Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
210s -
max time network
216s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05/03/2024, 12:18
General
-
Target
http://mmm3mm38ict8xem.karyabisabz.ir/Ym9nZGFuLmhvZG9yb2dlbEBtYWUucm8=
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://mmm3mm38ict8xem.karyabisabz.ir/Ym9nZGFuLmhvZG9yb2dlbEBtYWUucm8="1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://mmm3mm38ict8xem.karyabisabz.ir/Ym9nZGFuLmhvZG9yb2dlbEBtYWUucm8=2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.0.1532781072\1494445260" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1bff7bb-8912-4051-8156-a2949e138c6c} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 1948 2b027208758 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.1.1104633763\1541449572" -parentBuildID 20221007134813 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a553285-e65e-4bda-818b-a61aac6b63d9} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 2416 2b025de9358 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.2.1570238887\40033401" -childID 1 -isForBrowser -prefsHandle 3256 -prefMapHandle 3252 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7edd29bd-d1f8-407c-bac7-1a5ae790080a} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 3268 2b029cee258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.3.873156519\694420329" -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6545c358-719a-405b-bd0d-27ea60ecfb8e} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 3624 2b012264858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.4.2010106940\1536393962" -childID 3 -isForBrowser -prefsHandle 4556 -prefMapHandle 4880 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f89de180-4f0f-444c-82fc-5a90193d8d75} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 4832 2b02bd48858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.5.1106281115\1241667987" -childID 4 -isForBrowser -prefsHandle 5108 -prefMapHandle 5104 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ed7ea08-e601-4803-a80a-c26bff5698c8} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 5116 2b02c19a158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.6.850120489\980138012" -childID 5 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {994dd8be-a7d1-4a9f-8da0-a07f1b98a427} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 5232 2b02c19b358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.7.1920650486\519990414" -childID 6 -isForBrowser -prefsHandle 3476 -prefMapHandle 3392 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a89f8ebb-bad9-4966-8e35-d1f2c919e2ab} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 3348 2b02cc7d758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4624.8.1978577724\1492512976" -childID 7 -isForBrowser -prefsHandle 5848 -prefMapHandle 5844 -prefsLen 26734 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65777d9c-7212-469c-9bed-abe03f5090de} 4624 "\\.\pipe\gecko-crash-server-pipe.4624" 5860 2b02da54b58 tab3⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4444 --field-trial-handle=2972,i,4036376905309803364,5412922217215781933,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
