Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
09/01/2024, 18:10
240109-wr59yagca6 1Analysis
-
max time kernel
149s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
09/01/2024, 18:10
General
-
Target
4_ME5-TTL-22v.pdf
-
Size
433KB
-
MD5
d8f32b318c19e18b149e698dea91bd1a
-
SHA1
32f7719113421a0b2ee5aae97dcaae790aa0cf01
-
SHA256
b6a054048b6cf1c73120b23c58976e9e9fa9d9db55aa3bf97ee91954fd2a7433
-
SHA512
aab745c93528907116d45d245179307ef4ebb2e5615ed4f48153b930ba1b7cd5b73ef0ea4228342a45249170ac16ee35f3034b0d54d49d646ca9f4ce7f937511
-
SSDEEP
6144:MkbqR1BUAjCSywNoqE00wLk0dwGEHGXYTB6gPEX/6nqpXWZDQf/AEknhXZrZ2HsM:MxNjCSri90RA00wgaive6hpF0x
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 7 IoCs
-
Suspicious use of SendNotifyMessage 5 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4_ME5-TTL-22v.pdf"1⤵
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.0.349748939\1435169607" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1800 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f1b631f-de79-4142-bfe5-f9882b29f5d5} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 1964 2070e2ef058 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.1.1384802468\1769050922" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5a6bdc9-ad65-49d0-a448-987849347485} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 2364 2070e203b58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.2.326471703\260676091" -childID 1 -isForBrowser -prefsHandle 3208 -prefMapHandle 3224 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e38709e2-8501-45dd-a043-16a42bc67f7b} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 3200 2071239fc58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.3.1337738496\321728820" -childID 2 -isForBrowser -prefsHandle 3768 -prefMapHandle 3764 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {482daf60-3969-4599-b016-f4331f996309} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 3776 20701a69658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.4.896561778\1391260656" -childID 3 -isForBrowser -prefsHandle 4596 -prefMapHandle 4592 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce26e48a-9827-4184-8028-2a029fb2d4ac} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 4608 20714050158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.7.495591093\2093059861" -childID 6 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b97ae896-eb5a-4ff2-bdd4-b190ec0c2aa5} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 5320 20714bed258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.6.2127022435\1365895068" -childID 5 -isForBrowser -prefsHandle 5092 -prefMapHandle 5096 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7548303d-460d-4361-82cf-29a62d3b0889} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 5192 2071484c758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.5.1611669118\928244032" -childID 4 -isForBrowser -prefsHandle 2852 -prefMapHandle 4900 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a61a6ca8-527b-4c05-9515-4b6b5f50acfb} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 2848 207144db058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.8.1915513815\856753823" -childID 7 -isForBrowser -prefsHandle 5856 -prefMapHandle 5748 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac25a1ae-49f7-42ce-ba5d-35d8ad48d8ed} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 5876 207167d0058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.9.361153774\1411967460" -childID 8 -isForBrowser -prefsHandle 4704 -prefMapHandle 4700 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f272511-8a98-4de6-86e8-27c8c9b1d656} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 4692 