Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Map.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    202s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/11/2023, 03:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Map.exe

  • Size

    639KB

  • MD5

    02911bec920455e95510ce5b8150807f

  • SHA1

    a61fb015205331c823493f78384568d93922edc1

  • SHA256

    8877e168958484684040eaec68c9e628b95f6a5bf07bd90580367f97fa14cc63

  • SHA512

    731bf495a12fba2aa3834d3e87ba29ea89e170eefbdcfcee3e41164bf5561fc3e01eb154aac371e3588e5034188463eb5ada6e039d28355f1e842f85d00f4733

  • SSDEEP

    6144:TpSo/dC82Pzwnh7jgYZHGaJlK3RdP/gsKJ82DEnV:Tp92Pzq7sWj+P/UJjDW

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Map.exe
    "C:\Users\Admin\AppData\Local\Temp\Map.exe"
    1⤵
      PID:4576
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1872
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\UnlockExit.vbs"
        1⤵
          PID:1660
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ConvertFromEnter.MTS"
          1⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:1276
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:2248
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe"
            2⤵
            • Checks processor information in registry
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:4468
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.0.1354904262\1365802217" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e6e55f6-9f49-4e0a-9742-b681e3bedf48} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 1980 1c09d5d1b58 gpu
              3⤵
                PID:1328
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.1.1675187304\1061283773" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2cd4d99-0f8c-4552-b4c2-645d3cc4ed22} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 2396 1c09cb31158 socket
                3⤵
                • Checks processor information in registry
                PID:4332
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.2.1309683485\1152121969" -childID 1 -isForBrowser -prefsHandle 1492 -prefMapHandle 2832 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ebb0f25-f583-4893-a0e7-a38c0bd885f5} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 2936 1c0a12b9358 tab
                3⤵
                  PID:4952
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.3.652775628\2100480367" -childID 2 -isForBrowser -prefsHandle 3584 -prefMapHandle 3580 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {679200f3-9802-4998-8497-978e135f9086} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 3596 1c09076a258 tab
                  3⤵
                    PID:2008
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.4.986771345\1848914501" -childID 3 -isForBrowser -prefsHandle 4580 -prefMapHandle 4548 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eadec890-9dd8-458d-96d0-4615ad591f37} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 4592 1c0a312b958 tab
                    3⤵
                      PID:4820
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.7.657384314\1566139615" -childID 6 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a45f1cd0-80a8-453d-ac8c-15bd4991124c} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 5376 1c0a3551b58 tab
                      3⤵
                        PID:3900
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.6.315128188\459732492" -childID 5 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7da1424-c871-4c86-b4bb-558a423d1dfb} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 5184 1c0a354f758 tab
                        3⤵
                          PID:2248
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.5.1842499744\1264495286" -childID 4 -isForBrowser -prefsHandle 5028 -prefMapHandle 4980 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0705e15a-175e-4658-9867-b8c3d830e151} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 5056 1c0a354fa58 tab
                          3⤵
                            PID:2432

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        22KB

                        MD5

                        5cf72e3210952ee63b71997c4f5f304d

                        SHA1

                        24a8514ca2e27b8c47fe6b12f5383f06bff0b334

                        SHA256

                        d6e93a783260d5fc0c76471cdddbbc54aadbae61ae860b469ef2146370ad0f13

                        SHA512

                        1854699dfcb4fde96fe1adfad131cf3c05fd772ef8e6780f3de5ad321edebabe6e7d570a75aaba3ae31f09e88bfded4cdf1d49331a0fb518cdaf6c22f3004f12

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        bf40eb119c0da0eed8d02d4c840a7b5c

                        SHA1

                        ffc718f732d460a011bd6431c936fcaafbd7cf8f

                        SHA256

                        a4c315b7e63abab9ddf752624b10920e4fae3b4e510d7e704de2201d396390e8

                        SHA512

                        c94586a4704893511fb8167a68083f06b1768fc38b5c06e6b07f9a05da7a4b7478b6f6381f89c293a443b9fbdbdbba0fa4a7a4b13e118256db7a18c176ccabf2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\sessionCheckpoints.json.tmp
                        Filesize

                        259B

                        MD5

                        c8dc58eff0c029d381a67f5dca34a913

                        SHA1

                        3576807e793473bcbd3cf7d664b83948e3ec8f2d

                        SHA256

                        4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

                        SHA512

                        b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        ede2aa2924125774a7dfc1e41ac5bd26

                        SHA1

                        6d0f104758fbc62af95f8af02f2a58282e5061a6

                        SHA256

                        f3fd5d3a91e57307a50fde6a2a2209f20e1b15c512a873fbbaa705de44e42ef7

                        SHA512

                        19ca51644026967bcaa0451a2c93b8308a029d470f443d4b1dabd99ef2981950c90e8f37b7c82c7145e169235f9ff0cfc3683b425ce4380b7d26391a3f5d17a2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\sessionstore.jsonlz4
                        Filesize

