Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

42.zip

windows7-x64

1

42.zip

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/02/2024, 03:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42.zip

  • Size

    41KB

  • MD5

    1df9a18b18332f153918030b7b516615

  • SHA1

    6c42c62696616b72bbfc88a4be4ead57aa7bc503

  • SHA256

    bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

  • SHA512

    6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80

  • SSDEEP

    768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42.zip
    1⤵
      PID:1456
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2212
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:5048
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • NTFS ADS
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:856
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.0.1596111506\747286162" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {304aa4ad-7f22-4c61-b4c5-250afa54167c} 856 "\\.\pipe\gecko-crash-server-pipe.856" 1948 237978fc858 gpu
            3⤵
              PID:696
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.1.345696337\1583183422" -parentBuildID 20221007134813 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45a47cdd-aef9-4c84-b033-3579f5ae5ac1} 856 "\\.\pipe\gecko-crash-server-pipe.856" 2348 2378b071658 socket
              3⤵
                PID:2632
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.2.220513038\681732360" -childID 1 -isForBrowser -prefsHandle 3108 -prefMapHandle 3124 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b1154ee-e9ca-4b98-a225-4c502e54b993} 856 "\\.\pipe\gecko-crash-server-pipe.856" 3192 2379baab558 tab
                3⤵
                  PID:1256
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.3.339942449\428140570" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {677dac2d-3aa8-4b59-b20e-6e6ba37ccb15} 856 "\\.\pipe\gecko-crash-server-pipe.856" 3580 2379a314b58 tab
                  3⤵
                    PID:3532
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.4.536410419\120386448" -childID 3 -isForBrowser -prefsHandle 4332 -prefMapHandle 4328 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {318f8410-6d34-433d-bbf5-952ba869a782} 856 "\\.\pipe\gecko-crash-server-pipe.856" 1700 2379d6c1558 tab
                    3⤵
                      PID:3840
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.5.1737106712\1431996077" -childID 4 -isForBrowser -prefsHandle 5184 -prefMapHandle 5180 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf0219f4-08e8-4178-accc-e4d582c9fc0b} 856 "\\.\pipe\gecko-crash-server-pipe.856" 5196 2379d6c3958 tab
                      3⤵
                        PID:3492
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.7.2036754640\562001169" -childID 6 -isForBrowser -prefsHandle 5524 -prefMapHandle 5528 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {993775bf-fc84-4044-845f-27d9ac3fd3a4} 856 "\\.\pipe\gecko-crash-server-pipe.856" 5516 2379deb4858 tab
                        3⤵
                          PID:4296
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.6.242712770\304888960" -childID 5 -isForBrowser -prefsHandle 5336 -prefMapHandle 5340 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16744406-21ef-4349-99ac-8026b4986ac0} 856 "\\.\pipe\gecko-crash-server-pipe.856" 5328 2379dd81558 tab
                          3⤵
                            PID:2704
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.8.224898028\140987586" -childID 7 -isForBrowser -prefsHandle 5924 -prefMapHandle 5900 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d96603c6-10e6-4441-9e50-e0970d7ca803} 856 "\\.\pipe\gecko-crash-server-pipe.856" 2844 23797ba5458 tab
                            3⤵
                              PID:3476
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="856.9.319360319\362512258" -childID 8 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ded0a0f-ecea-4975-ad70-12cd777ddd70} 856 "\\.\pipe\gecko-crash-server-pipe.856" 3408 2379ba6bd58 tab
                              3⤵
                                PID:4844

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t62fqf4l.default-release\cache2\doomed\18310
                            Filesize

                            9KB

                            MD5

                            9e4cc11ec2d4c396c786d6cac4733e4c

                            SHA1

                            873acee311f37161c6708e5ac535ee0c4df30a1a

                            SHA256

                            821683d09f4adb259e132c4889305f6e806a6bd742018884a9945426597f14b3

                            SHA512

                            cdca4eb349302d63c8c01a9a32bdaec26180017474fd897719abd2e707b006239af39d56491300b192e71408de2226d6b4373dd7a952409e7d1b5678d3485865

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\datareporting\glean\db\data.safe.bin
                            Filesize

                            9KB

                            MD5

                            20e758b5f6b648e9e93d030f263d50ac

                            SHA1

                            425b737d0edb5bcfe37ebfa50acd289a298d6b04

                            SHA256

                            2c3e472b64c40ef89e1b1c7b3ff692843cb61beceb1812af0568a6a8b81763d4

                            SHA512

                            f38c9bb6dce4a50e76ac07caaa560a46b4c109ba031f08a03ef985c5df90073aae453e747e10e6bb17493d72d9d37c9588c37217f38c4eeb54e06d618af056b1

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\datareporting\glean\pending_pings\32d7fcd2-674a-4811-9a54-dc30452220fb
                            Filesize

                            734B

                            MD5

                            afb95a5a6e525d72115f8b0d0fd50d25

                            SHA1

                            55c91de1f32c8fb27badebcdbb6073585132a2b9

                            SHA256

                            07bf64c778c1621a15ecc2f5c8f1ce8c8fcd6f86502c2832cb3e8940a75b2ba7

                            SHA512

                            0215a6a0525e5042c3517f5263d7410df13e056280afb123ab90005e04b710d9bf70db5934da76ab44fe218f5a182e2f7ffbac2379bd83a24d2b30f4fb439cc7

