Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
03/10/2023, 00:34
General
-
Target
qbittorrent_4.5.5_x64_setup.exe
-
Size
31.5MB
-
MD5
a1e3d62bb16c2fef5fba7d2899796239
-
SHA1
841c7c16a30ca3a2ec77148b2fcd250ce9335830
-
SHA256
a95a39a8701661fcd9eec6dbf78f8099be1edfa145fb7d43a0105ec82f97df8f
-
SHA512
121401f7df8f4cd01ecc5205510ad4d824ca7208ddb69bb9a5e4678359e82005d76b20467662878975a739f41236edc8581f61279bae278dbb5c7206058def59
-
SSDEEP
786432:rDRS7fOdUC+EQNLErJ5L8xPEP9vnzfrnfHo9ft03Pvy96VgQCGq7NBwq:rp1+EQNLkJO2pnvnfIfq3P6YCn7H
Malware Config
Signatures
-
Loads dropped DLL 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\qbittorrent_4.5.5_x64_setup.exe"C:\Users\Admin\AppData\Local\Temp\qbittorrent_4.5.5_x64_setup.exe"1⤵
- Loads dropped DLL
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3760.0.1364977003\975867390" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1864 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83ef32f2-1225-40cd-87dd-2d84c41ed153} 3760 "\\.\pipe\gecko-crash-server-pipe.3760" 1980 187754d5558 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3760.1.1007520827\1847655150" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4ca33f8-d11a-4e91-ac15-921dcf1924e8} 3760 "\\.\pipe\gecko-crash-server-pipe.3760" 2380 187751fde58 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3760.2.166155575\861112879" -childID 1 -isForBrowser -prefsHandle 3320 -prefMapHandle 3316 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5670714f-18c2-4a58-9d5c-d92d71a01ae5} 3760 "\\.\pipe\gecko-crash-server-pipe.3760" 3332 1877545ea58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3760.3.614567227\849153980" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3560 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c73284fc-329c-444d-830e-9dae2d5a33a9} 3760 "\\.\pipe\gecko-crash-server-pipe.3760" 3572 18768a61358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3760.4.1618109146\2005424964" -childID 3 -isForBrowser -prefsHandle 3812 -prefMapHandle 3808 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af91940f-000c-4db8-a70d-4428dc412bd1} 3760 "\\.\pipe\gecko-crash-server-pipe.3760" 3824 1877a3c9658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3760.5.523810007\366399408" -childID 4 -isForBrowser -prefsHandle 5108 -prefMapHandle 5104 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f448112-cfc5-44f8-8f72-a0a48a14924e} 3760 "\\.\pipe\gecko-crash-server-pipe.3760" 5116 1877b894958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3760.7.932697423\868152554" -childID 6 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ff43d6f-9aa3-4040-b2a3-9d5f243bd391} 3760 "\\.\pipe\gecko-crash-server-pipe.3760" 5436 1877b894c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3760.6.51203812\1767464945" -childID 5 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2cad20b-04fe-4d51-bfc3-4f14da370001} 3760 "\\.\pipe\gecko-crash-server-pipe.3760" 5244 1877b893a58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3760.8.1048244606\733003660" -childID 7 -isForBrowser -prefsHandle 3096 -prefMapHandle 2904 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5ad9133-1b7a-4100-b511-bc3fb945c158} 3760 "\\.\pipe\gecko-crash-server-pipe.3760" 2908 18777ba0658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3760.9.1156855334\1585376304" -childID 8 -isForBrowser -prefsHandle 6084 -prefMapHandle 4080 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61e5f076-8a57-40aa-8f65-c82774dc1227} 3760 "\\.\pipe\gecko-crash-server-pipe.3760" 4068 1877b8c0558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3760.10.741681443\367772475" -parentBuildID 20221007134813 -prefsHandle 10260 -prefMapHandle 10264 -prefsLen 27096 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6280ac8-4ea8-4052-a165-03e5e454ef4c} 3760 "\\.\pipe\gecko-crash-server-pipe.3760" 10252 1877cf92058 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3760.11.1357765695\1009767114" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 10128 -prefMapHandle 8408 -prefsLen 27096 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e592f9f-a91f-4fc5-a94d-74ac2ca0ab72} 3760 "\\.\pipe\gecko-crash-server-pipe.3760" 8436 1877d979858 utility3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3760.12.767780479\698676105" -childID 9 -isForBrowser -prefsHandle 9984 -prefMapHandle 9972 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aeedf697-ad69-4dfc-b748-44278e97fc8a} 3760 "\\.\pipe\gecko-crash-server-pipe.3760" 4428 1877db12d58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD584c52fcf5b78edcf5706e92bc577e289