639KB
MD55d8bf70ae7eab35d159b1ca50c01bcad
SHA16a7a03c25b534e014ab93293e871e6e7e56c8b66
SHA2562d07c3a9c03ee60b6c1ce0d5e83e116744df455941d44697673df3c43f8c21b6
SHA512e0ad42eea93189d1ade834dbb924111ced219219ec3a654e269273d7aa267d71a4bcbeb51794cf2aefedd0aa260ffc983e3f8ebf644f5c8b15f396170132f8bf
-
Filesize
15KB
MD54cba36c20c7ced2c16ba832b3ea555e3
SHA102fbf5d932e7204d005b3895b64d03fc348d4e84
SHA256fd1be0fba0b0bef516999e028bd80cd54d18dcaebd4701c09ced0f66e1e50d20
SHA512efe5838765c216410bc6dbc94503cf950ffb1e83039e4bea232521cd929576d0cf3c39d16297d5e31315cc2c24845d98ec9e3bd4b7506a3cd19919bd8f01a808
-
Filesize
2KB
MD574fdc325b1de62943a86be92fc6ade91
SHA1c89a79bdbc9b237192dac98a2f2d182aa557b03d
SHA256ecda201ec663cdcfe5c6eda5bc0e1264d2fc6fdfc2c8f8cd06c68874dd600709
SHA512ce072758e1635c92dca1189a95e8c82aad0abde9ddf8f27b360d5ac6d8bda2ab666bf2162269a435d39a40d21be859176a44cdcff72706bcd71df38de3b7fde3
-
Filesize
12KB
MD50067da1d8e4715c5bf95fa6a3aba4c0d
SHA101e55924b02e96cdf63e42d09bc95ea757131196
SHA2569ff6d8f9d6e0ba60f448fd992ed6f459a21678c8d1e3287b5635e9e31bc11282
SHA5127e1de97aaa991353796a074f9bf6247c4d6dd7d19f9986ea425160fd66432545e0608093bbd0c460649e15ac13e287d66f0dc0677e8a3462da54bc6923d66b53
-
Filesize
746B
MD5c5dfc2b8900819004151f477e965fca7
SHA184be8e02a91738d64fbf8e689b49e0e320e0f909
SHA256833d69c4c84518e28bc10af76bc5a398334f331262a1970353bbbd2ac60ccf06
SHA51295da6b89e3e2fe280b1739580b644b073855bcf9848c387ff9ea641ff055c8bc441565f73137b4b02f34c21934cc9fdbb7bb08b5da64aa3f48bc92eb9704d2cd
-
Filesize
6KB
MD5cdb4d907cd1da7fe5df6df362d21e919
SHA1904949dbd6677922b966b1860ce58254e4c9b02a
SHA25657aad00da8735c17c9d76154faf6150181ae0b5750302ab77c165a9af5c718a4
SHA512cc83e5e6579bce46a3ea0cf49f27f1c18582d46fd8c2d947b811ff967d321e32d2f7bc5c6695abc1bf4dac7d24b79bfa70e70f66e60f45265c4e749b6b80f23e
-
Filesize
6KB
MD5c2345d457c8408c29a18caf624698f3e
SHA1c6c4e2f73958180e6624149ce4ac7f7e1e7f9b7f
SHA256cfcbcc624579f5b078f53adc89c233ae2fe5cd085190d3ec0ac4cf92fe62eb0f
SHA5126f98a75601a9f985968dc799e95ec7105907d7faa585927c64bd60fbe4c5d29ce56a2069a725375c359f694d16bc9ca5939496e5363bf593004e4061b79f066a
-
Filesize
1KB
MD5ede1bf463f5684d315e521f0fd1af96b
SHA19b6035fe4f324453d0e50c69131d585307e16bad
SHA256cf48ad23f709e49931a0d908560177abf5d9a0cc22d545b23ae49b2bbbe1e3d3
SHA51208a50caf7233eef04496f36527dfbfc21d3616c78d8cc15b7158683aabbc333fd17218735b7b28413c791118f384b391c5ac87a2899fb970768d4408b9ee709c
-
Filesize
4KB
MD59c51d8ed0203b84a3c90f8b99f05a66c
SHA1b6fc94632eb63c6e9694d2081f23bead004a1a3d
SHA2568737341ba532dc4dd13cebfe3755fc21fb473c318da57bf2e22f21c100592a00
SHA512616372a23984ca05c606448bfddb7c28fa17171f277bcdb36514e21e5873673739396420e2c69806ad90aef6a17b9dffe9a95a599946c73454b3b45ed0a73c2c
-
Filesize
5KB
MD594a884d010df26a4783868429ba1d857
