Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
48s -
max time network
50s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
09/06/2023, 08:05
General
-
Target
http://edp445.com
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" http://edp445.com1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" http://edp445.com2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.0.1324077578\1171018631" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f58d18ff-ee04-4880-bdc1-034d7ffb7e7b} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 1916 2279bbd6858 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.1.1537019692\1571528190" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21628 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e9e1ab8-d67f-46d2-8bca-ea2bc220bb3a} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 2424 2278ec71658 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.2.930791695\1043618137" -childID 1 -isForBrowser -prefsHandle 3172 -prefMapHandle 3168 -prefsLen 21711 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53581c17-aae7-4385-92c7-19b35ccba0ac} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 3184 2279f9dba58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.3.12616908\2115103050" -childID 2 -isForBrowser -prefsHandle 4116 -prefMapHandle 4112 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94dc4e05-868e-45c5-9a8d-243bae7b87d6} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 4128 227a0c34758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.4.370794534\1645642781" -childID 3 -isForBrowser -prefsHandle 4480 -prefMapHandle 4476 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e9d4e1e-308b-46e8-9eac-6ba7f51bd520} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 4492 227a13cc458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.5.1413849005\2040651640" -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 5064 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b6c612a-6b3c-43b6-9ccd-aac8e298724d} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 5172 227a2646258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.7.1989937216\898000103" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5176 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25101871-2131-4374-8de1-c10db43a4730} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 5380 227a26c0c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.6.768818973\1249355183" -childID 5 -isForBrowser -prefsHandle 5152 -prefMapHandle 3380 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12082ce0-7765-4622-8ff3-2beea88b4e52} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 5084 227a2646e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.8.2017476899\1774190628" -parentBuildID 20221007134813 -prefsHandle 5492 -prefMapHandle 5488 -prefsLen 26500 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b868a3e-62e2-4e66-b8ef-39be73419f56} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 3208 227a2cf1658 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.9.975412930\407555297" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3228 -prefMapHandle 3196 -prefsLen 26500 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c665f76-d74e-4fcb-877b-fd8d44103d58} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 3220 227a2cf0158 utility3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.10.1232506890\433390595" -childID 7 -isForBrowser -prefsHandle 6052 -prefMapHandle 6056 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da1878ce-5d07-4d4c-8fc0-86b531c4ed2c} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 6044 227a2e73258 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
137KB
MD5321acc9f408656d3ebeec689752dbe9e
SHA1d49cf60e3a4b464e4f9f42501c6a209a89517073
SHA2561c72a9a1968f3d2cd1dcff5255b8a03e997bf88b452485c29bf987105db6e86b
SHA5120b239c62a74162bf855235cae171baed4299721fd2fd31cdaf8564721768558b3d21130a6d21dabd53cf2ad3c322f416d132245b8ffe79ea0fc03226a1fa8042
-
Filesize
10KB
MD5dd0952ba96aa4bcc365e5c49be4afebb
SHA19ecee09bc135064eeba927007189b51eb9f11063
SHA2567ced067f6025c90467e6121e669aa0e3f3c91129ab28d534cdc82a3f21281d1f
SHA5122c85b6c1976e21f780982e9d4cfd934fefaf58b230a3d70bcf5cf8d3e2ac336a15a95154db43c75b14eb77526db0fc0ee423db1c88001039852bb644a0d5ace9
-
Filesize
29KB
MD554faea91aa245b20731a33336e176d8a
SHA106b5f128488efc9383a0b07fa6e277b83b1960cb
SHA256f52e00b8c21138acd909fcb79af57bdc0dc1c3cd42daf5d83e227367c8f65444
SHA512bb2fde722278e1ff06794371dc0bdb82cbbfa258d7a86c6449223212626f9412c915afb5eb1fe434aa998b4f8b61ce25c0d89d047e48eb269c95e5ba3933c26b
-
Filesize
10KB
MD5fc90fed34752271f0e01a8336403303a
SHA150a13ab2bc3313582c49cfea9a32be62586fc357
SHA2562791ce1fd5bfb01fbb1d2b1e45e7f210a56a8cae01da0b0a62d6d93889a4871f
SHA5120c7b0e5b1edaccb9c3df0b5517dffc3f5457352cbfa164e82f8289c43710f54a4d0bf2ae452ab4f1d71630355b777e75e88c319d6438439689651df6953b1993
-
Filesize
25KB
MD5476724151b55bb1890e2bf8ea17a6bf2
SHA18d8247fe2367518afce81d7615016f5d9af38bdb
SHA25602e4bec0bc3a2cdeaee1aa028539597847c653b8024e4c5739f6f225a55c1600
SHA5122e141d610fa07adbde3e39798b8dda842374494ba2b45c82083194937ac78d7b6a5e8f9aab4a499479c9d1a3c78bb3805e338e433756e73d14decf89e2a47a38
-
Filesize
6KB
MD5590581d3ba5e492782dd4fb3a2b792c7
SHA135de063d4b853c2fda9ed7147a1979310da7d178
SHA256940760194d6230007c4691dcb240325a7b063079f1aa9d92078689aa09af1480
SHA512d638f30e5940bfee6df52d0ab74dbe88f20b0b86e12145700ba112ec580b04da793fbd0721d17f351dc538c8e78f7ce2ca57786d38c1e3396e73e6e011071edd
-
Filesize
6KB
MD59d32054e156c265d2c025d36720d1196
SHA1272166791e51ef0eb23fb1a381ea3a831fc8e257
SHA25654b670b2b5dfd883527f0cc7856f67acff21b203484dc409474217b65d2f68cd
SHA5126217b75372ff3f25bd086cbf2b91d899dc4400c09cb286edcc2c0ffc28e8ea241befa27e694ec3575fb31a4de6fa28ceedace12ee775b8405f9728004459de48
-
Filesize
6KB
MD58b92c5ba90fa945482ba7c35c5898dea
SHA1f6b1d690d14a8fb0126d4680043dc5ff3fd2341e
SHA2569397893829a9b4d5ad8dc2406775f9fe6af3f8c5c95384a1cda8a837edbb0897
SHA512d82dad2c01e2a5b6bf9e550dd8a7cf4c73a2e5f31a6a63148d211d622c1afdaa022e3f7c5b6487010da5d5d332a80a4a325b0242de32a4636a18ebc2eb958179
-
Filesize
6KB
MD59971fa8fa89a208685d3e30835832fb5
SHA15d9972a3bdbd4c18b3648597d2fd9f9fd6e30300
SHA25613417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084
SHA51202b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f
-
Filesize
3KB
MD5b796738655caa92ab32aed226cb10959
SHA1791ea45aa1e460e071b21caedf5b0748a1e2706b
SHA256629436c2d9fb33e098048d5e4317cc333128c938370211fade1cb1626795451b
SHA5124d78daff05367a2d1edb8fd8fd8a933526292f25cec7d1b4e7104d8f8f69206760343a0c91eb9e538bc08b6bce38fcd741ccba900559efa68bc1d42dd3a7d7a9
-
Filesize
3KB
MD53fed5405b4525176b46bbde2c6220911
SHA17c4c1a007b2e34e6d8467968944e2e51d7eafc6f
SHA256a7c6fb64213db08dfef1297ca067a8bb6a8011c05e42a37ee45e8505c63e9d10
SHA5126d4bcb50441ea4c200ab6b9ca7f47d638146d2cba78faba9214bc3c51ca8ef8dc4265faf471c1dd327108d6937ae902433a2769d6927db47b799473218339e39