Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

sparxmaths...tar.gz

windows7-x64

3

sparxmaths...tar.gz

windows10-2004-x64

7

sample.tar

windows7-x64

3

sample.tar

windows10-2004-x64

7

sparxmaths...NTS.md

windows7-x64

3

sparxmaths...NTS.md

windows10-2004-x64

3

sparxmaths...UCT.md

windows7-x64

3

sparxmaths...UCT.md

windows10-2004-x64

3

sparxmaths...ING.md

windows7-x64

3

sparxmaths...ING.md

windows10-2004-x64

3

sparxmaths...ICENSE

windows7-x64

1

sparxmaths...ICENSE

windows10-2004-x64

1

sparxmaths...DME.md

windows7-x64

3

sparxmaths...DME.md

windows10-2004-x64

3

sparxmaths...ITY.md

windows7-x64

3

sparxmaths...ITY.md

windows10-2004-x64

3

sparxmaths...ests/1

windows7-x64

1

sparxmaths...ests/1

windows10-2004-x64

1

sparxmaths...go.png

windows7-x64

3

sparxmaths...go.png

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/02/2024, 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sparxmaths-5.2.1/ACKNOWLEDGEMENTS.md

  • Size

    650B

  • MD5

    1d1f8ea272df26f2dc1ed954139d5bb9

  • SHA1

    75309b0c2a88a4b62703fd5c3d8abf4066995dbe

  • SHA256

    2f4d851dd551d2f32dfe7b6805ec8facf137cef6a6872325c594a2cd0765d861

  • SHA512

    18e9aba218ab512175643aa3e6cf845f1fc47e217627546591d8c92d0930ed378379ef2dfe1f04c3a3ec3d1f198157a97e4935a9d552d2e863b5b319b942173e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 40 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\sparxmaths-5.2.1\ACKNOWLEDGEMENTS.md
    1⤵
    • Modifies registry class
    PID:4240
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1272
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\sparxmaths-5.2.1\ACKNOWLEDGEMENTS.md"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3448
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\sparxmaths-5.2.1\ACKNOWLEDGEMENTS.md
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3044
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3044.0.890887113\1191600781" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45253068-6bd2-4aeb-af70-5720dfb1792b} 3044 "\\.\pipe\gecko-crash-server-pipe.3044" 1964 149554f4858 gpu
          4⤵
            PID:4416
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3044.1.1959871879\845263263" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {744e232e-dd12-4777-ad08-2a0d41f9ae6f} 3044 "\\.\pipe\gecko-crash-server-pipe.3044" 2388 149553fd858 socket
            4⤵
              PID:3440
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3044.2.606503665\1895909561" -childID 1 -isForBrowser -prefsHandle 3044 -prefMapHandle 3040 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4aefa739-de72-4ffd-af9a-64f466048a7e} 3044 "\\.\pipe\gecko-crash-server-pipe.3044" 3168 149596db858 tab
              4⤵
                PID:4352
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3044.3.1830883083\768998781" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4668b0b-310f-453a-9375-9121f4eba5ca} 3044 "\\.\pipe\gecko-crash-server-pipe.3044" 3564 14958095958 tab
                4⤵
                  PID:1388
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3044.4.1684714828\2089250883" -childID 3 -isForBrowser -prefsHandle 4860 -prefMapHandle 4812 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b5c90f5-d67e-44fb-b180-a033ac91b56b} 3044 "\\.\pipe\gecko-crash-server-pipe.3044" 4864 14959ab9758 tab
                  4⤵
                    PID:836
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3044.6.1908581094\1311340704" -childID 5 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf9960b7-7642-4aa6-9f4b-dd6333b63ccd} 3044 "\\.\pipe\gecko-crash-server-pipe.3044" 5196 1495b9d2b58 tab
                    4⤵
                      PID:1516
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3044.5.851613904\1080404469" -childID 4 -isForBrowser -prefsHandle 5004 -prefMapHandle 5008 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9312bfe5-2522-47ba-9517-c64ec0e6ab6d} 3044 "\\.\pipe\gecko-crash-server-pipe.3044" 4996 1495b9cf558 tab
                      4⤵
                        PID:3988

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD
                  Filesize

                  13KB

                  MD5

                  c7fa67ca697200057fcc67ec5359de85

                  SHA1

                  743806d15f3e5f0f34e7ccfb6c78b388a7a2c060

                  SHA256

                  14f0719d62583f5c008d7170e04abe93e2c9294bf76159bc5b5735ec102eef37

                  SHA512

                  c6d524817fc198fa623fd9e6c1d891ca7b7e7b84434c15d4c0a295686bc20df0f54df1d910d4afac8ea1701bd49bef86c70f4e1baeb47284089e52c6f9bf69e7

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  8.0MB

                  MD5

                  a01c5ecd6108350ae23d2cddf0e77c17

                  SHA1

                  c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                  SHA256

                  345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                  SHA512

                  b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  a84efece5383a7c24408df513ffda297

