Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

500d0c1f45...37.exe

windows7-x64

3

500d0c1f45...37.exe

windows10-1703-x64

1

500d0c1f45...37.exe

windows10-2004-x64

1

Resubmissions

12/10/2023, 09:17

231012-k9jccaae7t 7

11/10/2023, 09:08

231011-k4bejsfa98 3

11/10/2023, 09:00

231011-kydbyseg56 7

11/10/2023, 08:53

231011-ktflhsee35 7

05/10/2023, 08:00

231005-jvzv4she8t 7

05/10/2023, 07:52

231005-jqs7rsbd65 3

05/10/2023, 06:28

231005-g8clmaba26 3

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11/10/2023, 09:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    500d0c1f457ab162b7ea0f1d31c32757d70421b8c9bc7b0083a5e3567441ed37.exe

  • Size

    727KB

  • MD5

    3bd2bc1fb2ed7ce223505556ee150890

  • SHA1

    4cfd2d4f3c8c7359164eb79cf0830480d4793f1d

  • SHA256

    500d0c1f457ab162b7ea0f1d31c32757d70421b8c9bc7b0083a5e3567441ed37

  • SHA512

    374eae32c1e803f468ed248d7828ea98b438d1377e21775beb5e0a477b593816ffa543d7dd3da94613d7e448a9d5557269f2c1b27d30726c85cf0a73f89883de

  • SSDEEP

    12288:TcTn6DzlAr6n1X+R1vXAMk8Bm+r7uobOJ6+ShsoaqEkgOsS5:ATn0e6gA0w+3uVzShRag2S5

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\500d0c1f457ab162b7ea0f1d31c32757d70421b8c9bc7b0083a5e3567441ed37.exe
    "C:\Users\Admin\AppData\Local\Temp\500d0c1f457ab162b7ea0f1d31c32757d70421b8c9bc7b0083a5e3567441ed37.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:5060
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4132
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5104
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.0.4095140\1032688472" -parentBuildID 20221007134813 -prefsHandle 1668 -prefMapHandle 1656 -prefsLen 20858 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3303ad71-a48b-4903-b98a-d8792837759b} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 1760 223c13d6858 gpu
        3⤵
          PID:2724
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.1.1105367985\367238327" -parentBuildID 20221007134813 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 20939 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ea93977-a278-4970-9ca5-d152bbdd46d7} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 2116 223b6272258 socket
          3⤵
            PID:5088
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.2.833226991\914758170" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2996 -prefsLen 20977 -prefMapSize 232645 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {748badf3-2b58-4052-b812-27d3b0fe9242} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 2700 223c52f5558 tab
            3⤵
              PID:1812
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.3.372787185\1605224720" -childID 2 -isForBrowser -prefsHandle 3304 -prefMapHandle 3300 -prefsLen 26402 -prefMapSize 232645 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8aa68cb-c37a-446e-8d4b-aece91a42a60} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 3312 223b6270458 tab
              3⤵
                PID:316
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.4.521999717\1890209519" -childID 3 -isForBrowser -prefsHandle 3648 -prefMapHandle 3684 -prefsLen 26402 -prefMapSize 232645 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19d3d7d5-0405-4b55-bdd8-2f63e5d1fe83} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 3692 223c596fd58 tab
                3⤵
                  PID:3060
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.5.1603963499\1396155261" -childID 4 -isForBrowser -prefsHandle 4396 -prefMapHandle 4388 -prefsLen 26461 -prefMapSize 232645 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8346849-553a-4836-b7e0-411d49e9eba1} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 4000 223c52f7658 tab
                  3⤵
                    PID:4016
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.7.1847323385\2117014940" -childID 6 -isForBrowser -prefsHandle 4544 -prefMapHandle 4536 -prefsLen 26461 -prefMapSize 232645 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a0694db-1e0a-4ab2-a196-d05ea8258649} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 4612 223c6f5af58 tab
                    3⤵
                      PID:4988
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5104.6.687708042\1019113949" -childID 5 -isForBrowser -prefsHandle 4528 -prefMapHandle 4520 -prefsLen 26461 -prefMapSize 232645 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fa7f5e6-e39d-4a0a-9b73-a2baee50a500} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" 4368 223c6f5a658 tab
                      3⤵
                        PID:2524

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dkkukhpb.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    22KB

                    MD5

                    cf07863e806ff2334157307614a27d13

                    SHA1

                    0b8792cb54af7bba6c2994b9c4df626754abd2e9

                    SHA256

                    7f64b64c4e21709c54f0ca6c69c422382cde95e9a910433ecd6f268ddcadb1a1

                    SHA512

                    aebe54aefadff26b25f137ca91c0ab43e5b96c67039a4e90d8e7b9a1e1d646fe1f633ecfddd692b58791825309ca29cc5bfcfdf29f4c69de0ba70f41f0cd1eab

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    0457df63c91e5936d5572067f84353ce

                    SHA1

                    ecdfbda81d235f54ce5bb901401d531acd953556

                    SHA256

                    044824cb7f4f76b5344ce6eb8abbb3e6b5204d848e9c12ed1cb4bdaf9b2d445a

                    SHA512

                    22a3709f6668f402408386545127c4dbb03ef9dd9ad3e3924a99bc19af4870d0d28f03b96c187f7c3c1f25bbfda3600e1213efb5eafd6eee3a8d3a316f8483ab

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\sessionstore.jsonlz4
                    Filesize

                    883B

                    MD5

                    cf9cd81d23469b4b17c647d8e70ed056

                    SHA1

                    c6bb0705e4df5cba2bee96f3d803fa1a71ef5f4e

                    SHA256

                    b41e98c64fa63e30f9e5383bb2301fb835d21ab8c51c53648ace0118ae0e9ff4

                    SHA512

                    0ac4d1693ccead3f775ab8e4b7b4cedea48b69a00c4b9f87812cdb846bbe0b63713356b754f3fd6703a98cc0f0742e00fb267c09473b081997ba15c10ff853e7

                    Download Submit

                  • memory/5060-0-0x00000000001F0000-0x00000000001F2000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/5060-1-0x0000000000700000-0x0000000000705000-memory.dmp

                    Filesize

                    20KB

                    Download

                  • memory/5060-2-0x0000000000400000-0x00000000004C0000-memory.dmp

                    Filesize

                    768KB

                    Download

                  • memory/5060-3-0x0000000000400000-0x00000000004C0000-memory.dmp

                    Filesize

                    768KB

                    Download

                  • memory/5060-4-0x0000000002580000-0x0000000002581000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/5060-6-0x0000000000400000-0x00000000004C0000-memory.dmp

                    Filesize

                    768KB

                    Download

                  • memory/5060-7-0x0000000002580000-0x0000000002581000-memory.dmp

                    Filesize

                    4KB

                    Download