize
585B
MD59cefa6d3cd09d40e2260df940376b38e
SHA143184c27c377193da15df8a54f148c7467d61a20
SHA25635edba125e082d1cf5c72d2f7a85c65d41ee42182a4dd2ec1bd42165e5dd6bf8
SHA5120c22b9c24ed040893da15df62db0626eb631676b5093c09bd04b94c129944d6182845fa9bae45a0ab56707a7ba0f7ae9f35bbde2a7c0c23319415abd404cbb42
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
477B
MD5171f07bd0491bcc586b2fea0746bef76
SHA19f31c9cd20517a8c8b518b87927cead1182a3ab8
SHA256a9f1e33004e0c43b01f9cf26289636b459d016b5e9c290db1368517b241cbb5b
SHA512b950fc75a527bd8c2bd50b75a5a5ab5234f44c14cb06361afafd07863ad867b5784b1c6bdd75f9aa68afe96aa9facbafe2246712a02d172025d8d48b708cca5e
-
Filesize
135KB
MD542c0efc489e49bd8a76ae8aaeb794f57
SHA1c092f3bf63e07f809e39df67c3b8fdb1e5b70b08
SHA25658fdbf01d1c6dd2264a1e7981351cf34783593e94bb4cfaa07c25dcf8ccf8461
SHA512f060a8870c2eeeebc5a000c32f3e64c1236f327c48dc42d346e42d48914fd66b86d8e71477ad9bb90a9a2576f3fa6f1066177ad99f40097502ddbf2e5bd031df
-
Filesize
14KB
MD59c770baae3a125d81f0d3416be387ce0
SHA1d49f0e8a061c69903cda3bcee045983b4e9d2967
SHA2563df9df9a293f146c8cbae20ae0bd610c93ccfc0770ced1d8b8b5b0536cbd6c1e
SHA51208019f62678e84cfabc9ae99428cb74b985c87062ce950151f94c15118411a8076d29dfd698f4ec7d07dd298b45f5552c68fee445e50ce61742a693658d0e84d
-
Filesize
14KB
MD5d2e110be9a65c4f306cbc34d0574dea6
SHA1972f21bd28cd74ce0d3207a0605817b399fbb316
SHA256406de4bb2bfd8a8e11eda6843205cc86c2d0b6286881bdc8054f32bd9bb58b72
SHA512b735f86bf83e2f7ebff3b28d116d06c38236509fccac20725b6cdf3f7a946ee1c0e83b23532869410ff2869bfa66b0819343598d31694ccb9ff182abe98552d8
-
Filesize
36KB
MD56658dde0e1bff8762f87c711a0f2627e
SHA1981ef39d9d81bfde096d21514a48a6b3a310fd97
SHA25677efd55121f811aee5ad459ce801f1b87eaf294e67c479f492f0358e06235b42
SHA512b6063a334732d83a7ade9e9ff7bd8d64694ecc3a2698718c16030166b47a62ae75031b12e07c995f313e606359578407f6a79b42d98cb8c7b32f3568f5abe754
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD5b8f531f85bdd8f6ee0e4f320c4626d36
SHA124f75e14b3c414ae8ed6d733a0f127b32f9aa782
SHA2562707c885c16ea3549158c73fd349bee71ab5ac2738a872bdc8666d4715cca8ce
SHA5126af5feae25d4ea403108d8c23351930c916eed04cb1fca231b83aa8235801b3fa026140a7f6a941fc4cc19dbe83bb374f77d74bcc3e4f156a2fc1d7a7cf3e848
-
Filesize
6KB
MD572437354ca70b0624599e7183a315ad1
SHA1fdba33e0f1d4ec06eccc60bfd4d1920992798d3a
SHA256576c2ba19c66a780756f4947b1fdc8241d772dff020102e4c47f05319bf24372
SHA512efbbdacba5ced8fb27439286bf29e4dfbc84cf21935516f94ec5b711874fe497d91d6db74a60186c483aa49c7998f975f4a685d7c9d85c5bd8b8a68d8e9f139d
-
Filesize
7KB
MD55956d05cdf0c9c66057105097652c397
SHA15cb1baec72953e0f076b6cc065d1ec52bb3d0398
SHA2563062cee1f6099aa2cbe61a25ce906ba6c0daf1dd332071aa94c287f5baa90699
SHA512e4aa3b7c0a1c448c91ac56892ebb70e61cb948fe9eec666ed1547ba87cee3d419f5ebb986bda905a6d50a8fc0555a92d7f388f71266278c3111c5b52c0336a7b
-
Filesize
8KB
MD54265d726710cad38b5fdf0db6902a0cb
SHA117df2e670a9f782b35df8be415884b5a5a88a715
SHA256418a9b1e83afbdf67a434886cd9c9ffb84208e2d0108910774b4da30c6970a4d
SHA5129ade4aafc4b4e4775a0983ed99ee0c978b5ee13fe1ac0719811124c3944502044b87bd9fe78390137a3decb52e8ccaf8f1ce0ab0f811d72798a6e1a961dfcbf5
-
Filesize
10KB
MD5ed1fe932e7968528592cde361dd719d9
SHA109d71bfded024384a17b3951e5694591aee90aba
SHA2567ce76905b131a7de47c1d5991d95c4bd91e8d3c3e7453cc1c083df07af132185
SHA51250cc1bcaa7e3580c2e6b901b5be621cfd0e34337c20f1723165c192c81e49b866e6c2f5cb2e31a3b953d0dc47653d32265ece9fd536751cdb464c084327db82c
-
Filesize
10KB
MD5cc28516d68630019d3a12ed25cafbef7
SHA1cd9ea73f95e72046a472b419daf7ec50fde37c18
SHA256279aca4d772d22d63882ae122b346760ec808d280bb701da1cb6e657a70c2a8c
SHA5127676559d1bd32877505cd8cb710bdc58fedc8f9c85ab761f68e259beec5e816c33d803942d48c9aad8a23ad947bf7d0a9530a603af3413bfc3fc1cecd0e69e5d
-
Filesize
6KB
MD51984b45f201f1fd79d2154406648433b
SHA142f082dc6d4d43333688690bf4dfa7c7f8b618ab
SHA256000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9
SHA512e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc
-
Filesize
1KB
MD5d4c9782d53d56fa57fbd0012170729bc
SHA16c87d9b2134ad3a1d36e473a8da27e174484b879
SHA256472faac8ca7daac0f9ac3a2df16f726eacc3456fd7dfab5f5f8b8911687ed97e
SHA512977d4d1481c6778a445adb2968995ea716b47128415d5b5d93f90143d669651da14cbb45825c187703150352c5d82ecf002fce2b01295f76664c7409fcebaf2c
-
Filesize
11KB
MD5f03b67f0b2fdd07e29b9cd1682b1e7ae
SHA145377d9ade1d17fdb519755eab4eb045615491c3
SHA25699b7d81d2aca7a3dc44b1df695ca7d914b2d3a1a76fd8eca6b6cdc809f7d0a5d
SHA512b559df73855fa19aee69da5666c36418e1b9c394dbdceafd1db47255cb76b247f83af41bc84903d2d400a242cd7415a40c5e83146b90680758d295abc40d0471
