Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
-
submitted
07/06/2023, 22:21
General
-
Target
https://microsoftonline.app.box.com/embed/s/s030ugh9tqqyd1lshzlgz59r3rht11g2
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 50 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: LoadsDriver 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 8 IoCs
-
Suspicious use of SendNotifyMessage 5 IoCs
-
Suspicious use of SetWindowsHookEx 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://microsoftonline.app.box.com/embed/s/s030ugh9tqqyd1lshzlgz59r3rht11g21⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4428 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="900.0.1149579614\1505056336" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32efea21-8351-450d-a8bf-d9f1b812e5e8} 900 "\\.\pipe\gecko-crash-server-pipe.900" 1916 1dcd6c16b58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="900.1.1623210911\610531399" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8548248-b53c-46ce-8506-702189cfda88} 900 "\\.\pipe\gecko-crash-server-pipe.900" 2316 1dcc8c72258 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="900.2.44361354\2128078299" -childID 1 -isForBrowser -prefsHandle 3300 -prefMapHandle 3296 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ad16590-0d33-485e-8ea4-76b8954b7622} 900 "\\.\pipe\gecko-crash-server-pipe.900" 3308 1dcd9957c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="900.3.1338380791\345369923" -childID 2 -isForBrowser -prefsHandle 2884 -prefMapHandle 1200 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da04227b-b395-4f3d-961a-ca68214f9edc} 900 "\\.\pipe\gecko-crash-server-pipe.900" 2996 1dcc8c67858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="900.4.349238662\409884580" -childID 3 -isForBrowser -prefsHandle 3972 -prefMapHandle 3960 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f531e593-9891-4a94-acf9-8c26d2cf0ed6} 900 "\\.\pipe\gecko-crash-server-pipe.900" 3984 1dcdaa72258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="900.5.1124253243\846517994" -childID 4 -isForBrowser -prefsHandle 5064 -prefMapHandle 5052 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5eec45b8-23e7-46c6-bcfa-29e4d1e0edf8} 900 "\\.\pipe\gecko-crash-server-pipe.900" 5008 1dcdc30f158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="900.6.679724897\2042464260" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62030dd5-f900-495e-9ab6-ca25491620ff} 900 "\\.\pipe\gecko-crash-server-pipe.900" 5176 1dcdc30f458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="900.7.1997904442\1285432308" -childID 6 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74b2f6d6-084b-4dcc-ba7e-1ce39019c157} 900 "\\.\pipe\gecko-crash-server-pipe.900" 5388 1dcdc30ee58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="900.8.629289440\1860692840" -childID 7 -isForBrowser -prefsHandle 5688 -prefMapHandle 5692 -prefsLen 26939 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82021681-51d9-4f0a-ad86-050dc88354d1} 900 "\\.\pipe\gecko-crash-server-pipe.900" 2904 1dcd8aa8858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="900.9.1126501799\1420090492" -parentBuildID 20221007134813 -prefsHandle 4180 -prefMapHandle 5832 -prefsLen 27114 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e78b7b84-4e1e-4e4b-96df-dc8034fcbbea} 900 "\\.\pipe\gecko-crash-server-pipe.900" 4740 1dcd84bfb58 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="900.10.788969021\2111785801" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6080 -prefMapHandle 6076 -prefsLen 27114 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5fc398d-1cb7-4f71-8c0a-2e5f8a0e7cc1} 900 "\\.