                  SHA1

                  f81364373e1b741fa0007fc9082285715e2269f5

                  SHA256

                  cab62e7cf9423df09566fbdf85ca84dffa4f8b0b3509f6095b38b430dda882f0

                  SHA512

                  e1686fe81c47bc9db61a65c0887551410b8ea22d6eb165d97bf50c01f639e3e98f82d5a25ac0c45227765591c00e9d0691ab587daae29ac7d9f63e11343834a5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\datareporting\glean\pending_pings\7403c62b-3d7a-4851-94be-496e3527bdd5
                  Filesize

                  746B

                  MD5

                  c20ad1680df754760170a77951a57a52

                  SHA1

                  df42f016b7b678791a89fa43d55740b25de0a549

                  SHA256

                  e8c4c091fd62169981425c3590aa33b85f7846eaeaec6855acb4784b464d3fd0

                  SHA512

                  ca897ad1ce779725d401feac0de2d73ccb1f7c9604d9985eef1e47eaf0987da6c5e446f6115079ba506f37735e1da2ae353ac364cf3b17e2c460404825bed4bb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\datareporting\glean\pending_pings\a4080c4b-ea79-45f4-8c7d-daacd72e04a6
                  Filesize

                  10KB

                  MD5

                  525d3a0edf2111b1e3e147508f3a4509

                  SHA1

                  573ae9cfd8d3cdba73f3981987120daeaa0b3640

                  SHA256

                  3deb821f3c7afea1a5fc42e72bbe753c4eaa11eadd90782e93307ddfa7a13046

                  SHA512

                  12b3fd2f7b27154d35418a808502fa93122b0f91b940d0ae519847b2bc34c52aeb215514a4c47ea657451e8321729ec822cb51e263bf1170c2fb0c8f4b7e291b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                  Filesize

                  479B

                  MD5

                  49ddb419d96dceb9069018535fb2e2fc

                  SHA1

                  62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                  SHA256

                  2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                  SHA512

                  48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                  Filesize

                  372B

                  MD5

                  8be33af717bb1b67fbd61c3f4b807e9e

                  SHA1

                  7cf17656d174d951957ff36810e874a134dd49e0

                  SHA256

                  e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                  SHA512

                  6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                  Filesize

                  11.8MB

                  MD5

                  33bf7b0439480effb9fb212efce87b13

                  SHA1

                  cee50f2745edc6dc291887b6075ca64d716f495a

                  SHA256

                  8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                  SHA512

                  d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                  Filesize

                  1KB

                  MD5

                  688bed3676d2104e7f17ae1cd2c59404

                  SHA1

                  952b2cdf783ac72fcb98338723e9afd38d47ad8e

                  SHA256

                  33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                  SHA512

                  7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                  Filesize

                  1KB

                  MD5

                  937326fead5fd401f6cca9118bd9ade9

                  SHA1

                  4526a57d4ae14ed29b37632c72aef3c408189d91

                  SHA256

                  68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                  SHA512

                  b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  a820b3dfdb16c291555f0bcc2c975c4c

                  SHA1

                  9e66e88bb4ea245912e2702dd7a19b3e8c05baf4

                  SHA256

                  f76cd272427e9f88d689ef2f22b88f16f7ea00725cccd722be7dda71c6afa989

                  SHA512

                  adfdd90dc161ae0d8a8626aeb63ba85c4de772ff1b73f357c372cba4415380aad245c094422331320cc6983a6dab0c1cba5bd92a5564150bbed1e50b1c151576

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\prefs.js
                  Filesize

                  9KB

                  MD5

                  4f14acb79bbaeae47e7b6257f4007633

                  SHA1

                  7660f49b50260405bec1bd243eff0615265af8ce

                  SHA256

                  ffc46e42e3a52de206d75c151608d7dc91256da495e00dbfc9523a0c34b3e1e7

                  SHA512

                  ce98ea15c20c51e0584d1b50040ffd47c31992d51dd9f0eb0a3ef596e297677a8f8415c590a765848dba8c3e40d451ea1ccf56aec5c87f9372b821fffbceb0e0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  d13295402de74517e588766063385eb9

                  SHA1

                  6179f2d0b67c544703111181191806a36a442d40

                  SHA256

                  0077d9d2507b8317ce7646108e982f9623cf1fe1559c05ba5ab9ce58a506c9e3

                  SHA512

                  e58e93cdff8e2a253252f0fb54f6a237dd9b7b94f6a58e7bf86ff822f6c6b3bafc2704ec55272f57b5faefe7d8c79012ed49993d3cda8e343cd7367aabb596a1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubtcfhsb.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  ce9615fac217954505e9c53e92b66c82

                  SHA1

                  13be8d9f5a65bae51648b64cd68844b4230ef598

                  SHA256

                  2a94ab4dc26b903f31f841ae53fae2e75c24d90b6007f0169e5a87ca9eaa0964

                  SHA512

                  767540e4e62b4d3ccf6453f3ae0331e6b97d4f05f0b071a4966d7efdd56f4189817ce35b4e6f226d3444d559d0dd3ead46867c523b31f4fddee159c8b0fcaf91

                  Download Submit