Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

iis.Stupid.Menu.dll

windows10-1703-x64

1

iis.Stupid.Menu.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    136s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24/02/2024, 19:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    iis.Stupid.Menu.dll

  • Size

    470KB

  • MD5

    64e23a193ad93a1f3201d287c8ba2e51

  • SHA1

    233f783ace5164d124aa3f12e829f3bf77d63767

  • SHA256

    54815ca3d48244d0e708d5e7976c723b9f63de83e67d8480ddafe0909121cceb

  • SHA512

    f6839b125d1cd8ec89e0ce4cdde355b7f50f8c355795cdb97f18f0e8a0e118bd8af799f6ab73940d91c1963635ad90355b6c333c6beb836ad2ac5b2079b5f2e8

  • SSDEEP

    6144:fJxSqVcow/EE9XHbutukdTRpMCVbHB6Wr0mFfHCEU4XuHc2aLx2:xxSqVcME9LutDFR4lEXPzF2

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\iis.Stupid.Menu.dll,#1
    1⤵
      PID:4212
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:556
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:2832
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3744
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.0.1659032790\252930495" -parentBuildID 20221007134813 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e853a77-9f89-40a3-85ba-3a8f61a613fe} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 1756 21ca22d5f58 gpu
            3⤵
              PID:3796
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.1.1445650803\704929556" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e640f80-ac1e-4014-922e-f7da6d55074e} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 2136 21c9086fb58 socket
              3⤵
              • Checks processor information in registry
              PID:4424
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.2.172389756\962716170" -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3000 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f232c49-8603-4bbe-b10b-8d9fcf1f5083} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 3016 21ca225aa58 tab
              3⤵
                PID:3936
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.3.280632542\1319600248" -childID 2 -isForBrowser -prefsHandle 3524 -prefMapHandle 3520 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f0014dd-fe03-4e53-8ca0-9c3679cb5d30} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 3536 21ca56b6458 tab
                3⤵
                  PID:3128
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.4.220829037\595031171" -childID 3 -isForBrowser -prefsHandle 4368 -prefMapHandle 4352 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48f44138-19f8-40a5-a84f-1fb4312fdb41} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 4384 21ca8c8eb58 tab
                  3⤵
                    PID:4576
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.5.1147291801\1252875558" -childID 4 -isForBrowser -prefsHandle 4736 -prefMapHandle 4732 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20e4f894-8419-412e-a89c-f8a6517f36f3} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 4752 21ca8f12b58 tab
                    3⤵
                      PID:3788
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.7.1536649312\366482124" -childID 6 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83ac9d24-a876-4d85-a559-99bc95d416b4} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 4780 21ca8f11358 tab
                      3⤵
                        PID:3324
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.6.1651732621\562484045" -childID 5 -isForBrowser -prefsHandle 4896 -prefMapHandle 4900 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd126e56-359c-4a29-93da-07e205761177} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 4888 21ca8f10458 tab
                        3⤵
                          PID:3444
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.8.1087915201\1760527091" -childID 7 -isForBrowser -prefsHandle 5484 -prefMapHandle 5488 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {013234c6-21c2-4a3e-b3da-9ebffe119da3} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 5504 21ca6ec9e58 tab
                          3⤵
                            PID:1512
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.9.1429901663\1213625216" -childID 8 -isForBrowser -prefsHandle 4864 -prefMapHandle 4876 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65dde02a-c490-4f1f-88c0-caf1c3f72fa7} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 4840 21c90869f58 tab
                            3⤵
                              PID:4428

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\cswg9rdm.default-release\cache2\entries\8DD38B1D2E458601D2CA0C084D148B982678448E
                          Filesize

                          204KB

                          MD5

                          838ab5b8e7daad5173d694fe75c4add3

                          SHA1

                          5a9bc6dcae376f0aeba2962e27f6b3666dcc8282

                          SHA256

                          f918e91bdc4b125b7fad5e7a8bacb5e4a6dd82372f3e2a4a0d15e549d000c73d

                          SHA512

                          bda8b532419a8b1efe01970c20b65d95e9c711e74e2174fe7a74b9675000fe95839633d56c9c3d9ee59f95a5462c18ba433a6d33cb995b9f5bcaa77461a9a1fe

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\datareporting\glean\db\data.safe.bin
                          Filesize

                          2KB

                          MD5

                          96d0c860e09c9967f9a47e28006ca6dd

                          SHA1

                          97576fb6d951dbd543f0043d572f8e8d46c164f9

                          SHA256

                          da15b207651e24bb136bd483117ab7724523f05ea0f5fa659ba63bb5d384930f

                          SHA512

                          a0c3c644b6b0acde13cd93669aeeb99be4db9c75cc81e2ce414f872d56f37dc8ac3ef6a8143b48abf2a685e80a2f76a8ebbfecd52432369e5dbfba5541028129

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\datareporting\glean\pending_pings\1a2cd20a-e6b9-4975-bccc-2e6f2a7308d1
                          Filesize

                          10KB

                          MD5

                          1dbbe820fc4c45f6d6bda1b46937171c

                          SHA1

                          2615715aacbbbcab76f4ce6989537b7ae2c6e2cf

                          SHA256

                          bb9a114d534205e87d1ca6a8cf2f1a033ae66401d1db56abf2a6283ac0cd9747

                          SHA512

                          8ed88eb29ee9fc664b7d248493ca6df8fa512dc74e94482001d9f3585c96623f2915d82fc1d9c95ad5995550e828e33d35bc83c4e43026dc1472b1d4c57849ce

