Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
84s -
max time network
89s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
27/02/2024, 21:26
General
-
Target
https://github.com/TheAltening/Authenticator/releases/download/2.0.0/TheAltening.zip
Malware Config
Signatures
-
Loads dropped DLL 5 IoCs
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
-
Modifies registry class 37 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SendNotifyMessage 4 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/TheAltening/Authenticator/releases/download/2.0.0/TheAltening.zip"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/TheAltening/Authenticator/releases/download/2.0.0/TheAltening.zip2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2956.0.1272785885\1935897486" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1856 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {adad4855-2a99-42f6-9747-86a910f20f38} 2956 "\\.\pipe\gecko-crash-server-pipe.2956" 1984 28724603858 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2956.1.9323290\1483904759" -parentBuildID 20221007134813 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e30da938-8f46-490c-8517-271873646147} 2956 "\\.\pipe\gecko-crash-server-pipe.2956" 2384 287232fa258 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2956.2.1960161644\2094255012" -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 3192 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37ace7b8-f37a-4b76-b988-7b7fa123ab73} 2956 "\\.\pipe\gecko-crash-server-pipe.2956" 3064 287275dc858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2956.3.647035090\683793871" -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e931a9cf-2e9a-44b3-a3dc-d407f0643497} 2956 "\\.\pipe\gecko-crash-server-pipe.2956" 3628 2870f868458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2956.6.230694646\2118036365" -childID 5 -isForBrowser -prefsHandle 5292 -prefMapHandle 5288 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1568af6b-a7f6-4f58-82e2-c210cf4d4c14} 2956 "\\.\pipe\gecko-crash-server-pipe.2956" 5204 287297ba758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2956.5.835424107\1844733060" -childID 4 -isForBrowser -prefsHandle 5004 -prefMapHandle 5008 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1ad32d2-e0d1-4825-a55c-ddcc3f7b24ca} 2956 "\\.\pipe\gecko-crash-server-pipe.2956" 5000 287297ba458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2956.4.370989888\699970907" -childID 3 -isForBrowser -prefsHandle 4848 -prefMapHandle 4552 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83849074-fb04-4584-975c-15142ab4ee4a} 2956 "\\.\pipe\gecko-crash-server-pipe.2956" 4860 28727bd6958 tab3⤵
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\TheAltening\TheAltening.exe"C:\Users\Admin\Downloads\TheAltening\TheAltening.exe"1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SYSTEM32\netstat.exe"netstat.exe" -a -n -o2⤵
- Gathers network information
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
832KB
MD58ac3efe7b341f871d9ce1b387d3876cf
SHA1fb5ef520bc9add6d10c4c159b967ab9257ca91a0
SHA256c8124f1da648034991667dfc7976e7b47465a888470d52051a7a6d380ef73d3d
SHA5126427bdb8651c0a404464cd3ec408ef350c028afb3d1a6bfa5cdc1cb8ef3a6ad083b435cd7e0d64bf2f790e4729e2920660426cd40536448813739d552dcba76c
-
Filesize
1.2MB
MD58e874bb782193fa45d027254e7d03244
SHA1024ccc78d1d23050164e8cfdf141c921f42e0c74
SHA256f75f98fbbb02dad69bcd8c69ec26eb3705dbd95dad996b58308b50e6c9904246
SHA5123f3b0f93e5600c0671688317ee00d7a88411b80b7c4aa383d274af318782a66665409a528d484409bfe598c309ed54480c86a4d4e109dee5265351d5902d0c56
-
Filesize
1.2MB
MD55905e0c07a93f86ddc463aafecdb01dc
SHA1082497061addc2856338886c284d14e6f6ea519b
SHA2569091134602c1f0f48c52d6b5ac01258550d20742fc18a8171385f28a9b764ac5
SHA51200706af7195257f57594369d0a33a7bdb548d1af74bf24f7e7e8deb33124b94d11bcd1c09f7076e5e484af1125a7b9f38944e85157369546d7c44cd564bd9e75
