Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
308s -
max time network
304s -
platform
windows10-1703_x64 -
resource
win10-20230831-en -
resource tags
-
submitted
15/10/2023, 05:26
General
-
Target
http://cdn.mcauto-images-production.sendgrid.net/c8245e44068d5be5/31129da8-b84a-4f01-962d-e615fba968ff/250x40.png
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://cdn.mcauto-images-production.sendgrid.net/c8245e44068d5be5/31129da8-b84a-4f01-962d-e615fba968ff/250x40.png"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://cdn.mcauto-images-production.sendgrid.net/c8245e44068d5be5/31129da8-b84a-4f01-962d-e615fba968ff/250x40.png2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.0.810220837\1903856308" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1716 -prefsLen 20858 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5fb44d5-695a-4378-9bfd-cbab710bd1a4} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 1800 23ef9809458 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.1.545611810\2102962616" -parentBuildID 20221007134813 -prefsHandle 2160 -prefMapHandle 2156 -prefsLen 21719 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77b6f0bd-4bb8-4229-abd2-5c273127215e} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 2172 23ee6472558 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.2.1238818268\541728128" -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 3108 -prefsLen 21822 -prefMapSize 232645 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56c81198-cb5a-4fd6-a355-d6da9336a62c} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 3020 23efcb20858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.3.831129735\1450800811" -childID 2 -isForBrowser -prefsHandle 3684 -prefMapHandle 3680 -prefsLen 26402 -prefMapSize 232645 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c560b06-86f2-4951-9f03-877a046b7822} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 3696 23ee642f858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.4.293237967\1235846177" -childID 3 -isForBrowser -prefsHandle 4696 -prefMapHandle 4732 -prefsLen 26636 -prefMapSize 232645 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8752fdd4-5acb-4321-b5c6-aaa1ba59f276} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 4600 23efed30e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.6.544387743\80595152" -childID 5 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 26636 -prefMapSize 232645 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82487148-dd0c-4fec-a8ae-0200873ad12d} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 4600 23efed2f358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3560.5.392027562\508746793" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 4932 -prefsLen 26636 -prefMapSize 232645 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b12e856-78cb-4a19-a0ff-eccb6ed89f75} 3560 "\\.\pipe\gecko-crash-server-pipe.3560" 4920 23efed2fc58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD51fbcbe865c50180fc32830246fc19e7d
SHA1ac4f8d4f6258059f70686d5706d662527a412eaa
SHA256cd82b5fc2594121e232ac12e3790ea15bfc61e783ad945ccea15f9e8829f055a
SHA512595b9cbebb5f633924625bc3166238c96e409b4ecc66d4435d0ad0df51b4d0f868af83a0779be31da6122f9c3d70b62a9e97c79944348ce5683b9667819c19b9