\pipe\gecko-crash-server-pipe.900" 6088 1dcdd2b8d58 utility3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="900.11.1128897266\1083508250" -childID 8 -isForBrowser -prefsHandle 6252 -prefMapHandle 6248 -prefsLen 27114 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb4abacd-d316-4a5c-b88b-b08bda383da9} 900 "\\.\pipe\gecko-crash-server-pipe.900" 6260 1dcdd763b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="900.12.164055366\301477844" -childID 9 -isForBrowser -prefsHandle 6392 -prefMapHandle 6396 -prefsLen 27114 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc6178e0-e8cc-4a59-a6b5-55a67ff7cc1f} 900 "\\.\pipe\gecko-crash-server-pipe.900" 6384 1dcdd762958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="900.13.998876796\183631081" -childID 10 -isForBrowser -prefsHandle 5624 -prefMapHandle 5392 -prefsLen 27114 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d631d6a-086e-4ea0-8e05-8ecf3ef0a7e1} 900 "\\.\pipe\gecko-crash-server-pipe.900" 5316 1dcdbe96b58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
471B
MD59f40f0353257052e597cc6a63918ff40
SHA11c28ed248cce39532cec1a8685dbef608f1fcc1a
SHA25671ac9b72aa96f07fc0108f5762830c2007eccf77726516bc4c31de6f619e04fd
SHA512f9b9c9377b51d371d7e1691e46f5be78ec11745fafda0713844c6aba10c075afa8e07b9dae67794fe06a1f8d99258d016b7afd386d5a257c57e3bab3a1318713
-
Filesize
404B
MD5f3ef050ef91afa1c704db94fb3a96f89
SHA10b05b3ebd22362b63dfd14af5524ec9b179c8491
SHA25658cbbc8701cfd626ee2872539373628db8385ecdfaa3faba344e9172bbc4b77a
SHA512faac7536a2e8ab8ae615d45ed15872081156921558be9b1f11419b2c19ced4e3f5989ae5a931e72f3b6abc74e91833027d273a18d95ffec8edf036a5d3d17fd3
-
Filesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
Filesize
15KB
MD568d8c6964b899bf6b1a3f7d6873fcd8f
SHA140010b3aa6b5909e6152713a7284dbb5ecc0a35e
SHA256c55b9abb9ebf01eeca66e926c4ab33e224b8b4237caeb6afa7659d2ee6e092d8
SHA51232df3b1de3b0cc2b3207898beac5b73d97bf1228b4e57be352bec061a1044c9e74922249299194ac0f2fc2e8d4e804bdfab7e64fc637f8c1fe577b970c084775
-
Filesize
265KB
MD5e1e5023a4d0b29824c8a6937ed303b03
SHA193159ba90e4aca126c45282d047e4e1d544ad100
SHA25680745e4a131f2f16302232f53845bfa223915a3465369a40a9aa777d2c0a30bd
SHA51209a87aa0383d5e78faf21cd63e4ee6eb875ac39f52aaf0805224ddfe39b56e91eceea743b811c2c8473a0113bda678c472ead4feca207004a37699d051ea68b6
-
Filesize
43KB
MD5acacc405341b856508b5f88f096a3888
SHA170f6bd87567fa6e60dd2dd55a6dcfd3d740b1f58
SHA256cba6ba86024e2d3dff8069061cdaae34c9d1feba6ac4fc2dab9384b974b790e9
SHA5122180264831f2e50f2459e396bf7607b50350c6043d000d9a7e5a91baeb917afff504bb6eac791351014007bcff681ca86d4f9bd4e236a0ee50a14bdc55156672
-
Filesize
447KB
MD5bf0600ac48a7858702ea081721d0e35d
SHA1c7e78420a3fa7cc2f4333e7925f323c03291d7bc
SHA2562f30f1c422b03a707671e6948c4326879a88ed3de8cf5fe29334be7c72c37b46
SHA5125e8305d8542899e51e4fa6c2a75d63c3dafde83a81a1d347d8297749ace1ce63a742a76ddc7c662d8ec0b2996eb8478a515dc68154f02cf5a2da174fa2b52e70
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
24KB
MD53f610b8abd958927298d20668043ab99
SHA1aef63ca77a8296ef0343546b3cb047d1f6b2f07c
SHA2561a8186051739fc4711f067187948189d9018a3db621483ad76b109fd1030dcfa
SHA512e7b6a65cd7f8dfca97be79f48a664f553b743dfe8e58cc14856c8d75bcf5928e488364af272d8eb6e2901b91b1b59f8165bbadf50bd6b5897ad2ff575bbac536
-
Filesize
35KB
MD5619af4aa606038295935e2d6886d5be1
SHA1c6f5a5af3003b571208e91b409a45add58c17949
