Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
02/02/2024, 17:47
General
-
Target
main.py
-
Size
19KB
-
MD5
19b47c66786da9a52befe9c1abb38859
-
SHA1
9e1729a110bf01f9ac3edf7bdb8389aaefbf3993
-
SHA256
af430c797d8cdfc41744bac6abfd541146b07ff47ab95360ff6c7e7910a1c5d7
-
SHA512
609792df614ce1d9899d3ecff024bd2e8c8e7f0a845bb47265df0a4c6dc033d0a7d59148ea21edad9999e90e64535a00c24430f6523de88c0f4e1c4d650c6db4
-
SSDEEP
384:jEBk1c8qwGpQhQdgeFOOOiqmiyUycn+XZgs7J+D:UkO8qxpz+OONi9itwXms7J+D
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\main.py1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.0.453210235\463761936" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40091c5c-7a43-4a7f-830a-c177c248101e} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 1980 24cb31d8f58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.1.2029365849\727675153" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43174c25-37c6-410e-9883-9ceaf166194d} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 2380 24cb310a258 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.2.618005268\919390161" -childID 1 -isForBrowser -prefsHandle 3316 -prefMapHandle 3312 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29955838-41ea-4dbe-af3b-d8ed9f6fc860} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 3328 24cb315fb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.3.1343941472\1107911437" -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5fc108d-7245-4726-9516-eb173ba8f9eb} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 3664 24cb5af3658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.4.89787527\1308173088" -childID 3 -isForBrowser -prefsHandle 4028 -prefMapHandle 4024 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b70bad0-5a58-445b-b286-2622e11d3228} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 4040 24cb5af4258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.5.2104446089\962923751" -childID 4 -isForBrowser -prefsHandle 2804 -prefMapHandle 2800 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9881754-ebbf-4f74-ae72-ea83849d10f6} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5040 24ca6767858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.7.44987969\2112715177" -childID 6 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4ee0838-5089-4ed7-9ef3-152404df5aa9} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5252 24cb94c1c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.6.1646298938\41062799" -childID 5 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58c17694-b780-426d-bb3a-590fba34f919} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5160 24cb9494958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.8.2043002168\1156931239" -childID 7 -isForBrowser -prefsHandle 4168 -prefMapHandle 4184 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d6e1341-85d5-49c1-b9d7-dc9970f12ab4} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 