-
Filesize
13KB
MD534eec5fe12ea3359b42b62fc5dd9020e
SHA1ff04e012920188bd4e825ecdf9925e00d7a8dc17
SHA256e5ddef3100624432f334835a4dfb7c8ed0dfac548e0d72cf155b3bf766de88e8
SHA5127355d0e1ba56e2a4f51d7d4ed8bc0229d02f2778012b4fb737dd9b655ec6805a899d431df69240a716606d7feb1504ece334c42a349aba72cac3d8f0da0e0bf2
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
7KB
MD570a60fac7097089558ca986afebad9bf
SHA15d847a1f46132bfa106fb43ceb7b7cf9d0bbe4f3
SHA25603240e5ac8f3ad662e861c1b275d69300dad5cda3b1fc1f17306ca067e347bfe
SHA51240c1b21c13b768280add943561020e176d0f0723009c888694cbf350e0741bee244cb2aaea06c30f9a1b4abbc2d208e464b0114d18087203258613c129103a7e
-
Filesize
216B
MD5c9461b672999762606da714cc1718674
SHA1036e975ee1d05b1acf09f37344ba20933a2012c5
SHA256123766075af204193181b5b5e2467e4e0221e99aa8125c9f450195d7850d05fb
SHA512e1f59af206a809b1500c436c9dd96f5119940904b87e90540d6d2a54676d170b505443042ae0321453ee9d48500817ac681cc78d5138bd956b1fb2b03e64b8ac
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
7KB
MD5251ff37d7d4d7fcfc011b239e77080d3
SHA141f35da12fe12f2568a551013b3bb987da4f4338
SHA256d322ed4e3f1f7752922faa828eec874cece352739c4de0c01aa38584e60e5fbb
SHA51261b1c365327c385b132964081a14d80396dae2d9cb1b9ed24093affb37039a9fae9b25557ab1a445f5e1cc86db090abf85083a3f88452dc0bee94fa487ad0280
-
Filesize
7KB
MD59f25baae6e672e1e9c2030bc9e512a0a
SHA1c4cbf1252d20b12836a80f39e4034f2e73f7ac7c
SHA25682f9ed899e66641cb6abb3bf86b5076161e1aeff50c2a3b8a3c8bcedc23fc089
SHA512a0624ec5ad19de8379f63d2d3c04b61227b04940a44fd6d6b59cbfa444d614e3bcbd4c4f3ffd8cb1c791e845843cb62239098e223245539b195d4b722c350966
-
Filesize
10KB
MD579a4b9207aa02c3eebcc1ce99e54bc53
SHA185c308842b8b674d47e9fd19e178cb7f81810013
SHA25663b4f1dd7a63065459c7db2974d78db782c8d6df327980ab5a7f9f2632da31d7
SHA51209ce70de7590699fa1ddcb247f3b6f85436bc4c20ba7e3495738fc2970ee130e320046103bef12485f748d772d0f9be7da3d70662e3b7bb3d7bd3fc8769f5aaf
-
Filesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
Filesize
991B
MD5d2ba1191e1cf4498960ee55a734d9ec7
SHA1b2f46ee00dee29c873762104b51a6c7f6a0d8772
SHA256334b3ebf94c7980ee8f4d69042d5bf7f30f3c411c096dc74ed7157480c812b51
SHA51291a2b847c86c2055a8481f97f3e63e0ffa044552426c706670ae1cc695b62458328cf4ef66bd13045bb5aab051a805f073ae7f3323e0bde0eee6e86cc5f4cdc7
-
Filesize
176KB
MD51dc48c3c943c30520809c7052e50cc8a
SHA1effc17a63ec1e63c4f551b02e1de19aba9ca091e
SHA256f5b11e37e27b710b31753daec292966c71af70e635369d64970e5c32f8b38017
SHA512fa710fe750fe43ced0ce4fcd9898eb907b5d52748c58b96398daf7194060fb3fc3246ff90fc79bd46ec8113ea0668a1bc9561b18d621dbb5e28796e9fc2b8d1e
-
Filesize
4KB
MD552d47da1a9a2440cd4298b5bd9690486
SHA1f0c482cba0da756fccc5402596c22b4158878491
SHA256ccd932485cbde709d531985aba0a0af9e811d5fd895037d8a09b545b4d2883ea
SHA51257842595812e9a5782f4deaea23431d5f30899772fead4a2aab9ed1eb0d38336eb9fad14329cb98dda4b4d0bb4e7beadbf155ba483671873faf8912b7726b314
-
Filesize
4KB
MD59c9f1430998b351ea605c43b4e38c773
SHA1621062b33d2a8d78014b83bf234e42ab108547e5
SHA256740892f92bffd9caeb0b7a0637efdf4f0ac20cbfde7afa3f61d177d38836eaa5
SHA512a7f94c07d6788040926bdcef376eccae1504ac043a9c18fdbc7645cb5109ff42d69319ee81d7d7a2d2384bb5c39913731540735190c2f575e977fc120675c058
