Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

Test.7z

windows10-2004-x64

3

Analysis

  • max time kernel
    82s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2023, 18:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Test.7z

  • Size

    18KB

  • MD5

    3b6454add771c9c5b13730a935265832

  • SHA1

    88cf2eeabbd4c84a24e04390e3856162fab4edfd

  • SHA256

    96ea0af5062940715f1ac1707c3b34ca0203b53332b42ec12f9b582f9758764d

  • SHA512

    9c2265f62b9b10a4984cc03d6717643ed80e0542f3f3b7be9081921dda7a6e7111732c0015fe3e735117242a10462c4d674f0cc74d7158ff7590cd0d03244824

  • SSDEEP

    384:Q6iVFWciATFFeqGADuTaTif1S8TwalRhwNUpYYfD4UU3:3CtbtuTaE1SGVYWDQ3

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Test.7z
    1⤵
    • Modifies registry class
    PID:3944
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2076
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3892
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3868
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3868.0.1331655342\1970597856" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {712daa9b-1783-47f1-a9be-5ee3bc9775a6} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" 1980 240cbacdb58 gpu
        3⤵
          PID:4768
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3868.1.1993195113\835532760" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2356 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ea3f334-3e8e-47ac-b217-31adab0458ff} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" 2380 240cb9fa258 socket
          3⤵
            PID:4512
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3868.2.875452357\639414644" -childID 1 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb07604c-6b83-4565-9f4b-df835470f63c} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" 3200 240cfbaa658 tab
            3⤵
              PID:3320
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3868.3.1927793724\265709901" -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 3596 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7db6e09-4222-4a97-be8c-a57ddf15c0c1} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" 3608 240ce54df58 tab
              3⤵
                PID:4256
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3868.4.648900417\1348873617" -childID 3 -isForBrowser -prefsHandle 4036 -prefMapHandle 4032 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dd7e577-0c7f-42b2-9bbe-30891c40e82f} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" 4044 240d0999258 tab
                3⤵
                  PID:4260
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3868.5.755950223\778918172" -childID 4 -isForBrowser -prefsHandle 5116 -prefMapHandle 5108 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {febb9a3a-6c46-434b-a0e6-f4e90512dba6} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" 5144 240bf12f658 tab
                  3⤵
                    PID:4912
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3868.7.335259488\1661641404" -childID 6 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c644c857-a8fe-4cfe-8f39-3a664e096ac1} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" 5484 240d2e37058 tab
                    3⤵
                      PID:4296
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3868.6.1923918668\1142495002" -childID 5 -isForBrowser -prefsHandle 5136 -prefMapHandle 5252 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64474707-fcf2-49fa-b8e2-74cb23df8c10} 3868 "\\.\pipe\gecko-crash-server-pipe.3868" 1688 240bf15c158 tab
                      3⤵
                        PID:1216

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k16kyoly.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    5edcfe81ccdf209264a167280f933593

                    SHA1

                    f03b5eb14cd89695928f4198a5b2164eaf798694

                    SHA256

                    f86d16505e09c1bbcd7598fbb8e8c70c378932b7f97984be1d965102289defb8

                    SHA512

                    b0027057902fb632e408a6ea409a649e7582a05147ff486b111dad246829019ce49b93c65f419caea5559a2201dd390c090dffb4a6d308b9a5c082800ea277c3

                    Download Submit