4172 24cb923dd58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.9.839711845\1210986682" -childID 8 -isForBrowser -prefsHandle 5052 -prefMapHandle 5988 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb385d32-4cd3-4213-b6f4-77e43d64e9fe} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5768 24ca6767858 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD574a8a58bc4036e1c291b12238b443fd0
SHA1e12d8af6c9a7d3a98d9e6ed98b76cbd54c7cf0c1
SHA25637949aa4383f39912e8f34c6fe502222469635454c7720730604f00a24b4dc48
SHA512e1ec0218a47f298a71ea3949d2e97998f8a2decc463879e970d749d7fec65e5bb11cb126d89c34f68098667e7385987e3786bbaf541dcd88858af5e7fe812482
-
Filesize
10KB
MD543284e9e4d6b119f131d95a43855c89f
SHA1707fdd503f16b9aa8e10bfd6be1849e1f358eae4
SHA2565aa1dc3999a38e0beafb6ab66fc5bad1622035a4fa165cbc6d7c61c391332aac
SHA512c74890fd8660266c1c7cebf72acad8e151a58dc78209e7528082ea4d943f5ec9a60ebff68576a967ccc73be57e0a79a73776ef56c97f7711609a8c8478561dd7
-
Filesize
9KB
MD5b51ce6981a5bd5c13e7f9e14e696429c
SHA12db460569af85d977d3bf260dc25223c69c28e8d
SHA256c1f8d841b659799c17f9c52c642df10139e44b28929d40f2bedb533d3d0c8ace
SHA51267831036e31fd2257c49e994b4806379c6a8f4263dd295ff526560b134344a95a5fffbd40e342992fb3d6b2103c55b80e3cd40d4c37ee5ef9f3de3980a0909f1
-
Filesize
9KB
MD50c1d94cb4ccd190a9f4c3d764856481b
SHA1261ec02313668a07e53ceb4ca144382e56da7459
SHA25644424fdb3bac2515d21076ad8953be72ebdea7f95e16a90913353756d9e5a3c6
SHA512990bfa910597dc082eed479f61e28f864dc2705aa960b31bc39fc840270c29455005fb3a5b0932e00f54d1a20173adb14ad8c038d5d4053f0c8220b8b88361d3
-
Filesize
10KB
MD56249e32f9620566f6b21dd254c9cb038
SHA10c4745362066448232ed11c8d0d632c7d91f7f42
SHA25687a2685b0b492e22ff4a64ad3eada9541bf7c5cfabdf64dfc591565887d3092c
SHA512d9f2704d3b6627f12cc7d67c08d613a60776851375052aa4c56fd3f9817479621ef7fee6713c77f293264c006afb79e4ef5ada8e878414b7fa9ceaa37f3d65f0
-
Filesize
10KB
MD5a11bd165cb085f43a7b6b33a25479c3a
SHA1f42f0097535ad8295ab1d699792986f7cff7d989
SHA256924adbcf43c7996ca0b7659fedced0b6f5951565636ea7f0f9a5f3427a68c2b0
SHA512746a6f0d43dc81786e760776e180db5412148b73c528dcdf7fb28eb1bbe586045e833b10517f71020798434b40357af4835ab9429d8295ce42681f5acbf33f03
-
Filesize
10KB
MD5ccd418e045c550cfd90db5f8b53f0c09
SHA113f75138472dd840a87eb31b59414d15bafe8063
SHA25628c6c1346e6e5416ee78d64a116ee35e60044e72678b03bf46aaaa9786f464d3
SHA512d7908f7e2069de07ce1babd93f25aa8bf8344d244c502cddb2bba144950867e75b95302de71a868aa56dd50d9f7028ec23f57cdb0f3f20166be831539f97a971
-
Filesize
10KB
MD5b5fd5b94fecdc6d56d644b304533a3e7
SHA17f633d8a3122dd83cf71c58464a3f858f6316352
SHA256c961eb979c135a11c92bbf7129fa8cc16710c267f0f694647b82b553d9b1a086
SHA512aa77b3d89681a1dd298e9096ecfe4740ed5bced6ff70cedf2a06648b90c42544afc84634f59603a3c161f300239f7e43b58051c0be849c262ae83806b4eb430a
-
Filesize
11KB
