Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

v71installer.zip

windows7-x64

1

v71installer.zip

windows10-2004-x64

1

v71install...47.dll

windows7-x64

3

v71install...47.dll

windows10-2004-x64

3

v71install...er.exe

windows7-x64

3

v71install...er.exe

windows10-2004-x64

1

v71install...re.dll

windows7-x64

1

v71install...re.dll

windows10-2004-x64

3

v71install...ui.dll

windows7-x64

1

v71install...ui.dll

windows10-2004-x64

1

v71install...rk.dll

windows7-x64

3

v71install...rk.dll

windows10-2004-x64

3

v71install...vg.dll

windows7-x64

3

v71install...vg.dll

windows10-2004-x64

3

v71install...ts.dll

windows7-x64

3

v71install...ts.dll

windows10-2004-x64

3

v71install...er.dll

windows7-x64

1

v71install...er.dll

windows10-2004-x64

1

v71install...on.dll

windows7-x64

1

v71install...on.dll

windows10-2004-x64

1

v71install...if.dll

windows7-x64

1

v71install...if.dll

windows10-2004-x64

1

v71install...ns.dll

windows7-x64

1

v71install...ns.dll

windows10-2004-x64

1

v71install...co.dll

windows7-x64

1

v71install...co.dll

windows10-2004-x64

1

v71install...eg.dll

windows7-x64

1

v71install...eg.dll

windows10-2004-x64

1

v71install...vg.dll

windows7-x64

1

v71install...vg.dll

windows10-2004-x64

1

v71install...ga.dll

windows7-x64

1

v71install...ga.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2023, 17:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    v71installer.zip

  • Size

    18.2MB

  • MD5

    f013b3230688d8233b2f6c6c4d291531

  • SHA1

    cb778e37c0b3efd640fc64d87255a0e1277e8c74

  • SHA256

    87d9def893c67d19627226d54884746dba578ca0bd53a6c3328664dab270061a

  • SHA512

    1a8319f6eef0c26d5cf62e7fc2de5222d4d1300e2c1c6748ae6987dedfe61e05e9f50bf36ab76184737353e1919f92c1f23bc6285d764571b77e6dc2dba0b8a4

  • SSDEEP

    393216:BOwJbx3m6Sv0mZ8WVfCr3g467vjApzuc14qPDoIxLu7vl5yjRqMVbx:IwTmV3GmfCr3g46bcac14qPHxLuR54Rl

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\v71installer.zip
    1⤵
      PID:1560
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4844
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1088
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3424
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3424.0.1045220806\837013342" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41403446-1d77-4d2c-8318-847631109987} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" 1900 27a5b78f758 gpu
            3⤵
              PID:2072
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3424.1.1223058642\918549186" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f09434b-aa6b-486d-a59c-aebe5810068b} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" 2300 27a4d870758 socket
              3⤵
              • Checks processor information in registry
              PID:2600
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3424.2.1571967284\1830138408" -childID 1 -isForBrowser -prefsHandle 3176 -prefMapHandle 3172 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a73d709-e396-4c4e-9720-39a679f8c1c8} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" 3164 27a5e5f1858 tab
              3⤵
                PID:4948
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3424.3.523572727\639538416" -childID 2 -isForBrowser -prefsHandle 2328 -prefMapHandle 1472 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f01501e-7678-4d2f-9b62-cb9b49bfad2f} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" 1204 27a4d86a558 tab
                3⤵
                  PID:1828
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3424.4.1022953199\348776542" -childID 3 -isForBrowser -prefsHandle 4056 -prefMapHandle 4052 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6964cf4-0d34-4fff-9fb2-66328ae8dbec} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" 4064 27a4d85bb58 tab
                  3⤵
                    PID:2864
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3424.5.1401919081\185576076" -childID 4 -isForBrowser -prefsHandle 5040 -prefMapHandle 5044 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec66318a-1882-4f33-acf1-a147d27900d6} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" 5036 27a4d862e58 tab
                    3⤵
                      PID:3488
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3424.7.1929858046\1496781163" -childID 6 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ffe5aca-3c2a-4a55-8796-8a671173a893} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" 5384 27a6103eb58 tab
                      3⤵
                        PID:4912
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3424.6.1711127075\1997574938" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60c67846-012b-46d9-a92b-e52e377f4202} 3424 "\\.\pipe\gecko-crash-server-pipe.3424" 5176 27a6103b258 tab
                        3⤵
                          PID:2128

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      142KB

                      MD5

                      684b8a43ab4aa3ccd84afec06bfb1a7a

                      SHA1

                      21a1331d445986ed22f55bf7fabdaaa438ba65fb

                      SHA256

                      85ba225c19dbe7f658f6003b138fb572a84e06dac86e4d1d9be72cd94ffae81f

                      SHA512

                      ba1bc4c63514ca4f1e8e2bc46c8852203dd1ba29d7c8e2056b8c6c60b68efa5d6c33e2cbb403ae48995a49bd43d73133d0db4d8f8e11faf3a785c932bbc33302

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      a523dacf97944890a327c9c86c552e23

                      SHA1

                      25ae3cc27ba9975afee7ccb9383a049739ad1427

                      SHA256

                      ac16263bc56fa7d996ff110f1b8fe8b2ed7dc1a03f66ccbeb3983b6eb497a7a5

                      SHA512

                      7e244de2666ac0ffb5205e6e3552076d22ef72df39c0e0e239ea454a8f2e413b7640f29d6ef43d70f36ce7ef0a857e0c962a257bc1e91f3dbe3f69dcf5eae8db

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      2ca68eec3c1fdbaa1ae996ee759fc3c8

                      SHA1

                      54363409a7393613ff528d0488d1cc16796ef2d8

                      SHA256

                      4fe10ac0c622a99629804d64c89b59339a12a63ffb0b56132bfe39ec9b25aa1a

                      SHA512

                      e2fdc625ee7d3e54c1cca72810eccccc3f493253319dad56693d77904692830302564897d7d9c33b876f645bfcd1a5498be9be81bb18932e3333d00ca3408c12

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\sessionstore.jsonlz4
                      Filesize

                      884B

                      MD5

                      f885be2995f0be9302164168db4add07

                      SHA1

                      a276cd8e05cb34284782fd3a2c95ac4609816f05

                      SHA256

                      c4a964f44b39342c59a574588fb121c4c6b9b8752c2e95fbb7c1d0347f546236

                      SHA512

                      843fb3879afc0cbb59fbfa10588af3ce4f76033e8000b94ea1ca32c9c17af2d9a0389e7c67357123c3fed93d58ab041a37eb51af7a1cf23a6f56ef29af0d4cac

                      Download Submit