2071484bb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.10.1726882676\1786193245" -childID 9 -isForBrowser -prefsHandle 3220 -prefMapHandle 4452 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81c0d466-4b6f-4032-b0dd-461d127fa663} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 3232 20715a32158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.11.1167486084\1721125418" -childID 10 -isForBrowser -prefsHandle 2900 -prefMapHandle 4780 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bd2b3b1-c3ab-4731-9987-1bbf1bd999df} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 5256 20710ded158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.13.1180066490\2126128558" -childID 12 -isForBrowser -prefsHandle 6380 -prefMapHandle 6384 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {961937e8-9fcd-473c-9dcc-840cae822560} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 6372 20711cf9858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.12.473204812\757875899" -childID 11 -isForBrowser -prefsHandle 6176 -prefMapHandle 6180 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd77277f-e614-4c17-91ad-3d84e1b4dabc} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 6168 20711057858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.14.1924593273\799222446" -childID 13 -isForBrowser -prefsHandle 10460 -prefMapHandle 10464 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7d1f267-f31f-451e-b367-3ced7d706672} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 10448 20711cfc858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.16.1147532260\1721890188" -childID 15 -isForBrowser -prefsHandle 10064 -prefMapHandle 10056 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14ffb3f0-d9eb-43c8-b98a-d424e2a6b29a} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 10072 20713014858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.15.1867332820\1268758038" -childID 14 -isForBrowser -prefsHandle 10244 -prefMapHandle 10236 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {635f0824-a6df-4dcc-8c25-2a1e39e1baae} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 10252 20701a71658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.17.1683481606\1265975014" -childID 16 -isForBrowser -prefsHandle 10500 -prefMapHandle 4972 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef66ae39-f52a-4852-a7a1-98fb394c4fbe} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 2920 20715a12158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.18.53824314\1655691159" -childID 17 -isForBrowser -prefsHandle 9676 -prefMapHandle 9672 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e38145af-4fa5-422b-8d9b-eb14fc8be734} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 9684 20712d60c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4772.19.42163347\1168352863" -parentBuildID 20221007134813 -prefsHandle 3008 -prefMapHandle 5008 -prefsLen 26725 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fafd565-925e-45a5-9064-3cf544207af3} 4772 "\\.\pipe\gecko-crash-server-pipe.4772" 5700 20715ae0558 rdd3⤵
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x46c 0x3d41⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD598c166e7340982de850fe3dcbcac291f
SHA1870feec657ffef17212c84381df34f037be63853
SHA2560d66c9cf0eb168a43201c6b173529e3a73a8e6f6bc0e935e1d6b7e880b8868ec
SHA512baa93361f4421f38972c6df4ea74056a28b97faa2a7d414f60293c2233c0b99734bbc02245b63ec3ca13ce5844d733eb25b0ab0b119cd8e4dca1bbdec6496261
-
Filesize
12KB
MD56dbb139c822cc7e5fcb7b85d06419d85
SHA14830bfe85894ab903d1aaa18f7e02bf127e380c9
SHA256355ceb1512fa2ce1bbdb2c9a2e7de984dbf4815be1edae7126348540520988a5
SHA5122d6e61c5c7a4e7e8d7ee6c5d6c1535a5b16bf8a317a9630c1517103cc833beca5b97582e038644b28ccb5e4131dc5d7636045edfb6ecc760a61e19303a1a8bfc
-
Filesize
746B
MD5b8c9ac14bcd7375df7862f4deee22e48
SHA173159cd362160764e07ce7220297cce3394276f4
SHA256d3914105bb479c8b6c2d8ad167a51fa99a1b4245c3e6d88f77336d13234dbf30
SHA5123f772eff46ac396b1bc196068fb9aae042f14d86453692cef991f7e0ac561820d75360fcdca41f8dd071af96faf51b068def09b5796996e3206fa9570c792d4f
-
Filesize
6KB
MD507ba17194a93c74435d308a36bd8a92a
SHA168c152e31bc2ec84249dc6a1dc87844eafadd1f9
SHA256d0c6b5f650460b883a36a4f26324fbb0d24d8167edc7ca0741080638f828b1c8
SHA512572ca68c659ef6d962caa713e621b7206e14fa3d5c11c89f35d223a6fe7d1eb0b63ac403e5208fe82197464c36f750c25a621a0d16539204009fe16949ba8eca
-
Filesize
6KB
MD521bf6f67dd1e8c4b2ce2db54e521413e
SHA1c3d5fae135f7a5de44127d80c92a640da566309b
SHA256af89f41d36ba88bc33a7761986c7c99f9ae4e12194f44091f2513b3e2e6aeca4
SHA512784d18556120dafb12bef324b1a1e135a17d81eb577dd195430833539a0128bb5130ee5bd19e6df8dcdf8bc72ed1a68f16794cb7dda9fdb2040d4492e85d6cfe
-
Filesize
4KB
MD5f4868f5d95b8a992c03d8ef3011fa8e2
SHA124b264801401b663b418f9a9623d4b2b9e9ca9d5
SHA256e43c73a8ab5a9dc21bb01fa86f17275329f8b7fb83df1153bc3e7a92bd30313c
SHA512b54c20ec2230f004941737ad6c799c56b066a49fc18c700c29c8e432b0c91dc6dadcbaa32878218056dd3cf805aa5e944e2d1979c4240c007af2bd26d46e8e21
-
Filesize
2KB
MD52f6ecebaf9caedc154e51c6222af0661
SHA1e7640d6bd3dbba78d1b552d9abd8436501b158a0
SHA2560dbd64fda924539a07cf7d6778a9437e1f17cfb236d09813b96ab8781aa6b55f
SHA512418ad3e310989117b0bb1d07070bef2e721485fd7f02aeaf8e2a75e85ea3bb284f4af070c238d0ea959b9c39b66f634358678d66c890e50b31ee077e29d24e79
-
Filesize
3KB
MD5c22427e27854c35397d2a1f5f5fdb36a
SHA185637dfece89ee225304230612bf9a865c0d4b99
SHA256e469bf1720be15600abebb5ec890c2ee86a1b8cafc6dc6c13e3bba42eee459a1
SHA512acfc8a9fd7e4bd76fd0f1d530741f01f86fe9b51dff55e26e3301cbb3e91775aae71047d9de9a0a8d72ab2ff93d315098466fec15ed444dc30b5bc9bf63c05d2
-
Filesize
3KB
MD5c81f9a3c0d38c9a8e7892090700fcc0f
SHA1ae7b1434e1adf4d3616dad696ce1e0d4b5c41846
SHA25683cc8336f619cc8b5d823e1c38d766699e41c2bb70440eee52d347e3b46bd067
SHA5129ba87b820c0403009573da50ce525cfa252f697c91da2d9d2dc47a045e43dcec125b5b36bee179bb88274bf784ae22af66a3a21ae234db1740062001b6ba11bf
-
Filesize
9KB
MD574cb71350346c81aa5427e469f1ef4c9
SHA181bb7da09653256f65fce2df9014104c0aeaa19f
SHA2568e0d506e3fd01cdb7bb820d3fa70daa314c241447a82c8b60851db9edf9792aa
SHA51299dce49b5d01bac0b1c65ac07c35ac45284d2f4aeccb8934b92d92bdd780e94e72b11a1a3348c4298c5460f8361dedf9c002fc95a8beef68cffd5f1ba47da14a
-
Filesize
2KB
MD58357302eac148a4cb79c42cece696a16
SHA1d0bf729f85f959f3daab649400583fa0cb324ba5
SHA2562a5e565a2420fca4e8bdeeae7ddc8120fc9e1fecbb1e286ac254986bb59670f1
SHA512fd3c95126efb5f9e0aae5406233cddbf1fe42bc7fec813066473656ad14e0349778094b624c23df5de1da4ebe68ccc44a3c0238aac1c9dfcac42bc0fb1a3c3f6
-
Filesize
3KB
MD58bc59d6585ef504427702d57b0a09ec0
SHA115e28aa4b12c8eceafa09c5c9d39b5ef45e9d822
SHA25654ee6edd05ec49d52f2892efcb0e9d414b94fe6735e3dbb2f9ea50b4d751460b
SHA5122297bcfc1df8f05b5425c030a8bedfddd149452df4886f989967f3e406d285b76e89d921d1832cb44053d4e50a2d007332823ad293b00739e89af0c918787e9e
-
Filesize
9KB
MD5ba922aaf847d46383135bd8729d9a747
SHA16a0e82bc6764d59360695ec2f929de1e29fd8727
SHA25608a45b72597ba132bfd52a17c7d3f546b50f509b0033b39c443a8ae9c08dad23
SHA51225a7efa4a2c651b19d35b08778423604b4394abfdd53ae4a473c4c854d0c7eb1b123b190d6c12aa2d78877b16b9c6a3e1a02f0f7843a2672b765c7d31408ba5e
-
Filesize
79B
MD51a79c8562b1ea63861334c91fb16426f
SHA179d72d9c1afa754147fcfaa7f07a9e9a0be62641
SHA256f110b28a486ab66369b145302adc5ee6eb1995afa0fe19bface6093921f0ff1d
SHA5122f49a4849c47bb4c99d4812c956e841a1448ac4c452edc9bef92efced5d4d07f553fe07a8c562ad872d92d62e66b519fa66f2a06bf834b85afa7f6809d1eff4b