MD57a637077fdef70846de48613f26c3325
SHA15dd4ed51880085a1d12a50de7f3847823ffafc88
SHA2562ff9a4a0e2f58f33a595640a8f2b83ee7d87c3491e314f13dedfc208042b87ec
SHA5120c506bf2007356cb0156216eb94e8d55bfee339bdfc93ba9bc7aecd0052af3f6d08278f58eefd504dbb8342540350dfa47a685527b9fc119df09d387263dae9f
-
Filesize
10KB
MD505f5e87088429d80a231309a06106fbb
SHA11e24f026b235477387795dda4793a0c9cc59fe53
SHA2560d74f924ee589ba093c9343aa6aa2d36c2f737c91b6bfaae748ac67559b6f3d2
SHA512c471eff589c72b5497b6ac2949e8a6dcd045e6cb43f6e6bea67436bf8d80d949c50ac7a870426876df5ef554754e7c0cf1c4cc04aeaf59b0232efb785982a30b
-
Filesize
10KB
MD53ae36d55aab5b9fa6c63147045bdfd45
SHA1902b5fa36945a18370f00464560da4e5652995bc
SHA2568034efb7de10681111ff9799f3bb7b8b6680b7526583451a07d7e4caad72dd2b
SHA512f5551fd9879d6757a2de6d2dd149106ceb0f6cfbdf073365ea8637892820d4ef4af2bea59f7552b00ea2d023ffdc9904abc6d903c551cb254719db107ae3d724
-
Filesize
10KB
MD527104290c57988c1cf0d8609db04f005
SHA10095721b22cca19a12ee4015439dc3d5747c0089
SHA2561442ed0ecda482cf3bd34369581a0de9f4508b1a30c2193117df73922d9932e4
SHA5128c5b7b6497ac60d87d0a9ee8e554a9b85d1feafe4e8fce69c281962b894c9b9fd483a99ae4ca86e57c85bc523fd78bc24fc466d6321177d6f08a0fb2963380b2
-
Filesize
11KB
MD55951efb749f029efcf9e6aa443f7cbab
SHA14ff66a790bcbaccd6a9d8fb7b3cdfb99fcddd966
SHA256bddde2b8d205d62ad150c3cdab63ab6a06b614d88e4f3aa633eed44a646d1812
SHA51280e96973eda2f64bc56e55b2defce8d1cda68ec1893ed6e849b76e2f21fc69790bcf8d372e199a0e2bed605b200e676df60dced3b8f5b0def524199d1863fd5f
-
Filesize
10KB
MD5a950163c0d6ec014daab851a68aba125
SHA13f8307a1fad65b73f951ef4a5ea8b7c4473b3be3
SHA256862a8d35ea1e92107eb4eede484af32f2eac95a20908c31cec71a1ee7e8ec6b6
SHA5129c9feab06ee2275001253b69611980538d9975eb5367f404245beb1ddbd08aa98caa482eb79b0e8c278221b95d46d20ddd9a6c4ad2aec50cef8adc527c706c30
-
Filesize
10KB
MD5054d55c277db29beb3f21875941fa468
SHA10eeb8e458ad293b5d5a0e62c9cef11c4a169a2ab
SHA2563fa698e900d5989416bc5d6eba724e033166ffb2c1c33a74fdb695d99ea5604e
SHA5125684a0e1acfcb5d76236060459a5b6eebe2e372b13c75cedfba819d1e5628f979ebfcccfe3ac0897725683be62916486dd09a8934b05c946422a9beca8cc5957
-
Filesize
922KB
MD5a01dd1d9e7fb4d2ba3d7d7da14bf7e68
SHA1fbcd6141c9e95a881ab572c6cd2c311654b6176a
SHA256aabe69732c9e30d739a4a82754c9412748f31ac52dfa5cf681c1f1adb87d8e7a
SHA51212e9f65a9a5471a98dee18a44f27f7161d1d8e53a770ac1f9b090bca774224a46f2b7ec114cb9d17d4b4a1fcf0f2a975565d3ceeaed7712c7527c013cf07f684
-
Filesize
422KB
MD5c834888bd26fc2dca144776cbcc96039
SHA16b80aec0024a09782bf865b6273a4665b9652d6c
SHA25652b48515313c328fa86e4c517b837038e0b41ac997f091e8ce89235ae557e8a7
SHA512dac209dc941813b9550fb09ca9d695a4e60b16f7dde9b95152de1e835fc7c14e656319ee0a7848cbda54e12bd7483d6262db8824899c416b87179e3aebdfae30
-
Filesize
2KB
MD5c4d3d34cc940b0227df0859ded5b55ce
SHA1224d8c2c4cc84ea22278596597740b555bc55349
SHA256f3da3c779b0b099465702c7ba91a6184cf62372b03da094a8f991d6bcf06d07c