                        892B

                        MD5

                        6e5f1449f92e17e486d98cfc0f5c6b23

                        SHA1

                        504555c0cafb3fded7c7f346b35154c7a38400bd

                        SHA256

                        ecbe94f741801863845579155914dcad56ff3b067234681c18181e20de19b3ae

                        SHA512

                        31a340ba61706a09fffc1ef43a3a13ca6be27169824d944e83d26a4bc767441c0bdbe509528f6d25a37aacd5073bb6d22cd3370be667a2b067a24b6f24136954

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        176KB

                        MD5

                        a097f5a69efc2172b4cd67d19b9d4c0c

                        SHA1

                        b7cf67abc8e749cc2c75eee7fd9fddd3a80f25fe

                        SHA256

                        789404e1e53990648c9403fbdb9e79dda737820c1099df289711ad68e0bad4e6

                        SHA512

                        2dea805d94b83503ebab9c348337af527e8bbf9965cbfd1b2b48e3935d260cb7a706150da50e40508109707c44ca97f81483fc79ad1f195cf2197da9b9c1a642

                        Download Submit

                      • memory/1276-100-0x00007FFE69790000-0x00007FFE697A6000-memory.dmp

                        Filesize

                        88KB

                        Download

                      • memory/1276-99-0x00007FFE697B0000-0x00007FFE697C8000-memory.dmp

                        Filesize

                        96KB

                        Download

                      • memory/1276-44-0x00007FFE7C950000-0x00007FFE7C968000-memory.dmp

                        Filesize

                        96KB

                        Download

                      • memory/1276-45-0x00007FFE76860000-0x00007FFE76877000-memory.dmp

                        Filesize

                        92KB

                        Download

                      • memory/1276-47-0x00007FFE6E6D0000-0x00007FFE6E6E7000-memory.dmp

                        Filesize

                        92KB

                        Download

                      • memory/1276-48-0x00007FFE6E2C0000-0x00007FFE6E2D1000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-50-0x00007FFE6E280000-0x00007FFE6E291000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-49-0x00007FFE6E2A0000-0x00007FFE6E2BD000-memory.dmp

                        Filesize

                        116KB

                        Download

                      • memory/1276-46-0x00007FFE73B60000-0x00007FFE73B71000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-51-0x00007FFE6B550000-0x00007FFE6B750000-memory.dmp

                        Filesize

                        2.0MB

                        Download

                      • memory/1276-52-0x00007FFE6DE50000-0x00007FFE6DE8F000-memory.dmp

                        Filesize

                        252KB

                        Download

                      • memory/1276-43-0x00007FFE6C910000-0x00007FFE6CBC4000-memory.dmp

                        Filesize

                        2.7MB

                        Download

                      • memory/1276-53-0x00007FFE6A4A0000-0x00007FFE6B54B000-memory.dmp

                        Filesize

                        16.7MB

                        Download

                      • memory/1276-65-0x00007FFE6DA70000-0x00007FFE6DA81000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-76-0x00007FFE6A210000-0x00007FFE6A34B000-memory.dmp

                        Filesize

                        1.2MB

                        Download

                      • memory/1276-79-0x00007FFE69FC0000-0x00007FFE6A01C000-memory.dmp

                        Filesize

                        368KB

                        Download

                      • memory/1276-80-0x00007FFE69FA0000-0x00007FFE69FB1000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-82-0x00007FFE69EE0000-0x00007FFE69EF2000-memory.dmp

                        Filesize

                        72KB

                        Download

                      • memory/1276-83-0x00007FFE69CA0000-0x00007FFE69ED1000-memory.dmp

                        Filesize

                        2.2MB

                        Download

                      • memory/1276-85-0x00007FFE69B40000-0x00007FFE69B75000-memory.dmp

                        Filesize

                        212KB

                        Download

                      • memory/1276-88-0x00007FFE69A80000-0x00007FFE69AE1000-memory.dmp

                        Filesize

                        388KB

                        Download

                      • memory/1276-87-0x00007FFE69AF0000-0x00007FFE69B01000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-89-0x00007FFE69A60000-0x00007FFE69A71000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-92-0x00007FFE69980000-0x00007FFE69A1F000-memory.dmp

                        Filesize

                        636KB

                        Download

                      • memory/1276-91-0x00007FFE69A20000-0x00007FFE69A33000-memory.dmp

                        Filesize

                        76KB

                        Download

                      • memory/1276-93-0x00007FFE69960000-0x00007FFE69971000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-96-0x00007FFE69810000-0x00007FFE69821000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-98-0x00007FFE697D0000-0x00007FFE697E2000-memory.dmp

