Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
25/01/2024, 17:53
General
-
Target
http://aquaticinfo.org/mailman/options/thelist_aquaticinfo.org
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://aquaticinfo.org/mailman/options/thelist_aquaticinfo.org"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://aquaticinfo.org/mailman/options/thelist_aquaticinfo.org2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.0.1135377612\1895797670" -parentBuildID 20221007134813 -prefsHandle 1272 -prefMapHandle 1168 -prefsLen 20600 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60bf3e56-dfe1-4cf3-9569-38a2b7fd993f} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 1348 108d8758 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.1.721165490\1071131600" -parentBuildID 20221007134813 -prefsHandle 1536 -prefMapHandle 1532 -prefsLen 21461 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {75c2a562-1394-4c65-9dd7-0d5ad7ad6c16} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 1548 f23ee58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.2.474842108\1696470269" -childID 1 -isForBrowser -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 21499 -prefMapSize 233275 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3db99f7d-8e18-4763-a10e-7089cc124bda} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 2472 1b15c758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.3.774104462\650158807" -childID 2 -isForBrowser -prefsHandle 2836 -prefMapHandle 2832 -prefsLen 25956 -prefMapSize 233275 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f95103c8-c73a-4574-a4a4-da91f8af971b} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 2848 1d37bb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.4.1818158829\1954115015" -childID 3 -isForBrowser -prefsHandle 3440 -prefMapHandle 3436 -prefsLen 26177 -prefMapSize 233275 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1d2785b-3a62-43a6-a38b-472bdee4e9d5} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 3768 d5f158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.6.1715633889\1885957785" -childID 5 -isForBrowser -prefsHandle 4040 -prefMapHandle 4044 -prefsLen 26177 -prefMapSize 233275 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {740ca8e4-b37d-49b3-966a-2ef3caaedcbc} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 4028 1f54e058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2164.5.1118743024\1089748847" -childID 4 -isForBrowser -prefsHandle 3876 -prefMapHandle 3880 -prefsLen 26177 -prefMapSize 233275 -jsInitHandle 596 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e71d426f-b954-4d2d-a7c4-40ac374f50a7} 2164 "\\.\pipe\gecko-crash-server-pipe.2164" 3864 1f54dd58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
2.0MB
MD54a903ec746bbec940e52c94de2874507
SHA116cc97c2c5b7814ae35b5a2b62d8b51a0ae5c1f8
SHA2565994d9380adc564fa49d78ea96a19f91dcf269cba4f3d8a69ffd27520b8dbbe2
SHA512ba8267f8f998ed133f19ce8bc7583d71d01a28383e8dc59acb98a4ce4039b05347a0b4459c65c0b192c975cb98e2451a84694c900fa4be45a91a43c63c409e61
-
Filesize
2KB