SHA512ad1a0315f43d3d7d87ca591de68657a331cda5be85d4826468f119ee3d3b7ccceccc841f87cd50135badfc2d49468c17eb3b89794483589b804a1601bf2de4ef
-
Filesize
11KB
MD574064550055cf81181f0d382409fc021
SHA143a0ba75cff355c073a9d57638b455a00f5038fe
SHA256778c7766a6587dae41a26b6aa14b84e422e49cfcaa3f854f33c6e753480316b3
SHA5120ac984620778706ecb2ee916672cf3aa6cefadedb6204784a12d315710443ccb50553550b1284c7825119ae9889f97057ea5bc0f14e7ccc5a109d7303448f8b1
-
Filesize
746B
MD5880fc724dfc81d40e9e5f0e114c79f85
SHA1e316e5f42462e3ca08f1f364e3aeee6b3565bfc0
SHA2567ea90ea7f31507e90c3bcbaa2eb133d403c30afb6f1fc1e768f5a0c51b06af0a
SHA512ad6434af833b88eeb534dcfa83eadbeec6fbca51dde7051e09489e325a01b75957eb1df0f0e397d3f33656d1ef57abb5d262b358c391112a66dce66f84d233cd
-
Filesize
6KB
MD58c504112ba021723568bdfac91a36b1d
SHA169253f1b376fd226abb73e19ff681f31072f5caa
SHA2563ba6e9b09b84e18577439680a9e9bd5c2b18c503b15a6bddb114565b12916dd0
SHA512a10ca6feb6aff6ccc8cec7ad616393b14b1ab279ea4f62e0a7baa1d6bd786743b3751fde5a04fc11d5980e6a0b9317fa4b07a8324c5fb7235c1b387cb4734763
-
Filesize
6KB
MD573267e363305f0575515181e5e5876e7
SHA133a0ebfb001efe8af87712842d08e9ee2b1d1926
SHA256477e3881acd0d85d586ce5c687e793c87347943ef028ea6aafca666933566d3e
SHA512d0fa8fc0ac5fd81d0640a73ed0d17596e757b10c5dca314ef9e14a458af176d0c18d6529baec30abe0bbf151977d1f0ebe21d1a0c9e82f56eb58d68728cc2956
-
Filesize
6KB
MD50fd13a1d357388b9d94372c00f78e722
SHA1097631358c2b72637f5c023499b2b2ebaa9216d9
SHA2560f72919ee5f9de1c6ea5943dd7c3333178559f57e90bd231af627e156149fe00
SHA51283c7717fa03333aa2ae9831dda13e723a5ef74344ee66f89b432b2b799415560216a8aa7e6c2b1223cccfaeae4aa97094bb8d5c5c31f9e0077742893a3c40e61
-
Filesize
6KB
MD5971f44c988663571d9a4cceabcd143a9
SHA10111bc6c0651c6bcc67ddaad0cbcfe1576d43faa
SHA2564753f0b3dfd54e55cfed85aa0470acc8fefa13e80adba817441cc3a62b2a3815
SHA5121838668f40d42fa9babc813f78ba9780aaf95e25e7fa6a945306f97402cf6b12f4ef53aa610892c89704ef41ddc9fcb0e965509f60735d3beea93a85040f04d0
-
Filesize
10KB
MD55ce2d22a32fee938f269198346942387
SHA10d09374e8939f1323a60ffa9bdad1de9c53beb99
SHA2567e5c20b44a2ac86712e11d95083defcbbaabb5219cf82c3d528963943328b31d
SHA512a45c145a54812f614dde13d37c484cb3ee5fec53806c70bbb742563b3a722d20839b62d5ca6a7b35475d8953865b0a6cd5edb5f606a936766ab5fddc1e35f4b8
-
Filesize
1KB
MD5108f291bcaa9847867be8e12b9942a0a
SHA1342b3df0e1806fcbc61c8d242564fc70181e6daa
SHA256fe624e7c7c2d49de40a2191b159daf5a29a366390908aa03e0b2cdcd1c1980fd
SHA512b496288112bf543205b9c5e2a1d8d16263541043a4e4a45da887ee6b1010b9e1e21ad5642ffbc30bbda523dcfc2d60bb3958a1ab850cb4ab45f0e7712c3683b8
-
Filesize
184KB
MD532c66d355168edc7ca70086708eab2e9
SHA12569636b2b8e76542853c0d9b567dbc932baad6f
SHA256c1aea2dae53f3f9ee512aa2ac0c81ef294e9b40e0b2bd15d61358bd494b5e2b4
SHA5122cd7a80feca4c35578a9d797cad3275e9e320bacb235c2076649ba6ce9f969ce649d36cd2eefaf2b3f81444d5a3c2061f19186299b1f03266ba5ccd0f11c235d