-
Filesize
1.9MB
MD59903f3dfcd005de56284f83c45bf349e
SHA1b84613e390a6d157e6af8f73d4851619b922de37
SHA256cb0b269423e59f4c17e7e3dca7385ea5d92cffcc460a76c13530bc5613bf7b3d
SHA5129aa187e9cc62d7904cf0892b5ecd9e79fbb41f8372ff1299c8487dbaeee8ac95a0eceaf22c78d451a8b3f313d9e70e8a5782010e8bae02e1cd232d1cc070dc06
-
Filesize
896KB
MD534c963788c3ba6509d29d902becbf119
SHA1f32de9d62b92c4e7a2a5f432e16184375aa24288
SHA2560368cbded58edc0fedef8e5ab541cf2b3d017923e38e2ae0a9f8b7df57704133
SHA512acd4dd4132d099b458dd520aec384a5eaa2087bceb879b8b389cccec00464dcf4bd2e76b3bea47f491ecbde3b7d8a9c367faf191ab638444a218fde813bf031f
-
Filesize
1KB
MD52f3de4f6d50debc5f7a35f6a0fb3ad88
SHA1d0f2dcc536294e9cf364f1a2c08c9ecb2bcae02e
SHA256cfc50ccc669a9ad9d4ec5980565235b71f8004c3659910ef1f82ae0119762882
SHA51291bc8a527f858f77e39fa6adc220d719a223f55687f3ccdda0ced5f2298774e70fcb3a49cad20f158886399d4cd8e4cf247ae79df79fbc83c7142fb843c2c88e
-
Filesize
1KB
MD5d40a41a8d204d9353d85d7e926f9d25d
SHA1698610c43c7e58218ac700d571a110ad152e5a6f
SHA256ec0f6b35bbdfff51c56d44cc2524ab9126387fdefd6727a8974f313b9a3c2b04
SHA512ce479718eb8fc93db3bca66e9d559b25d74dae9cfe26a8d106a891ee2a1b3c9f098ac7498713791dec4d62e955f3d7de291ef9d09fe3e50b1caf30bcd8a04f4f
-
Filesize
2KB
MD571e51e2741b55a5bd83cd61f3d6a1c20
SHA1ec7935a96ed3b26c29ac0a923ca2f5cd337c49ab
SHA256478ed1ede156cd8f8a6e627529d3bca7123811199c3671b2860686c1292a0e71
SHA512f13952c036b554e510a073b97900c8267209d340bb6c1752806ab142d1429ebcfb5da0ab8bc90d1f67582f3ed19b2e719552f9efd835f34713bf280aadf8873f
-
Filesize
11KB
MD50bbaaa7f7df49aef18848306b48c9f69
SHA1f18be0040d58e2933c5deae0ced4dec645e5b8cb
SHA256cbf25d57aa8ea794d1cf6cb2b4748e8a8766184b5779ec4174ec2868e0ee42f5
SHA5122140d2ba1dbbd3649d8d379121a256d217dc716900aba2ebdb7203e617335389f105b172817fe0d9272890466f0a9ad131c05b511e12bd37fcd88dd381f72acb
-
Filesize
746B
MD53cd391d5e7cff4eb7ebfae6b0c995fa6
SHA132926435ec67b9ffba2c6fcea22bbf010a4ef5a2
SHA25685f4476fa0541ab1a93a9e4606d6564e1da8513f4fc2a528a9635e4034d4de90
SHA5127c024b6bbaa57c4a1fe854a8261efd417e2fcb26c7037a1298eb7e7166fefe79e0d10d71a8bcae1fa6e0e2c6c36731c928ced6f234255e7c9e2b6ab6425a8b56
-
Filesize
6KB
MD5e439405ec433df7d0172a4d68b4c324e
SHA12fd6750f251c12147d658ad5261f99e7b5c36612
SHA256bd308364f4bfcde41ccd233a754fb7619e508b2e14290af6fe49ea84343025c3
SHA512712fba68b85d47227c309ea9e3ab34616e042e2d891bebb194acac6bc589451cc512b935e31fb3c010e68015cceed2236e5b1e06bdf4e9eebb58f945c43c43a1
-
Filesize
990B
MD58e12a4ae5447e9ff202a0c2c921b4789
SHA1ca295870ba1353a2622eef0438077a307b56783d
SHA2561de78f366cbd9f69e563114858c33b211a9518b188a4e3acf8d679ece0aa13fb
SHA5127d85cce996c1ef9398ca7645f1e307fb59877899fc44298ec53979ce837ac5f8fe3a9e2785de3f7e15b3fb6be90647ac4800d3020f804dcc7fa7ef92889fd64d
-
Filesize
1016B
MD55ea39b220ac6cfcc4b5b45998906f93b
SHA151d57687b7fc157c21c4b4ee9b5cda086b4a0a47
SHA256e597429133a5dd8ccc20f6db2f2035cecd9f494298884cc61a5b5d89bfff9f40
SHA5122723ffe888a9cae15eda1e1d71ded47c069d1a02f453e52db0b3f4b17f4f04922d0136260616f534218f12c6f8997dc6ea36eaffb16e595f45f5fcf2fac4f4df
-
Filesize
1.5MB
MD52f7d7741a4cef3459bd5fe1384ee034c
SHA17ae589b4803e541284f82ff380264ad185cb40a6
SHA256ab0ed35abc5c9e5e63d6ce095d5c5bf9f646813a0d5232373c71ed3b9b396ad8
SHA5123ec0dbd59f771aef5ffdca61dfa74c82a971d5e52bcc523420b9ca4ef7fae423ecbc9068512f482bbbef208dec0b2f1bbd0619afd6b1ea7b4a0ca100bc93bd74
-
Filesize
15.3MB
-
Filesize
452KB
-
Filesize
8.3MB
-
Filesize
488KB
-
Filesize
16KB
-
Filesize
16KB
-
Filesize
1.4MB
-
Filesize
948KB
-
Filesize
72KB
-
Filesize
272KB
-
Filesize
116KB
-
Filesize
1.4MB
-
Filesize
200KB
-
Filesize
40KB
-
Filesize
2.1MB
-
Filesize
276KB
-
Filesize
52KB
-
Filesize
64KB
-
Filesize
5.1MB
-
Filesize
9.0MB
-
Filesize
64KB
-
Filesize
5.1MB
-
Filesize
12.4MB
-
Filesize
80KB
-
Filesize
20KB
-
Filesize
988KB
-
Filesize
712KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB