Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

LastActivityView.chm

windows7-x64

1

LastActivityView.chm

windows10-2004-x64

1

LastActivityView.exe

windows7-x64

4

LastActivityView.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2024, 03:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LastActivityView.exe

  • Size

    130KB

  • MD5

    f27a284ef9b018cdd2a98a7b78ccdcb3

  • SHA1

    67e260b11e6227c18cae8925b4f6899103c607f2

  • SHA256

    af86dc3f76d39b67b967a3b714e9e70ed43eec8d3871e9691cb45d84372b53fb

  • SHA512

    9a8811f13517748539308a70933b126a3348407f397bf30f903019379f927532c64015853b94acf21bdbc554d638a0265d4394d026e289103db06fe93fe5524b

  • SSDEEP

    3072:5e69eWHZXp1nPDhhloZqX6EsSiEF4Gw1aqL1p7BZ5CJ/:5e/+1nrhPKqX6EsS94H8B

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe
    "C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:2444
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2576
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2472
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2472.0.1422615654\1077340550" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b316640c-f290-42be-8cf6-fefbd5d3544c} 2472 "\\.\pipe\gecko-crash-server-pipe.2472" 1292 95d7e58 gpu
        3⤵
          PID:1592
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2472.1.694073531\404837853" -parentBuildID 20221007134813 -prefsHandle 1472 -prefMapHandle 1468 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b8a8c08-ff2a-494a-abc7-9dbb42f8be0d} 2472 "\\.\pipe\gecko-crash-server-pipe.2472" 1488 f72e58 socket
          3⤵
            PID:2896
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2472.2.528074859\93912207" -childID 1 -isForBrowser -prefsHandle 2132 -prefMapHandle 2148 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d165e894-d2a0-43af-a24c-9e059ac5e484} 2472 "\\.\pipe\gecko-crash-server-pipe.2472" 2124 955d358 tab
            3⤵
              PID:1196
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2472.3.270051989\1641472363" -childID 2 -isForBrowser -prefsHandle 2628 -prefMapHandle 2636 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf535f8e-37d8-4849-aeb4-21f1c1d27687} 2472 "\\.\pipe\gecko-crash-server-pipe.2472" 2660 1bc52e58 tab
              3⤵
                PID:788
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2472.4.1821287285\1077682927" -childID 3 -isForBrowser -prefsHandle 2868 -prefMapHandle 2864 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45883b83-6add-4fa9-b162-9dcf4a4e5657} 2472 "\\.\pipe\gecko-crash-server-pipe.2472" 2880 1be63b58 tab
                3⤵
                  PID:592
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2472.6.1290085687\1673471703" -childID 5 -isForBrowser -prefsHandle 3856 -prefMapHandle 3860 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a373fac8-53e0-4239-af8b-b23e2e751fdf} 2472 "\\.\pipe\gecko-crash-server-pipe.2472" 3844 1e66ab58 tab
                  3⤵
                    PID:1532
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2472.5.1802817305\1312013415" -childID 4 -isForBrowser -prefsHandle 3736 -prefMapHandle 3724 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2f05fc0-82a7-4007-97e5-b2b0f574a0e6} 2472 "\\.\pipe\gecko-crash-server-pipe.2472" 3748 1e45d258 tab
                    3⤵
                      PID:1524
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2472.7.1842433970\1945901252" -childID 6 -isForBrowser -prefsHandle 4040 -prefMapHandle 4044 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d49d86c-cd14-4ad6-b9df-b274d6d059c6} 2472 "\\.\pipe\gecko-crash-server-pipe.2472" 4028 1e66b458 tab
                      3⤵
                        PID:2076

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\77FB5EE92C576E2505C8C9FF2EC417D7727F401E
                    Filesize

                    13KB

                    MD5

                    2cd5924f2b21fa90849477a731e02aee

                    SHA1

                    61c1dd12ef9aebbb52f89bd4d1d2e8a452b829c1

                    SHA256

                    dca4640eb340f18990f8d46d2fcd3c95a1790797a953642adb74f9664aef43b3

                    SHA512

                    bfdf0af753f46602b5d18c60365d3f4f10be00320e955daf1cb7e93d2f4f533776a42fb8bd56562356e6e6b05f23d13a08db248395418b06fdab3361d5ac7c40

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\B573808F9B4F64D3E5F0B069BDAA48EF4086E712
                    Filesize

