Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

images (36).jpg

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/08/2023, 13:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    images (36).jpg

  • Size

    9KB

  • MD5

    a196584e0ce12c3ae9565ba5fad979cf

  • SHA1

    4d2074d0fcc7c7c0c0b53d3d5173bc50697de8f9

  • SHA256

    238c3daea8c214b483dd51830e5b6ca65dd72adb0bd5d72147191e05eb793946

  • SHA512

    3bc99bfb2b4b435c092b9e64233bac894eb8129781b26b403b5c28013d51d27168955d7b4852b0411e9ad3fa819d246090d8c9f89bd7b2b3786b1ba2fbf35ce7

  • SSDEEP

    192:LxTcAJXCzm6tfiFzztyl0KXx9pbo46FWGnLyaox39vNDKQUkgUhE4n0aj:L9cA8m6tfiFzzslDv8FhLE9xGkgAvnJj

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\images (36).jpg"
    1⤵
      PID:2552
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3980
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3260
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3260.0.599285538\1917908403" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7adb11d4-ba6a-427d-bb11-4e47a43f81e4} 3260 "\\.\pipe\gecko-crash-server-pipe.3260" 1968 1bb597d7158 gpu
          3⤵
            PID:808
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3260.1.1526199516\1113608899" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {293dd97c-78fa-4434-8b06-43a77a582ffe} 3260 "\\.\pipe\gecko-crash-server-pipe.3260" 2376 1bb592ec558 socket
            3⤵
              PID:3348
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3260.2.87159579\1186319280" -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3384 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6e7dcbb-2e91-47e4-aa23-d0851d5632ea} 3260 "\\.\pipe\gecko-crash-server-pipe.3260" 3728 1bb5c19f658 tab
              3⤵
                PID:748
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3260.3.13093252\1060963706" -childID 2 -isForBrowser -prefsHandle 3532 -prefMapHandle 3520 -prefsLen 21118 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e9d1307-c90b-4620-b70c-0e88e4b37289} 3260 "\\.\pipe\gecko-crash-server-pipe.3260" 3200 1bb5d130e58 tab
                3⤵
                  PID:4960
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3260.5.461993000\305082545" -childID 4 -isForBrowser -prefsHandle 3356 -prefMapHandle 3360 -prefsLen 21118 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c3f824e-9850-4b64-8725-a13e892d8169} 3260 "\\.\pipe\gecko-crash-server-pipe.3260" 3396 1bb5d133258 tab
                  3⤵
                    PID:4184
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3260.4.213085044\1920070952" -childID 3 -isForBrowser -prefsHandle 4068 -prefMapHandle 4072 -prefsLen 21118 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a482fe1-d57f-45b3-a4cd-b7b812e9d72a} 3260 "\\.\pipe\gecko-crash-server-pipe.3260" 4056 1bb5d130b58 tab
                    3⤵
                      PID:3608
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3260.6.2090568109\1532442133" -childID 5 -isForBrowser -prefsHandle 4612 -prefMapHandle 4608 -prefsLen 26838 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aea5387-e476-46ed-bc97-8aa78a2809e8} 3260 "\\.\pipe\gecko-crash-server-pipe.3260" 4624 1bb4cb61f58 tab
                      3⤵
                        PID:1176
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3260.7.1500172445\593573528" -childID 6 -isForBrowser -prefsHandle 5364 -prefMapHandle 5308 -prefsLen 26897 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d70791ac-8e29-4d6c-baa5-d8d368174300} 3260 "\\.\pipe\gecko-crash-server-pipe.3260" 5372 1bb5e3d0558 tab
                        3⤵
                          PID:2676
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3260.8.276814585\1077867263" -childID 7 -isForBrowser -prefsHandle 5728 -prefMapHandle 5332 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17ebecbb-d0a6-447c-8a5f-ac371a611019} 3260 "\\.\pipe\gecko-crash-server-pipe.3260" 5796 1bb6117d558 tab
                          3⤵
                            PID:520
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3260.9.1752250538\1691830758" -childID 8 -isForBrowser -prefsHandle 3504 -prefMapHandle 3248 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {199185d3-e464-45b6-9140-a5c3ea85c772} 3260 "\\.\pipe\gecko-crash-server-pipe.3260" 3476 1bb5e00a558 tab
                            3⤵
                              PID:1072
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3260.10.1393390718\1630042364" -parentBuildID 20221007134813 -prefsHandle 4192 -prefMapHandle 3064 -prefsLen 27153 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f879f69b-9573-4fe4-933d-79272c79f274} 3260 "\\.\pipe\gecko-crash-server-pipe.3260" 2984 1bb5c1ba258 rdd
                              3⤵
                                PID:1216
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3260.11.92031220\239314836" -childID 9 -isForBrowser -prefsHandle 10000 -prefMapHandle 6272 -prefsLen 27232 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f58ef57a-956d-459b-a040-9e285a4149f1} 3260 "\\.\pipe\gecko-crash-server-pipe.3260" 6268 1bb613e1258 tab
                                3⤵
                                  PID:5052
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3260.12.60944511\405053911" -childID 10 -isForBrowser -prefsHandle 5300 -prefMapHandle 5384 -prefsLen 27232 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {455f7fca-9929-46e9-994f-416e23804f52} 3260 "\\.\pipe\gecko-crash-server-pipe.3260" 5692 1bb6185a258 tab
                                  3⤵
                                    PID:392

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\suuk1m1w.default-release\activity-stream.discovery_stream.json.tmp
                                Filesize