SHA1794ae887c3173d56cda6d2491a29c823f5fcc0bc
SHA256852006fb49d6f5ba3265da4fcc38b1e577f01f026d91cfe6fdf6ee42347e8e75
SHA51262fc2b5c99303198e19357068d29d13eeda17e7e94c58581ac0733f2ab7fd573bea23c7b467d8fdbc993f954c8cd8e46694e6b6404321a9cee2f40cd85a44b77
-
Filesize
5KB
MD568b287f4067ba013e34a1339afdb1ea8
SHA145ad585b3cc8e5a6af7b68f5d8269c97992130b3
SHA25618e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
SHA51206c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
-
Filesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
Filesize
14KB
MD5adb29e6b186daa765dc750128649b63d
SHA1160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA2562f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
Filesize
25KB
MD5cbe40fd2b1ec96daedc65da172d90022
SHA1366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA2563ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA51262990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
-
Filesize
9KB
MD56c3f8c94d0727894d706940a8a980543
SHA10d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA25656b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA5122094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
Filesize
6KB
MD540e03f6086076ab97adc6dfddc840d65
SHA1d03af6024d6d5d373f6f67349780793bdaab75f8
SHA2569a2b7a76e39dd235e0a9ea92bc1a3057136592cc6b2c4bce1799e60c21b9631c
SHA51288056ac1fc8516626e9fbcba8b8198e045d78d3403bc03f356a38b3aa2564d28d397a02e9491a523806b8d07a6058bfcfc089ce7719dd6a25ac3be09bc17839b
-
Filesize
7KB
MD53114ee76e6f80201c8660bcfb90637ee
SHA18a0a8fbdb12b8598e57eedbf94effb308337b4df
SHA256c08285a89995a8fdd590852d112e0914e9ea03fa7d867713c96358ac8d5195c7
SHA51208c2972414e55a8ad4f8a4fbc975347b7c0fada2b01aae249006834b540730021c52c5370c92ddff7922587f7b660c2096f44bc0228e1dbf0985ef777cf04b76
-
Filesize
6KB
MD5e3e35ac3daa3f30e31bc9a83076e09f9
SHA19d844c7c85cc8903219a60dc13f2c1efd551b45b
SHA2564e93065b293bbcb7001f629d9217822970c0a3c337478f7e9a3a82867916cf86
SHA512c0977088b0ab7e43e7748ae2e384ec8aeb1188cd5c82d484c859ff2f8db3dea8d22448ba7f7a19bfb59750b53a07aa9d858b0c73861ced56a8cfb50f786d5026
-
Filesize
6KB
MD5e6d9419ba4b2188fd1d9c8c55c814bf8
SHA1a9f3c50daed412d6f962062935351502f3d2581b
SHA25651ab5a678cd6c1d62ce0cd02b4251ab14b37a89cd4bf3a91f78a5834e32aa3c2
SHA512dfb4dab63043b404cefd64cc82b09a56af992fcd08dc20799c81187f173a0faa7ff05c50a366a6722bbe9b13b0619d8e15484a1c7a1f43f0f6e73e6e84cee419
-
Filesize
212B
MD529ce37dc02c78bbe2e5284d350fae004
SHA1bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA2561bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA51253a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb
-
Filesize
1KB
MD55e9fa584b41005ee6835d3cded3df39e
SHA189524c24bac2cff049b516bdfcaceed16109cf63
SHA256eb3fb7fae24d4adef190aa15c72346cbb997f5ba137c4c05e43c57598c384b25
SHA512980ffb65620b4405a90f47aacbc7e55017af2a80b7b3f55b59c29439ed57313a6626f18f72537a1cf7d33785f8966e0244b2adbec1b33affe004138a2577632c
-
Filesize
128KB
MD52799e6940a2a9bdd6535d6ca94cf2cba
SHA1ab0390a18becebfccf16323fcaba1298026318f7
SHA256e18453256fa5644451c0ff0d0a190ae31dd88cc7b6f13d52e587e2259f59408f
SHA512ac8a26748ac2eced4e0b58a408f3cf9a695ed4c18c8d51a616bc928a136d11ea25e3cc55731c9e3a08860255bc24c9bf9690d9f18cc14d514cc63045a3c6036b
-
Filesize
1KB
MD5373de09e2687f18d3421d602d02d6025
SHA1391af26d294506968cd8c701abf74867dc24762d
SHA2569adbc01cd8f4e66f2186c3900e7c54f27ae177a4da14ade6eded3681d5c7f173
SHA5127826d0749e9e2df0cf0351b27e89d3c80627abfd6bc6cb725eef819be28f1b858f3c50b0215d2c60ea29dd498c4761f20c9c6b727e9b8f6b24127ffe89d523a1
-
Filesize
128KB
MD5c2b1091220013115689e5fce64a22b4f
SHA1fbccd7b4ae0d540c9e2377bc8919ad9d12168cb2
SHA2563b1b5f1d60dc051eba48bbb7146e3ed022a4a9d4a1a2035deaad3392508467d9
SHA512257b534e9908cda92ed2fe1767e4d8fd480909b30ec061b3bdccf51b0c07765cbe087950e92143bee568cf8efda2fee9a03fa7e45990978f6c88c52ac7a27ee2
-
Filesize
128KB
MD5cc1f26b8295d796e133acab5ed3de445
SHA1f52b632af2981f947726ba3f178ec5df7aaa1b3b
SHA256fbf12b1b03f4b1870431a209c2566dc73ce002786cdb1274113b9a0921d89484
SHA512479eb222cbdc89c886025f599baae2c93918e48db5476692ed2867d13628dc5b494d2b0d1fb00bd12655c2ae8121635937d9dcb189d5610a495b76aa94d16031
-
Filesize
127KB
MD51c66ef0e9ce4892351ca17463d1792a6
SHA1cd28be8f59605d8298f6c1a2caecf2d184c4a1e4
SHA2569f1de296fbe5634c807cc1d1a9ac6e7a52791cfa0ee2fdc165dd1764a5777318
SHA512a5d07b1155f813ab1a9167939985235cd8c678c6c32c65a589295bec8680859f888335331cb869a5dc8c69fb3d69a0e293d5b99ff70e1e38cb0b79a0ea69d163
