Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
22/09/2023, 22:00
General
-
Target
https://drive.google.com/file/d/1qQ2TG_KrIuu9SNB33WF1kt5edp9opHWL/view?usp=drive_web
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 13 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/1qQ2TG_KrIuu9SNB33WF1kt5edp9opHWL/view?usp=drive_web"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/1qQ2TG_KrIuu9SNB33WF1kt5edp9opHWL/view?usp=drive_web2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.0.2073467683\1231587541" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8acaa553-002e-45c5-8311-4d978f76d1be} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 1968 1887f1b9158 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.1.1072530583\1341304248" -parentBuildID 20221007134813 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3933910-6f14-4b4c-8907-a216dd078d2e} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 2448 1887ece5c58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.2.1771593871\1124193141" -childID 1 -isForBrowser -prefsHandle 3100 -prefMapHandle 3236 -prefsLen 21792 -prefMapSize 232675 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b40e0b3d-636b-41c7-b902-27ef8d1b2e0c} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 2968 188058e4f58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.3.2037215235\472542131" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc85a1c2-8d2b-4bcd-be7b-632c569dc264} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 3628 18874e62b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.6.1605629496\1682394750" -childID 5 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b02ba46-3271-47d5-a708-573bac5a975c} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5304 188030b7258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.5.1550437354\411655614" -childID 4 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0aee4c4f-a005-4f08-8fbd-b1511b536d0b} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 4996 18807cf9c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.4.2090273645\1218203091" -childID 3 -isForBrowser -prefsHandle 4948 -prefMapHandle 4944 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5b44cb3-22ff-4a59-b99d-437d5e9fea39} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 4732 18807cf8d58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.7.1939682106\321692112" -childID 6 -isForBrowser -prefsHandle 5800 -prefMapHandle 5796 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe5e1273-790d-4cf3-afdd-80df8e006922} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5808 1880930f558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.8.504284933\890917328" -childID 7 -isForBrowser -prefsHandle 4336 -prefMapHandle 4476 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c66325c6-808f-4994-825b-93d1393fedc4} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 2988 18808784658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.9.571484334\1079303732" -childID 8 -isForBrowser -prefsHandle 5232 -prefMapHandle 6200 -prefsLen 27813 -prefMapSize 232675 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fc9d961-4068-43de-aaaf-32420165894d} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 3020 188044e7158 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD515059fa961a6fc78014b6872906311f5
SHA1a17a5be00f7ff94a044a4a8b7b40997d13062ce4
SHA2560e6042771f02d7946af829823ed2f49f0883bbe86e4bd4c75066b73d1f724295
SHA512261385412c5ef6430f22d87ba3c83fb4a7fba36e91bb52c891ca2a50361df49427da253b5f174ec6b4aaed53d0389a004c6dd94149c32e730f2aa40074aa7b47
-
Filesize
15KB
MD50158d67835641b0fd2c725751e176a7e
SHA140c4878aa4ac0322377ca3e948779025c6de81e0
SHA25612f0802c699337b66d937dc155661c66ef768b1afacb9f88b3d39ed3aa8bf0b3