                                163KB

                                MD5

                                a05c4df6d826eecbe28df1a679b6e230

                                SHA1

                                e588bde06d6230d211a682cd5af245841d8a0b6f

                                SHA256

                                1a764a2dd35099971b13b1bc4d0a5e96eebf4776c9d05ea69362909e7772af83

                                SHA512

                                95db82152e2584d919f79f8895260ab563911a4bcf78bc8be2d51a73ca1fad407d248610ba1f4a5dc4cdb97a75b82fb545518c851dcf3069a0ebd837d0d84bc2

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\suuk1m1w.default-release\cache2\doomed\20869
                                Filesize

                                7KB

                                MD5

                                867d86ce39eabc57b693ae31ffff1f66

                                SHA1

                                3ca1421eee0f83625c9e36f8e7a1b8f34cdc05f9

                                SHA256

                                94d51039dff55d21501d92b37db4d162a8d9ccee126959902c4342aea24945af

                                SHA512

                                57cce1db314d0064eaee61b8aa306d19641268cc94134c57886cc5780e8c9b8bbe4397f050fa41d65b0a70a1812dc0e76a21720e823df9cf358fe8b413d46c84

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\suuk1m1w.default-release\cache2\doomed\7806
                                Filesize

                                11KB

                                MD5

                                8d32ace86b244abc89c1209b6a68b6f4

                                SHA1

                                5e8dd7fb549fab911e43d4b138a0163b6557a687

                                SHA256

                                dc918cf5671430d52b71ea920b2f621a7505ab9fc81b255b7f5f001ba9c9f010

                                SHA512

                                f847ddc66ee9c0467a23461e378467e984b711f45441c74caad1fc8801557a7f403709247f84c904a415c88c54811607529ee852e4f9d69a6a24a5c2f3583c1f

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\prefs-1.js
                                Filesize

                                7KB

                                MD5

                                fa7720d90fbb93c18bc173f018ae4701

                                SHA1

                                40f350e77c730d462a7ab5ae04b14796c9b16460

                                SHA256

                                6d88c26f8133a6c7bd670571d57b66a4761fe605d45aeae4d4eaf98fd7c66340

                                SHA512

                                0efabdabcd9775a9a5bb97f08ea887258fac6ecdea3530fb2a1289269b82ed29f873c7f0883b52b3a981554095012942dda68f4dbe068bca29f13fd6bb3f0319

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\prefs.js
                                Filesize

                                6KB

                                MD5

                                56b22581f97ad772f83b2987eb601ffb

                                SHA1

                                4ccfa0ff1aee1a49a48bc8522e205b980347b10b

                                SHA256

                                404bb80ea5b0508952c2e7f3e9af7c5ee5f951566026bb18442eb1f9d196cfe8

                                SHA512

                                96a139aea1961db140290889f79db8c4275974e6b977d0820b642fd5c349e36b889055f43ed5fdf68219f0076a7831930d13257352728d8e35754f3c8c1e9277

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\prefs.js
                                Filesize

                                6KB

                                MD5

                                2c5fe54415202b619231cfcf6bf7c812

                                SHA1

                                1966535e7065e79089938e8b13722a35047dd325

                                SHA256

                                0871f491704e64510295c2906372d575f6ec18034810efbba166635cd56853d0

                                SHA512

                                f4882f32dd64e17b984e87aa1f9e0766d2884801ab35087d10bb5e3cf1a04239fb4194e5523e4f58d69b1152b2e90589ab943510d9e6882453d47accd6294973

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4
                                Filesize

                                271B

                                MD5

                                863f168e4eb2051a4b575991e9b69e91

                                SHA1

                                05bb48d2e3e4a01d77ebfccb8ec515bb52390994

                                SHA256

                                2651542aaa95802c97d4eca2e170eb77de53ebfaaf1de6190fb346c0691f52ee

                                SHA512

                                385a25b07c0a492c36f74111a2491a2e8a3bf76123abbe7cb90868674552180b17f52eef9e0cf9d8d1b38377e3b6413989fc5e2d532f853cbe4084e51844866c

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4
                                Filesize

                                3KB

                                MD5

                                79d036c9a92a080dae7d8651b16b29f5

                                SHA1

                                fab36618b250b485bc3cdcd032a9aadb56f79519

                                SHA256

                                7b5e2dbf34807c63fc315bc827a537ba2f84c759ac79c2665ead5ac6c0bbbcec

                                SHA512

                                16096f609776c71a86a9412d12a8469df1e3dc71015c21ce0f18bee4a52c1974abab11269ab2532b91d6652fdb4d8c5909c8fc17ed0fd797e82e530f9f121fb3

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4
                                Filesize

                                5KB

                                MD5

                                3431f7cf695fd647366deef93847e4c6

                                SHA1

                                1a319c537bb46b594dda20977a71f00a64974e3b

                                SHA256

                                5a813f3663d48a45619efbc2913f13bc8d1e2ed6f6dba00942ae809215846fa6

                                SHA512

                                1d74cebce68854e5674357e8d294c1007b66bef96fa3a6dc40837b9c3b1fc5850e1e7badc4f5d30ad35ff03d1ff7e3a651348fa3124034b2d6545f095d63a060

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4
                                Filesize

                                7KB

                                MD5

                                01477aef18fd12847ccb32dc63072d41

                                SHA1

                                f0889762c83f0746e6e4d83ef2fec464f6c687fe

                                SHA256

                                76de16d9f2489957c3238cf16e839b285b21773ff97cd43b96298ff186192867

                                SHA512

                                fde29a48d2397c9615b08e7ccf6a6a3939aeea42af265249b6b02597274a30a6e8b18b92294bb9eb4da7cbe12574db2d739b5d1470b65f1c670409ca24f7adf9

                                Download Submit