Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

guyfuyfuyf.html

windows7-x64

7

guyfuyfuyf.html

windows10-2004-x64

1

Resubmissions

13/11/2023, 18:08

231113-wrd6fsed3x 7

13/11/2023, 18:06

231113-wp8bhseh43 1

Analysis

  • max time kernel
    134s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/11/2023, 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    guyfuyfuyf.html

  • Size

    660B

  • MD5

    c8517e8b0db7254adae9dd4d6857af64

  • SHA1

    570f3b013ba656825351035b93d9ecada949d283

  • SHA256

    e37ca5963a85c81ebcd79d8583fdc10a164bac77c5d3c95b8f9f3f3eb6660e17

  • SHA512

    7e40b28323efef221e748dfb5b4e42c27eab1ef4085e890959982c916191016dbfe5cb7d6a059ee200909c432aee032d6ce718f9c0873d38063c843bea28d6ae

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\guyfuyfuyf.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\guyfuyfuyf.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1768
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.0.2099354890\625281641" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1864 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e60439f-af4f-4b21-9778-262d53f02d23} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 1964 2c4a77f2e58 gpu
        3⤵
          PID:4564
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.1.432226823\894658712" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21728671-1d8b-4ffb-937d-22223494f8e2} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 2388 2c49ad72958 socket
          3⤵
            PID:744
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.2.262855020\1401638695" -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2972 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d62a0ed0-1975-49fe-8ced-b8200fcb5c09} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 2960 2c4ab7d7a58 tab
            3⤵
              PID:1512
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.3.1321225135\626520489" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddf9b6d2-384e-41b1-bff9-7c86adb59b5d} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 3588 2c49ad63558 tab
              3⤵
                PID:944
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.4.731364159\2002000435" -childID 3 -isForBrowser -prefsHandle 4724 -prefMapHandle 3716 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43745dff-8520-49aa-b5dc-d48a2bb9ee85} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 4748 2c4a8ec4158 tab
                3⤵
                  PID:2852
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.5.449961512\72205031" -childID 4 -isForBrowser -prefsHandle 4888 -prefMapHandle 4892 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7bc06a4-775a-4a45-b208-bc678ed876b4} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 4880 2c4acd18558 tab
                  3⤵
                    PID:748
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1768.6.724160262\220174757" -childID 5 -isForBrowser -prefsHandle 4948 -prefMapHandle 4944 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94d41634-00ec-4cbd-863e-d71deb725ea3} 1768 "\\.\pipe\gecko-crash-server-pipe.1768" 4960 2c4ad723258 tab
                    3⤵
                      PID:2160

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  7489e7cc2e98e178df2968004d08f72a

                  SHA1

                  469d3a66f00a823aa75ce563ce85d944e0c1e161

                  SHA256

                  2b36dced5f13fa64682251fb96ec92485d4f588567f2462c324a16cd61167c6c

                  SHA512

                  5f35368b042319451f6fc3723cafd5250d33d0fb2bf481581eb2991407f67566bd003cfcbba93e97c0ec9f3b71af1237c1bfa7280794acfbfd1b18bc0fad6d68

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  268ca31ab57552042bb3e936cf409eb0

                  SHA1

                  b2e3ec5544777185e0973646830ba6f2058bc482

                  SHA256

                  a4b4d763d3da459a0de8e71bf42d45fb87ec1dfe546cb11cdb96f66e92db80fe

                  SHA512

                  ce2bfbe983078204df224d7f4e8a03e058416601dce981d35c70eba8e9397e4505a419b309443037327c28488d78d20ba9da28ebcf9eb3545dcd713fe3cf491f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  372e0c3d605fff5fb7ffcbb7cb35b0fd

                  SHA1

                  4ae49d6d11649b41f58c08e5af919255417a81d3

                  SHA256

                  6cbb9365fbc8648035b08f691463d2afa33d0dcf45d294b06ae1fa8463ea64eb

                  SHA512

                  4676affeb0e0d6a02f4a5ef6bc3fbf786a4922ac9efcbaef2961fd02116c9532143710866deafbaac734293333269243bd7ae31c82c24bf7709401f998bc7097

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  513cd8b24388da1bd42677e4e9969e16

                  SHA1

                  5da880dca94df36ac95743985b93d424f9ec29a7

                  SHA256

                  60ca83c82e2c20ef5e408476700722850cc1bdedac5565eb5cafa19019111898

                  SHA512

                  85ba0455104e327b6d1aa7e9cdebae7e21f474a01f79fe933bd7c3ff3aad5c52d2b91fa05a2d1f2c8f03a1ca397bbeff7eb6e898dfcba5d6eda68915633dba04

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  782a1f9201cada5c3b72a3d5d6bf7f56

                  SHA1

                  d24905c400e897d514b8f2ee345a54ec4481b3ec

                  SHA256

                  6173e959f284fd21a3440fdb86dbd9ed186a10af1a8ec8ecc802b8358ec2bb7f

                  SHA512

                  8f5406484bc0d887bdb9fc52f297372189e16b896131a495df71f722eaae5195236512b7c74bdd2320be2671e9d1bfff0948d5c2c1fe1f2692901efda32813d5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  d72bed459df16fb5aab58feffe291de4

                  SHA1

                  fc4d5b682ecdf5a9dfcd5f05dd17c47d4a09098a

                  SHA256

                  70d159fdc496d79e21b796902aca009b5831370e71763ebb4d603c8acc2b5084

                  SHA512

                  372d596a5208d006f5d1d51af6249e4dbce3452966f37b4d7d5995d22041cb07c4b2ce58d16431e35ef4099be6eeb2a01bef544181c9ef67dc8b237a3c11e66c

                  Download Submit