SHA126b71b20a7a1378ff1a25578d8ed780b0ff1375c
SHA25671ddb4025eef5784c52e1710f2a969ec66ec3bba2377581abfbc81b6ddd3dad6
SHA512659d1c3716e775c1efcc13a0deb1e31827ce37dbf6a56520a9aaef9b6c7e051042c7271a8be46326fa56704047bf708c52f891546c947b40bed059db9eaec6db
-
Filesize
5KB
MD56f6c642b951e219b76c2ed2bb34656ba
SHA13eeda5023ca77a0b98922962b041cc1b103011ae
SHA2563f39b8c917cea70102be403ec7a0f6624fead580f95ef0e00fffa657a5023f7e
SHA5129816586417fae541200025dcb40d610ce0f7b5f39a69225800846cb4a811a456f36d8e7dce961abb614cacf1c3c241451b3256496a1115481d620e592a32d5d1
-
Filesize
6KB
MD5f350b9c67cdcbabc4cd156afc4d46bd3
SHA1a6af53f00b2426ef58c68fc9a99976237f9edc37
SHA2562750ccfd3bb682553c0649fc432fcd26656acfd3224707b2f64d0c90cfdd541c
SHA512f03fef4ae501d96891e8e339ac59ef75ec3e8f422b478d8eca80eacc524d094be81e3f850d2c28d90416a619af4f2e3aaec33dfd28bb7ad1fee9bf79670a1916
-
Filesize
6KB
MD5904b0a2151e46ba9cce1785495a1f3b4
SHA190b71bd39157648b46c1ec562ec28a9b83992686
SHA25630a8731733a29e6aa23146c5540d29c32e7631bf83222b0a6bb1a4e1cec9e737
SHA512f90e27a05434d08d4c4965d0fc2055741bdc6b5bf1c79ff59915298db0b88b5b09367c547a672ff246d57aa58253b6d82ebea6a5fb0b485b0d53294debd45f72
-
Filesize
5KB
MD5cf7f661d6923e0e662f67fe879c3df1e
SHA1dafe7742497d89a792fa73e7ad34bf8fd97d2817
SHA2569228ecd1eebfc5bfdced6ad145cc88d16a3e3000bff694cf0f3e7cd97abc3140
SHA512cf8c592f7dfefcb19eadb35824e0580cd030965e3c55937f180cb9d2260b212d2e50090de48eb32f95d6588e658bdce1572b2e3e1ebfef945a6bb0e1cbc42708
-
Filesize
5KB
MD56c83d3178d572a699f55297e226747cb
SHA1b820ff34b5eb7aecae4af47e991fa73d722d8422
SHA256b0b73a4d28a59de49e95f70fbe984d8c0de0860c8117d30f2760face09806e1b
SHA512a40c36e25279f377aec3f62a95b5af71db1a6085f2f5c03d6ea09e0a05e01b14019d08c68101e95de9884277b2212e6ab79e8ea4222685e3dda650d761397b38
-
Filesize
5KB
MD5f16a6802fac10f4849056edd9495caeb
SHA1140e29e685dbdbc124518b91095cf4c6a547e49a
SHA2566444baa7db721bf74389df4d438fb45d49d33d5d3923def63a2b4700b9c221e0
SHA51209ba21aa4b3f2b9d1f6d3a5b3d4754aa5b014bcbfe653e36d671ea2a7315866c35238a222fb8c639fc4ce80ecd5ac828d2388152d1bd00c98a9e4f05d59c4e8c
-
Filesize
6KB
MD580d8acd861a0e6bb72678254b11a3899
SHA122756a7d829e2f9dff805470fd1f746ed596e6ea
SHA256fe339d395f100026066d95944a9efb11d0449dde3e3a72288d65c0dec45223a7
SHA512d6be3b96a192cf1bf08660b84282b6ee93ee3436b44bfa3d14956e68d3544ba697bcd653979224c53f6d95037810c72d73795051b8e412a968dc9a214322e461
-
Filesize
10KB
MD56bd74b48b0b011f554c205fc5f3abfc6
SHA1e1ccf12decf24e9626020dcca8eb86edb8e90808
SHA256a6ce0ba50da8bac77f715e5e0df2c88fc5b85f4813ed5abb36c962d5b7ec46b4
SHA512cd8fc2ed9e3e25cba5583d9fcfa9830a32c028eb2f7fc380ecf8cdabf69634c9290cadc50fcd04a310f595c9f85a1a644bad7e305bba0519245e492b8742819e
-
Filesize
4KB
MD56937a20fc93cbfb72b7ad7489b752feb
SHA19a772e22c30213fac9a65a70d9ff3ac6634e62e0
SHA2560cf920646d5af82629006da91c21bd58ffd4226a6b1ba6e5538d5ef53b22f84d
SHA5128daa69ce05d568f1813974e6b84b41ff2410b183e65dca440e13d6331826a33eea22235a862cf07ae705088586716ff5b8b338dc707ebffcf7d488262e0e764a