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            00e2b7bbdd31c72ba583df29128834d6

                            SHA1

                            ac1835a2f2e58246d691239d08ea7fdf224af82c

                            SHA256

                            a244de8eae5493e02ea7c04ddf38a59ddbfd1102524c189f1f69784b7c601e04

                            SHA512

                            1e8b16cb33d77d238a5cbac0add4b75b2061fd37368597f7b4d994e8a9f8d5b6b493124293ada916cb78e55a2ba2f8285b47217004c1d71b2f098c88eda8e632

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            259b914115e6d6b56e2e18d8801878f3

                            SHA1

                            05c2fa40450d6a28e5777523ce7d0095b61262ed

                            SHA256

                            7fc6cb0fa0be0252f4ee9ee06e708bbb8bf21d8030180fa4c0a07bcacae62d02

                            SHA512

                            1e060fbe294b0d29ef676a29c54988b66d47d44e85b8a326221e44625af62ebd87105ee73c693acbdf6e229e95ca564bd8b2abae813a36c0bf505812f053bbf2

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            58b538adeb4882329c800d33c189dabf

                            SHA1

                            605065d5a98344fd0775229c40003b98ddf0b025

                            SHA256

                            022aa1b8e160fb6783dc6ac347ea0cff477e4fa940a452e85bf42ee25fa15733

                            SHA512

                            ffd09efa6ed2f43c17a3c41a219829342ab6da28b7c121f0fa86097809a953cb1ac6a73d89a2dc51ea06917f5969e10e8e09860c6274faed311cfe3a0c25132d

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            3KB

                            MD5

                            e3c0045ad0ae65df0d00b07a26efda1e

                            SHA1

                            a0a04fbc14cb2cf345c2889c2b4edd19ec39e5d2

                            SHA256

                            260236914e9c8c843c06f5f68e251c3f4d3bd1ae8d6bf7199320eb8b4085d110

                            SHA512

                            269a5acea99176b7b5bbaf02335a5b15056b4bba5de23bb41de827ee349ff6eeb96da040de49bb883fc3d64231477368942729769346ec27fe7d0878a63998aa

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            c5641ec503ff7aef16f35506f4d18046

                            SHA1

                            e6f17b753e2ee87b52bde84af2ff881ce59443a1

                            SHA256

                            92ef43e10e12d42b10ac0fd6b2ba2de788ee0e821b2c3ee8d84f05a0f7fce624

                            SHA512

                            5b0b0f02c21a77281b9d43e0431143fc32da2b2ec750110e2b9ea67901f9d111f42a2eb9af2a09260dc481ce2e6cc6eb9d3d814a36065a574a7e93c4d0110f11

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            e9aa6a7dae1076b29a23d4d90a68d0da

                            SHA1

                            bde2e8d900dfd9435566f59414493a0073437335

                            SHA256

                            8b4a3965c87dc9d764cb77f9c5485deb9b0f6c187f2997da1110b5af9b3133a8

                            SHA512

                            532fd44738579d820a3dc93b9fe53f3b690b173c0f5f32f112919243957da6c07b35ea1ae8b478b7fb1aee63bc36d14c4af4722024ccf4cf024a324f65b8b755

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            93060583ba9db22424f6930bdb6c48a9

                            SHA1

                            34db50defd942acaff42dce874dc55b60358a9cb

                            SHA256

                            6e6c67510d3d1c6c84bf315992a856ba57041772862eccb9bbabd6da40f1ee2c

                            SHA512

                            987f1f5ec1fdc95ea59649e341b9d48c86fc1cb71d8bccf404110bace52739f214747fd4eb24bb3aefb58f7411c1d23a4ca685f0102453c694dcf2e2c4f40530

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t62fqf4l.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            4897ebb6425c198e756c22fe341c3a3d

                            SHA1

                            04d7f0a0f432bc55cd55afa710318865f5bef43e

                            SHA256

                            11cd17c6af396c9ea73dd9e1f077a89163d06626970ee7e3f72baf8b3cb983e0

                            SHA512

                            e1c5ced0ed21ee82dd055b243451cc190ec059fb6394017eeb27fa0fc9c5b910dd1235e69ea0667c0118ac01dbeb10734d0728dab775c0f1ea5aa504ae80a54b

                            Download Submit

                          • C:\Users\Admin\Downloads\42.5W-KhYR-.zip.part
                            Filesize

                            32KB

                            MD5

                            8d10475fd6d4478eca15061f07f6d05c

                            SHA1

                            7453584acfa48459aa08fbdccbb0a97d175d453b

                            SHA256

                            3fc60f97dc4cceb103337319ec7a61b5b87af672642a2ad31499b1280938f67a

                            SHA512

                            293a32f2ac16ac0a86423bb1ed78dc232db8c34cb2be64cd8dc6c1190d86f21f4f9ed1ef9f1633d71c3bdddc323979d7f3857de9aa6fb0fed2532365440cee4c

                            Download Submit