SHA256f6b0b0ca639abadb602e0ab138764f12062f61979641f0a64546d2ecfa45aacd
SHA5126c758ba1f62b1f13673fe43d70a20a03818679a01a0f8a8749aa921c281cf3f0859e04af45b838ed1f60a4f8b7e90d0367cac19cc00dfee935ff5d9227bb8491
-
Filesize
14KB
MD52a913ca63e1456f6bcad7e5501ee2665
SHA1375dc98eb99ce4512add65d90530a3e67264e67e
SHA256ead499d8460ab5491c4353ef571093af930b7e22efb947d073710a2350ec53a3
SHA512cbfb98d2db05099c3f07228c97f010e573578b6445bb5f64d81b2368603b0ee86610ac5826fd12225b6efecdbb1af99820564cb2237651a3bc9c6faaed47ecb3
-
Filesize
129KB
MD5df89c4beb529975093e2fd2cbab59333
SHA17ffe9ae59a65d1f05896b1f5877c84994b49d424
SHA2568ee1fc9180e78ab58568a0133279d4f01bc1899f00cb38e85eabd93807f0caf5
SHA51282f614c9d494237902053b46b5e504f1bcaa496319503c97e1514333ce37ba3e99676c45e3e15f55400ce5d0cd63e2e9e12b72fb1bf61a6899f18c33c8053b99
-
Filesize
151KB
MD5329ab4a41e2d7c25170429a406b83396
SHA1fc2972ba7fabb41d7d486d2a21af5cc24071a679
SHA256b1e24d9423b38e14792c9464bc74a18e87e96f22e9fd25d0854f5c572d54b90a
SHA512acbc8394d6441685695b8693831a5dc76de14249d8d053eebc91044f57730576165f2ba49470d19598783c2a53cab938ddf7eb5221f60fa2f3dc0e59cf9e60ce
-
Filesize
90KB
MD55aedf5c3082bffee8361e5d667d0b33b
SHA132f776d0a8109b722a23b26ab8a1cca4e64aecb3
SHA256d98d904ffe7bef0a07c7b5a22405bfd015723baca6db45afcd6982e19db8bcaf
SHA512294f993ff6ea0c0dcb2120c325d38fe4147353f50c52cc8f71c064e1fdc92288fd3df73eb918a77cad16c15ea69eb4e2b17a56c0d19ee38b1ff4b0eb8187de18
-
Filesize
6KB
MD5bc5317e3f9f0440051fbf75f2c80a6aa
SHA1ace497c6efa923d1d5f5eb4516a51fd62040799f
SHA256c474e1a72ca5408e95577d30797a7cf8c5c6fde5a2991b1e0683ae9f30df19c1
SHA512a258fa6438bbd350b18a7cf7cb2ab563b69399f3d1981bd2d31a203ccad8e0b97729ff77e41cdeda49076fa85871c2a08530fe55160ee94a05d3a0da863ce79c
-
Filesize
6KB
MD5a9a922adcf6dc7f9c5d9b4d56e8a835c
SHA1f4c420e4f4019e8569a1ac5da65486fd088316b2
SHA25685f1bf81280a9c8016722fe87f95c3b72823b60591d76bcd1c568906dd9b5adb
SHA5120f0b8ca4915f696614e6d205326d7303c5acfc8de5e3929a4c79bfa6532ff9611b31496bb04cb0a41b0f805558b5381d56787aeb45274e685cb441861bc83001
-
Filesize
6KB
MD52813962615f6fd33c63f368d1e83ca11
SHA17deb4e2f9436c614db4a6c0a4b8a395ac907080c
SHA256e1548f57978b080f55675b35e11e70def48232f43caca8dceb9966a7f841965f
SHA512b28c5fae2f208b79ac149635f84698f5103c1e4d773162a08e1d04d6044d545c6513e076c9a58401882269edcae4bdaae9fe04c1b633429a20bc205177740280
-
Filesize
7KB
MD5cf66cb3f1e0d75dedc5b66ab2a124a9a
SHA194f2d8714e178fcf72d6704b91443e285f86b203
SHA256d11b1486d721b56477cec1923ed967f4cf2e58c342779fe69c76f1e03e8523ad
SHA512697ce426edcb2b91418e72f73c1b7f77375e1e79909dbcf30694b5dae26ea8054a318126ca8977ac6cad2ce95bee7d6f850ae990c13ea69bd7b2edcf65af680a
-
Filesize
6KB
MD5fcd5f37e5e4066f7cffe8eb106b6ce19
SHA1b0a1c4d3d5c96271429fb09cb71055d177c13402
SHA25638dbdb91f24f8e138803d71d0f7e4758fbb78e7f657208325fe30a501e225c67
SHA512afdf7697bc784c3c85f30a8a1e4caa32459cf7f19c1ffacde04f62f089218ff1899ffe69fc465677d719546c8f91bea0d04807b13d58096f79aeba8eef0a0a15
-
Filesize
5KB
MD5990ce0cfb08b83141cdeca9ab7f3c1b2
SHA1e097640f1f9258665dd5230f657cfff30eadf1fb
SHA256e2847c3a50f2880705afd922041d48aef3786c102c272971d81b8b1aa75b5476
SHA5125f31593181ec89cfd9a618b641cf7ff952980e63af2bee9890176581f0438e0e91db3ef2e2d768444b95dad6330a5a25f5b942f22f0ac1008e53d08af66ad436
-
Filesize
1KB
MD540f3eefeb24fbdf9180dc5ed91a0554d
SHA176634195baba446ee0366ce48a5bdcac947e5339
SHA2562fbcb22b51ceb244b4027b057f24c8405de484c9bcf82503f76a5750249cd556
SHA512629defe9bd8bd1e6de0a40abc2667652155b953b9ad854b9889fdca22de20cab849e606304917203f84ee72f81ca82fcf0da1ee326d0da6f9a0336df84667779