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\datareporting\glean\pending_pings\bb8b3cc6-b41a-4cc8-a497-9fb09bd0b86c
                          Filesize

                          746B

                          MD5

                          2a6268ff5fa363223e0262eab801a7b5

                          SHA1

                          e22f4118aa047ea753208cfd33c7e7efbeb97c03

                          SHA256

                          46b348546049b8e4e7d0d81731810a20e6001591946e9977b58688e31b7d936d

                          SHA512

                          92585ac98dc4765dbac5c29753f53bfb21bedd85483d9fd86ef254504e7f3411b4b12c932a2426f44ee338bb728810df84aa7a4caa4852f1077b56c715f08183

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          aed64f74d9e9607f162d848ff8b5ee13

                          SHA1

                          cc7dfea82f795c3f3a20914c0f1b322c7babafde

                          SHA256

                          961e2086ae687fcd74fcbf03d3e999ee03348930cf00f9b59b93db9163ac3b81

                          SHA512

                          8293876a916cdc78fee30c174dc79465ee294de363c3791f8af7785cc31b1a825261dd1a52eb0c954a0eeb6430e2a38cc044550b50e6eb1c095d3d25aedfd4fb

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          4d0e618efb08fd4af6576c7e879b4e3e

                          SHA1

                          30cca5608e7b9239f77884eee6f12d74c7581e99

                          SHA256

                          61eebf05d14d6036865715b97eff6507559a5a0d595971230c8a9e2862e8fce8

                          SHA512

                          8b348f4783336cf8429f33599531b569043df27fd35441cf81d7f6990e083db71d215f5cd298bff3ec342ff2f5d6bd23700057d2aac9e129cb699a655c75a5bc

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          107ffd1240c558ce4cc5677e09a6764a

                          SHA1

                          cfbbde16689f24af14ccdd29993e9a527267904c

                          SHA256

                          9db1caf5ac552c7826cc8f12d13c048693c74ab93b01acdae78b148130e1bd98

                          SHA512

                          889e983cccf0c003248db17758cec07a5636f0d479027cc78d8f1dbd67ee06de25b8d9fe4722c0ea5cacdb3feb49fc1c620f0cbf526e5d47ea0d834da41a1cd8

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          fc3efd2385e78a903dc9213bc3a2687a

                          SHA1

                          3f5feeefcb4cee00182a1e07df1322f0bda8d0e0

                          SHA256

                          140cbc9012fc472a32811bdadfffff2945ccc3b4c8116dde491e69e127f0253d

                          SHA512

                          abba4cad0422e1188dc3638e5ff96c9148d2e007cf63a2c67dad649a2f1362cfd8f61eb3f065828c4bd22462fdd66fc874dbc8d3b4e11325e3000f4f69b8a3a9

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          4KB

                          MD5

                          7e5ff5051e5adfa35d05168d5b8a697b

                          SHA1

                          8e3832dddc1a51dfb6bb20b397dc8150ac4c1a1c

                          SHA256

                          aa6796ff403ee4f98e729485d45827331fcf73f307e82a1d6b01cd621a04131d

                          SHA512

                          670879f7ad1eaacaca6f4ab9dcce977c5148b3bcb30931bdd01f1277c7c5cb8f7a198f7c5c73803d497efd625509552263b2ba564f53f3d30faf880af4e0456b

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          3KB

                          MD5

                          b424845edf767f8c585bfe26cc61279a

                          SHA1

                          55943c03983d3f58c07ba7125c4da88651e97005

                          SHA256

                          f96f43f426cbb3796e9a3377c23e8054478883585796b2f5c37a2723bd3e6a90

                          SHA512

                          3e017656d36a223b3ccdd38214245bff76bf981fca80986c39efd5afe653c3dcdf62640dd8ab6fb4fc8755f34bee9302084e624107c8f56a34cb2382867c5931

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          4KB

                          MD5

                          4ff057865725f35068054ecd157e1d77

                          SHA1

                          0ebee3f551269c8abfcc9a6b1a53782f0e1eeeba

                          SHA256

                          7f9c404c93474b6ba6dd3f269fcd3f7c96e3b2d4dd845eb60118b31b69469e2a

                          SHA512

                          b7dc7185155e042eede5f4f3763af3ee90d32dcde88228864db30d3c06d2621e26fa315358e1e26913e276c20334af0e3a682a917ae718f79290114d7f34d5d5

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore.jsonlz4
                          Filesize

                          4KB

                          MD5

                          a8da7e56196698f331bbd0800fa03d29

                          SHA1

                          d4bcab0f77d86af5895b8b02546d31eca00cf0a1

                          SHA256

                          a22ed02e7275d01fc0efa526d43356b6c1e62137a1da6dff10e02f48969405b0

                          SHA512

                          ea489dcacad5ee3aebd0d0f463ce572dca513922e2b7bf7dc20625adaf240d2e75c4565b661f3d22f7151e3ed937dd180f2b9c2da17e8d1f7434409ff80306f6

                          Download Submit