SHA51218379cc2f16681e0878cfcc4f20a866ffa48168d6148391fcbd527aeacff70d35995af79575dc8de7ab0c9eec11a0d83152192ea56d755bf17fe2f06d6239283
-
Filesize
397KB
MD5ed61df64ec925a98265dc5f62b27a73e
SHA18f5aa9ac6077d7e66036558e4d29dbdd075c81a1
SHA256b1ad40c79db4619f20891a43dced3238ab205acac5a64851e566ee432d6cb0b9
SHA512681f8e3b716beb453ece9e5095991babac2847d2137b580b9cbc2f99536308b36771f5bd2cb6ebe9d5ae64b25ca5d3288a39098a6d4d267132d311bdcf9f5ac7
-
Filesize
6KB
MD51b3f3592e3210b0d79098e2832f372bd
SHA158ddcc9f4d26cb152920e200320b35042256ce07
SHA25660b5d2b10f6571b5b66d3f215b3ba009988eddd7734c63734884d7e8facb4a9b
SHA512a85baff16de19b538b26e86805b9f2277290c3c9d2236df4b3d4abc13b287e8928acf208714d287e6c642030e75cbdea1a547ee8e107b2b850fd0f58d0e8a9d1
-
Filesize
7KB
MD553dce6638e8a2a68a38938f2431dc231
SHA1695f720d72d0b7af085810d6d41536674f0ce3f0
SHA256fa6e8bbec7cc42ead0243f51d50efd5e9400a733eeaae5ef3cde0adbdac45e49
SHA512be25f188bee5c6555ac47b496dbf444276a9dc374f15de11d88905c454d4620d0035ed80de300ba69c83d17d5d735c96030f9acc66925a207ac7d544d11b5673
-
Filesize
7KB
MD50084f2dd7200ca8a757247d7fe0e9407
SHA1f33588ba384565c8a5039b189939b1e5906738af
SHA2560f6a2251462337cbff45490be7cfebbb0d25543653319cd443a27b216a80edf2
SHA512d1c521b540ee54b0f6fd26b8c4d8e9b420286429996730dd0a429d75c7ed48618e5ff5a9609d6637541daaefd51bf384b736b64ce4a5f55b46a2456d5cb9bb26
-
Filesize
2KB
MD5fb9abde698ae50a424c25a3cd8d49f6e
SHA17625df7ec44f2d5d3d519e1e36aad4214518d9a4
SHA2564baddfeac43e315f2bf9393cf156af6a6f28b3466c6e499fd406c13923869897
SHA5129679137d8f94343300d8c9e044a21ad96bdc4a17ee2b2edd1ce32688aea77311cf6a127948c5dbf43c1616c33a9551738cd79f61d6b47d7a679d2b3b40c5f12f
-
Filesize
4KB
MD5f0bc1a1cdae27ef8fed0800281defd0d
SHA10f04e3156234e84f54a2cb68841d47ddc873bbdf
SHA25650705eab2037e67338a3dc5dc32f21e9acffa3e60a84f66d74d33f94f8d6dabb
SHA512b21de3fe2cc1a8f005ceb019cac15984664a3d5eed7a40cda379f9b28a07a457d9164c62e85c216adda68ffbb09aa1a869765f4df34689eb41c59e923f5a4b3b
-
Filesize
3KB
MD50c8a9b87504e12245938fb466d3cfacc
SHA1437097cf89fcafd286c5112bd2921fd954f2ef49
SHA256314cf68a2f714740991472ffa9a4bdefa0e83efe90a8ca5f5b1902d44bb7beb2
SHA5121472a0079563032a5e7d6fdf413215ff6d0c14e01762ed9606256d16571c91d8d8770616afe7d2005c9834781d53e6efd5b9b1f46854dd024f0d21f1f93cfb45
-
Filesize
4KB
MD5cdca33debafc86959931e0e5c8bc69fa
SHA1ba97c0c558f8688ae2dc9c0040d5bb85ab568baf
SHA25626e4badf1d18dfa340555460d74c9f1869344217ab037b067f72a821a2938097
SHA512a2fbd5c6f89f34e4891cc9869e93c835bb2c3006a6f9d8c657ae59c9da8842ffc9416c8125d862315a4bc3c8ed4e707ade503a611c9ecabfafee57f7920ff5be
-
Filesize
3KB
MD5e6dbc389aa433d2cb6ae77fe072266cf
SHA1aadfbe3d2bb487d7e864f77a63a77beecbf16279
SHA256e672451a1d08b3a7839040f6590f839545d11629add6e1051aaae15bce451bdf
SHA5122a8c83d8acf3b8f4e40b8beed2e3c488980cef09bbeb114190f653b90e9e8d57575e76d3386edb9e2b2c1803fbc999c6e4b9c585f8bb8e27d0339aaa5f21c293
-
Filesize
3KB
MD59b723a237376530121759b105e83d542
SHA1b57cf1c0cd9085921da3ca282b593f71b02c0d72
SHA2564dccb160403a57fc43f30c38f61cfc63cbf05e2ea0746e7d191bb2e57f3e115f
SHA5128e301142f3d4febae191dc0edad080fd852948e9caa8b580f304f7cd6fbea8c0f69b3b4d95a061cd67b11b86b451ca20c90f836d581904b4f5082892d8613bc6
-
Filesize
5KB
MD5a751c389faf082f9c3dfefa7edcd87e9
SHA10dee20b32b3d408aa31644699a34f3bace87f945
SHA2569be511e84fefe3de628e4f1e21f3a135518f682506a4959d39eefbe369177a07
SHA512a3195975d09131ae87c02be55797cc81b8706b51417f47e0405bbc98ecff612a729e11f4855d1ab4fc0eaf8c375617fcdb07f73fa35bcd8044f32944121ad85b
-
Filesize
4KB
MD54df372233b61bcdbb809745871008696
SHA1b07a7b063d616b9036886e22e3977b39caaa4c8b
SHA256acee31622c0c6aa518834bbfcf07718279617d50d15a43d0f8ca88d90daa760d
SHA512957fd9e08befe4021e1b923269c8e15ffbc683bff9894fbb1e2470358e843716c38034d0c6b0b843a4feca8ac5249029b310d4d732a4043ff60d105687226c56