                    13KB

                    MD5

                    ccb2edb79a63650fc4f3aa3818967f11

                    SHA1

                    21799067c11f22f7c444416f55a018fcde6299c5

                    SHA256

                    6291b1fee52388f17fa1da921f710ed33a68553518bea311acc3657281b14722

                    SHA512

                    8875e9f533bbfbbe57d11bc543bbd5037cf3b7e11d14ad2212229f4ac94770a9b16f8716dcd2097258d9231322132122e95383d54bb00ce6ade0a5a64a08eea9

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    442KB

                    MD5

                    85430baed3398695717b0263807cf97c

                    SHA1

                    fffbee923cea216f50fce5d54219a188a5100f41

                    SHA256

                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                    SHA512

                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    9KB

                    MD5

                    a9f7a04305b23b81eb854e4dee6cbe65

                    SHA1

                    307dbf2d88b0642c940fadcdd507c512b92a0d3e

                    SHA256

                    21e843286aa52eec19dd93ec8e235012f7b1b70af13c44a89ec9facf1675c4df

                    SHA512

                    ca95258ab491222e8c81af5a6c620af7ceff2450024b1404bce9c591aec3e3ed3c1a70f6687c0475a2572986a1cb39644c2f40dffa81b496347fce390a8e4e9d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\83d05278-6350-4ee8-9be3-c4db98ea7211
                    Filesize

                    733B

                    MD5

                    a773ff06dcb2680399b699f468b2aa21

                    SHA1

                    5ec3f71d0465c7e39f2417ba53001b93e593f53c

                    SHA256

                    21d57ab656d58751786f47447bd5a69aed7681831097b13c3fe6c20b685fced3

                    SHA512

                    d858809d1bd4f04dd2fb97e6f4a762a48b11e269a83837f7523dd51444979302ce857d92a6b9c4bfe3f879f5844249dc025b60b232d11c30b10c81bc0775a758

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                    Filesize

                    997KB

                    MD5

                    fe3355639648c417e8307c6d051e3e37

                    SHA1

                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                    SHA256

                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                    SHA512

                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    3d33cdc0b3d281e67dd52e14435dd04f

                    SHA1

                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                    SHA256

                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                    SHA512

                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    fbfcd1a46e55df0f8f54db6fc127614e

                    SHA1

                    859f091bce3ba7e5f5670fb3609a9de6c0ad0ab9

                    SHA256

                    ab16551ed1787367cdf5babce4da89c702a14935d79ef6d75ffd76fe2059130d

                    SHA512

                    c083b652085efe5b9e361796686ce8cc6b548a3edce575e88d94e00f4c593a6d4960e1dde832ef8fce317517e75f48103cfd62a510b05d3204bf354092f78211

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    a1988f2ab301e8e9a90bc1a67c4ebbe7

                    SHA1

                    fd3f47fcb7e027dfb949fa77dbfbcd8713d8356f

                    SHA256

                    4a49c6e2478258acee6335d3752fbd015e1831c35b70ba0d1f66c44c1ece34e2

                    SHA512

                    7027705d305153689fad26d7e83e0ead6cf73d8ef934054f19033a31d914d08aedc20bdddea145eb63c825a96f51b3d31cb3902148cf924b6f6734ed5264fd7a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    860533bd1c1b6455409fbf5d0bd0ff3d

                    SHA1

                    823bf8e76c3d533d0e7192bc1d3aef5c686a3ced

                    SHA256

                    ca297c064f83a0c30bfbda4c0b41c8dac1ed4c6af1bc35f5d1108cfd76d5d0da

                    SHA512

                    db6681b925875d1e0634d5047f242d3fbd1c9b5814bf1805e77f345fc8ed14b97b4464543a15f2ac353fb5e65c91f7ab9457f799c5fffe248a5b0a2c62ee9491

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    ca1a78b146a25a24fca4011be67129db

                    SHA1

                    2d0a93157f0a3d528af0bdce3c064f5495415b00

                    SHA256

                    9784fe006f9cf9b29ca62e921cd9fb13f3c9f83b2e2a5b0cd6d235082e229103

                    SHA512

                    4f391588d6b13769ae9717308d676f46aa8353f7be92c3037ea80e0d7c2ee1d29403a603f981315be2edb9ab0fcfb4922e36c3f2a288f035459156355d5f18b4

                    Download Submit