                        Filesize

                        72KB

                        Download

                      • memory/1276-41-0x00007FF711A10000-0x00007FF711B08000-memory.dmp

                        Filesize

                        992KB

                        Download

                      • memory/1276-101-0x00007FFE69760000-0x00007FFE69789000-memory.dmp

                        Filesize

                        164KB

                        Download

                      • memory/1276-42-0x00007FFE7D4F0000-0x00007FFE7D524000-memory.dmp

                        Filesize

                        208KB

                        Download

                      • memory/1276-102-0x00007FFE69740000-0x00007FFE69752000-memory.dmp

                        Filesize

                        72KB

                        Download

                      • memory/1276-81-0x00007FFE69F00000-0x00007FFE69F97000-memory.dmp

                        Filesize

                        604KB

                        Download

                      • memory/1276-104-0x00007FFE69700000-0x00007FFE69711000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-97-0x00007FFE697F0000-0x00007FFE69801000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-95-0x00007FFE69830000-0x00007FFE69841000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-94-0x00007FFE69850000-0x00007FFE69952000-memory.dmp

                        Filesize

                        1.0MB

                        Download

                      • memory/1276-90-0x00007FFE69A40000-0x00007FFE69A52000-memory.dmp

                        Filesize

                        72KB

                        Download

                      • memory/1276-86-0x00007FFE69B10000-0x00007FFE69B35000-memory.dmp

                        Filesize

                        148KB

                        Download

                      • memory/1276-84-0x00007FFE69B80000-0x00007FFE69C92000-memory.dmp

                        Filesize

                        1.1MB

                        Download

                      • memory/1276-103-0x00007FFE69720000-0x00007FFE69731000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-78-0x00007FFE6A020000-0x00007FFE6A1D2000-memory.dmp

                        Filesize

                        1.7MB

                        Download

                      • memory/1276-77-0x00007FFE6A1E0000-0x00007FFE6A20C000-memory.dmp

                        Filesize

                        176KB

                        Download

                      • memory/1276-75-0x00007FFE6A350000-0x00007FFE6A362000-memory.dmp

                        Filesize

                        72KB

                        Download

                      • memory/1276-74-0x00007FFE6A370000-0x00007FFE6A383000-memory.dmp

                        Filesize

                        76KB

                        Download

                      • memory/1276-73-0x00007FFE6A390000-0x00007FFE6A3B1000-memory.dmp

                        Filesize

                        132KB

                        Download

                      • memory/1276-72-0x00007FFE6A3C0000-0x00007FFE6A3D2000-memory.dmp

                        Filesize

                        72KB

                        Download

                      • memory/1276-71-0x00007FFE6A3E0000-0x00007FFE6A3F1000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-70-0x00007FFE6A400000-0x00007FFE6A423000-memory.dmp

                        Filesize

                        140KB

                        Download

                      • memory/1276-69-0x00007FFE6D8F0000-0x00007FFE6D907000-memory.dmp

                        Filesize

                        92KB

                        Download

                      • memory/1276-68-0x00007FFE6D910000-0x00007FFE6D934000-memory.dmp

                        Filesize

                        144KB

                        Download

                      • memory/1276-67-0x00007FFE6DA40000-0x00007FFE6DA68000-memory.dmp

                        Filesize

                        160KB

                        Download

                      • memory/1276-66-0x00007FFE6C840000-0x00007FFE6C896000-memory.dmp

                        Filesize

                        344KB

                        Download

                      • memory/1276-64-0x00007FFE6A430000-0x00007FFE6A49F000-memory.dmp

                        Filesize

                        444KB

                        Download

                      • memory/1276-63-0x00007FFE6C8A0000-0x00007FFE6C907000-memory.dmp

                        Filesize

                        412KB

                        Download

                      • memory/1276-62-0x00007FFE6DA90000-0x00007FFE6DAC0000-memory.dmp

                        Filesize

                        192KB

                        Download

                      • memory/1276-61-0x00007FFE6DAC0000-0x00007FFE6DAD8000-memory.dmp

                        Filesize

                        96KB

                        Download

                      • memory/1276-60-0x00007FFE6DBD0000-0x00007FFE6DBE1000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-59-0x00007FFE6DCF0000-0x00007FFE6DD0B000-memory.dmp

                        Filesize

                        108KB

                        Download

                      • memory/1276-58-0x00007FFE6DD10000-0x00007FFE6DD21000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-57-0x00007FFE6DDC0000-0x00007FFE6DDD1000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-56-0x00007FFE6DE10000-0x00007FFE6DE21000-memory.dmp

                        Filesize

                        68KB

                        Download

                      • memory/1276-55-0x00007FFE6DE30000-0x00007FFE6DE48000-memory.dmp

                        Filesize

                        96KB

                        Download

                      • memory/1276-54-0x00007FFE6E250000-0x00007FFE6E271000-memory.dmp

                        Filesize

                        132KB

                        Download