MD507b0407f54b325a3230d1cd119849bee
SHA1410d2d9cd0a96249a99efb189a873f487ad6d2fb
SHA256797de347d93643e60d38e86b9c46c594efea0b0aad247eccc196a97ad7ba918b
SHA51250d5515325326d9bfb725dcd8289dc3f2416af65221128f08566dc59727b358f8e06ff21296468ac67a2c4d66d2edf3d75ee22a58483cbf017ecbc5ce34b73e9
-
Filesize
11KB
MD51234f3e69831accd08534a487068d114
SHA172539e92befd819f2b766ff964ba7cd6278d39e5
SHA256491cf07aff61d961ac1eae79e7dd4b736d93989044736d9a135bb7ef78f9efe1
SHA512da13a958b486d8bc7b3cf128dc8a0fc3ac281ee9802ad2562fb890e5d74ca94ca89700d2baf34d8fd5f8ab73d9f6bf1ec8c50dbb3a191c2c3acd522218215bb7
-
Filesize
668B
MD5ae08fd0f375e7716ee3e91974771e574
SHA19d76e031617279b3f276078d3cb13dfc5ea8b2fb
SHA256230df29c60a1cd48d8f19884009c86c2a1c9da3648bb61f8b7f1ee330f17790a
SHA5120d9928a3d8eaaef7930220d129b9f7c65d61ff74facb71806c50b159f2cb1dcb782261fe0964fd6b5869f418f2bb1cfec2f7a134d6de4a12fc8bb3dc24e8abd1
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
1.4MB
MD5f14944340f7ed8c18a3562e3940903f1
SHA15730fee1b9236bff82d4d9ac3199af2438cfe7f0
SHA256626846be4ebbb4ef92a8b657c81a30fd9a6d1291e6f00d7ff390fd28e56ab533
SHA512d7cc066f6aa2c699c9f662dc8bbe49d9c7022707d2beb42f3c4858ca89c9078266d5b935a71123e909f0fec0b241e49a1bb327ace999c0728abac7656b82e4bc
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
7KB
MD57b7539822e457f0b99b180dbc5c77d9b
SHA1bf7785b0e1cc1dc8e3db085d7425ebe8059b7d0c
SHA25637fb85f64adc9771a05b786fd8f02d26e37d7f5f9ed905d6de55c70c6f919f3f
SHA512642bf4559564052cb36b5b9fcc409082897ad5407b1968a949f22c3467bf44a5e3b4800794c78ec0c29096805ece55ff821fb181bc2e6fdfc42947e17e1f3a40
-
Filesize
7KB
MD58405bf11553e6cf7970aa9afcde102b4
SHA1768b5be5b4ce3933d60f07a46c900e10273c5c6c
SHA256640d4ba3e0e0ae6920817f74c90ca90dee44471b99251108313ce6e2a7f56d73
SHA5126843c9809467a53c609c3e8e59054e749c70c4a4496b65089754fa13ad1ebab6ba00525656ad8019b007e861e5fefac6f7f6cba6500bd41334ce9e7e339d7b81
-
Filesize
6KB
MD553ec80ed595ccd34056419a8b8a23be5
SHA15952eda3323101224a8dea9cb6e9570c844bbd06
SHA256bc1a72dc829f5b93c65a62de3afb787fad6185a7830bd1d8d0e408ac40fe15fa
SHA51245da215134a591356a971d6301a2877e5cedec298c9335b935e9e04519d530d722c8a8eef2dce680c808ff22f9942860ed3459e3bc5f394bf1074503a349aa0d
-
Filesize
5KB
MD564a7e2368d55806cba242e887bc89574
SHA11b770759dbae2730c7d210b209c68845c260eac3
SHA2561de08ea130fc6d2785440ac8790d5879f1215fdb82c82918643f14c5a015c91f
SHA5122f51da715832f398b3ddc4547d1474072d6b7a24cd9f247066dee419bf55e8e3e659803d1df8c7000e2a95729a4dbd5de94ea073566c3b7f0becc39858069412
-
Filesize
1KB
MD568123892fec9f166cbf85d12304b8f98
SHA127ea5fa99cac6e3cbd1bd7a4b56f27b0144d98d9
SHA256bb0400a1f9c555a6a5ea06c81f44bb29e47f89c55d6321d204d3c14ee3bc79a7
SHA512edca75d3c5936ae6d70fc53933df9fa880ac636c3165c9676599e7def2445a05504946ecb37735d0426c07faf2bf840c0da259ac8819be9615aad6de5a2020db
-
Filesize
200KB
MD562425d25e40eaaa34a7c15983fd54e6f
SHA1766e00f8a72e1f02307c2cbcdd9a057750351c5b
SHA2567886b858cfe359d2ffc7e4054079ced0cd8632afac4531c3fcf4944c5ae7644a
SHA512dbbc81c56d8ad778887fd11a735722f39cb60bf7e2de40aabb9f10379bdbeab072c40b3f542372f46075d8f64eabe7b1a60ad3747460ebb7b523063bc7563945