Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
125s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
-
submitted
29/06/2023, 07:10
General
-
Target
http://snowplow.apps.clarivate.com/r/tp2?u=https%3A%2F%2Fglofouling.persga.org%2Fwp-admin%2FTrip%2Felf%2Frkcg64%2FcmVueUBndWxmc29uZGV4LmFl
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" http://snowplow.apps.clarivate.com/r/tp2?u=https%3A%2F%2Fglofouling.persga.org%2Fwp-admin%2FTrip%2Felf%2Frkcg64%2FcmVueUBndWxmc29uZGV4LmFl1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" http://snowplow.apps.clarivate.com/r/tp2?u=https%3A%2F%2Fglofouling.persga.org%2Fwp-admin%2FTrip%2Felf%2Frkcg64%2FcmVueUBndWxmc29uZGV4LmFl2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.0.1538305778\1622935629" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb165bd1-0c61-4536-8932-0f9e5ad1ef2c} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 1932 1d8b4019e58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.1.1970145391\1822496199" -parentBuildID 20221007134813 -prefsHandle 2424 -prefMapHandle 2428 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {418c3f8a-5bc2-4dde-bf28-f4bb941c5360} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 2440 1d8a6072458 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.2.546582362\1690319874" -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 2992 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {516b3fe4-1cdd-4460-8c0b-3b3626b4721e} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 2960 1d8b6f0c758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.3.1623510474\37862929" -childID 2 -isForBrowser -prefsHandle 1440 -prefMapHandle 2580 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {062fa168-c102-4a21-a718-f490557f2c37} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 3556 1d8b743fe58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.4.1798617301\1558872472" -childID 3 -isForBrowser -prefsHandle 4756 -prefMapHandle 4384 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {097f7801-3656-46f3-8690-94cf45e1fbeb} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 4828 1d8b925be58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.6.510622321\187025800" -childID 5 -isForBrowser -prefsHandle 5124 -prefMapHandle 5132 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e95d19ea-d0dd-49fa-99a3-37379045346d} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 4948 1d8b94c4958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.5.1093915536\82698026" -childID 4 -isForBrowser -prefsHandle 4368 -prefMapHandle 4452 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1113993-e729-4cb0-ab9c-99dd65d827fd} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 4964 1d8b94c4658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.7.494357577\164045597" -childID 6 -isForBrowser -prefsHandle 5176 -prefMapHandle 5164 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d76b4287-48be-45b9-8e02-0e87f69155a8} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 5400 1d8ba275358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4588.8.1620846394\809545741" -childID 7 -isForBrowser -prefsHandle 5612 -prefMapHandle 5608 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1488 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d123ddbe-6df1-43b6-91a4-12f94e5bc582} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" 5620 1d8ba276558 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
161KB
MD585d31fe197199fcd729b5fd363e4381b
SHA166aefb9741eaff702b30a4d9fd016295e11edf30
SHA256cca9f2b3b616293b877f128206b9a6d4478bbe7dddb415c23711dd6b944634cc
SHA51263828b659b4ca630af43413a294f2a8153fca3b0aeb25313d0fc73461a6036bf796d7db26f245881b0e7ee81c554a757cad901d86a680e155f11285d9c540065
-
Filesize
6KB
MD58327386872be5fd975f2c76f930e9565
SHA1a428571e2534a7fd9ba7a978ba8779d3a67d5f85
SHA256eda68f8647cbd3270cc72563e3994a038a91b8839fc9c8a1a3e4aee373eda698
SHA5123267a2e0ab85ee80e347153f03cd2f77d865947131cb3a2fa76ab46813c8a26fe660d9e29540e479063a849badb27775c587378cef452d3f6f0532c46c13ca7a
-
Filesize
7KB
MD5e3580b4a63933c802584e6de6f616db3
SHA1e8f03121e0c923eba213a74c37266044da62a7f3
SHA256bcb21f4c4d7c9c26ffaf69d9b4e1028f9fc4df6e9815856e3a7e82e2bc2619b2
SHA512be3fc1b0ffcb1b4c8229eebb00aca6fdedbcc846f3bda4c8d4c243d6abab34a3894cd2768dba2b5c2c0511ba40df36de3120b6f4a5bc591a1834ecf9e3e36293
-
Filesize
6KB
MD5bf006e31e285eb98ddb13ce1524102fa
SHA16e2c852eedb633099847219dae7918d997ecfca5
SHA25698c24f6aba9f9278cc10112f132fc50fab8761b32f158c3d4fd4275391f5b4d5
SHA5124d84302fc0eb834edccb1e156498a66a594861843f32d397ccbb41b03e719bd74bb4cf21d256235ba005d530f8a7e45e19e1d5c33a4d63335ee7d5b06e9250e4
-
Filesize
2KB
MD53844f6cd976d5b17dce8c0671f936c09
SHA10f026b1d255c6525f76de0d3b3728568296489d4
SHA2569985da1fd60bbb96c6fadf6833f41fbff7293066529230b2a315171862bbd935
SHA5127bad6652fac79901cd3ec43288e36eca33ccaa110087175b9c1a8cdf5283283f4f5c95e8976b6c099b87bc79751ebb4e578d8e011f195926660a24ef5227d307
-
Filesize
2KB
MD5cb90bee252af915c1d1e793bf51257e4
SHA103c7536e6d099c323a9b5139087b49c7421b59ab
SHA256b399693991adec28082c46b8a3cd2a534c754dbca26aa978d036dad2b478e90e
SHA5127457cac8ea10a22fab26da76ba2d9dcd2b46fcd7fd5baef87e65989aa8be9ee5ca50082da7d445a15485c1eb4e4d634257ee9f0ce68a56cf8f07a5ae0847dfcd