Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

WIN_202311...ro.jpg

windows7-x64

3

WIN_202311...ro.jpg

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 22:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WIN_20231129_12_24_19_Pro.jpg

  • Size

    192KB

  • MD5

    074e53e314f79fc60e84c044072991f6

  • SHA1

    e36f0633c6704491df28003ec52b6482e5ea71f6

  • SHA256

    30e0a8e552612013ee1826462fae559d47c8e34be2f90bf827f1aa3cde0e1ccb

  • SHA512

    4314453ecf7b1f5ac9320adec988f26637d8d03b9ff31ec4f65e89c129c9be195e76332854b440e444607b8329b4a10fc3786908d535063981f3d314eb2a7926

  • SSDEEP

    3072:m8FSXZzPV7ULP7wWAn3cMvBiDmx0Q3aY/YyB8/7RPOLfvivQevEhSGhrAh2c/HLE:9Fyb/TvUDjyC92LfRevEgGNAD/HLE

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\WIN_20231129_12_24_19_Pro.jpg
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1200
  • C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2816 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1360
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2432
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2432.0.448009509\635258726" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1228 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ea5f274-3922-4290-b47c-f1a14aae8976} 2432 "\\.\pipe\gecko-crash-server-pipe.2432" 1312 11dd4558 gpu
        3⤵
          PID:1636
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2432.1.1961897544\2140166827" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96dd7162-9803-4c75-a062-bdff864b4fb9} 2432 "\\.\pipe\gecko-crash-server-pipe.2432" 1504 f6f558 socket
          3⤵
            PID:1924
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2432.2.472187703\1665412692" -childID 1 -isForBrowser -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20933 -prefMapSize 233444 -jsInitHandle 836 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0857f54a-bf41-4d5f-bca2-dd7553b9dc5c} 2432 "\\.\pipe\gecko-crash-server-pipe.2432" 2104 19f88f58 tab
            3⤵
              PID:2388
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2432.3.1422446738\1700012789" -childID 2 -isForBrowser -prefsHandle 1648 -prefMapHandle 1644 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 836 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {242a69e0-4740-43b9-86cf-a75f0b11810b} 2432 "\\.\pipe\gecko-crash-server-pipe.2432" 588 1acfe558 tab
              3⤵
                PID:968
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2432.4.1982412894\1031333211" -childID 3 -isForBrowser -prefsHandle 2928 -prefMapHandle 2924 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 836 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5164c2e-65ee-4a7f-9ed6-b5c97c5ef4c2} 2432 "\\.\pipe\gecko-crash-server-pipe.2432" 2940 f69f58 tab
                3⤵
                  PID:1972
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2432.5.308499185\1588508055" -childID 4 -isForBrowser -prefsHandle 3708 -prefMapHandle 3696 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 836 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e43bfc43-1f35-4393-a93c-e82c2b7299f0} 2432 "\\.\pipe\gecko-crash-server-pipe.2432" 3724 1e1ecd58 tab
                  3⤵
                    PID:2288
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2432.6.916068354\1785795223" -childID 5 -isForBrowser -prefsHandle 3832 -prefMapHandle 3836 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 836 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a1c38cd-367d-44cc-bbd3-39c9665c88de} 2432 "\\.\pipe\gecko-crash-server-pipe.2432" 3820 1e1edc58 tab
                    3⤵
                      PID:2988
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2432.7.1310046660\558116171" -childID 6 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 836 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6e99f8c-9114-4592-ad3a-70e6b55a2694} 2432 "\\.\pipe\gecko-crash-server-pipe.2432" 3996 1e584558 tab
                      3⤵
                        PID:2760

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Temp\~DF9CD6AE56DB21C5F2.TMP
                    Filesize

                    16KB

                    MD5

                    a85636f2371355a47352b74edf4a2bd8

                    SHA1

                    82ed0607160515c1690b364a93610e40e31e9503

                    SHA256

                    d55db5d2d01e017b5ce58a8dac5d88f7dc90990d472c96a55969b9e33c7ab423

                    SHA512

                    2e45887170168afa36ac3b9871053dc83aa1ed5f5344d721cf68f9839d39cf7087b431d58ef29df44fb8283620f6ea980c52f59dcd9642795b3940cc7c408e06

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    c6f802b48e7d14e1ba227de3832440f8

                    SHA1

                    1c9fc3ae6c258ca812542619088d13bc8ef6fa76

                    SHA256

                    e205f90f9088f9293175821451329569f99654a434be4279adfd5db7da1cbbc0

                    SHA512

                    01f74f4f656af0d7a6e235ceafa35a88cd4ddd997a081bb86126e560f226f047a65198155452c520f74433537a56bb45fd7cef757b7e7946f432dc17802339e2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\a675b8f4-f345-426a-ac6c-8d701e5b416e
                    Filesize

                    3KB

                    MD5

                    06e7a31a0e8f079853947ce2c48c8f54

                    SHA1

                    0478bd3406e07897e2bee74b846f4159f4decdc3

                    SHA256

                    8213b3f7cc417a8c1cb7d5cb9a4da12c16e4410f405076c9964c102434350198

                    SHA512

                    787074d1b39660b8376e0ccd3d9d24289afb04e45c43badce5121af71be4d65be5ec263d6fca5481a4c08b275541f0de325f5c7084938f4c9aa389138f08864e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\ac5b4f1b-46f3-4b64-b96d-125e323a5159
                    Filesize

                    745B

                    MD5

                    03feb77f651957d9cd2f7c4d6b15b404

                    SHA1

                    4dbede0496620de1e30a8d99ae588206cef069e9

                    SHA256

                    f13a6bafced4d9ebfe24d8d8ad9bffb92b2c1da7f87d05c7f8a6e76b28198a63

                    SHA512

                    8bf93f4fea9ce56c9426d8b1baa56161ddb246fb4493b571460f5bfda4749ec007f31235793db359fda60c471405b8a4dc742e50f14bf8c4177200d6cae935dd

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    4eb0859810d776fa4ea323b0c1dc4299

                    SHA1

                    df7168eefa39f8864d90c2cb0792d9362f77002c

                    SHA256

                    b7b9ce45d049ce8fe3cf500e6ae8a9f378bfa0b329f94f290ddf92efb274b8f4

                    SHA512

                    bf7756908c9c178641923e55e2ea8935a2a01709af49afaeba6956b5b49f67c7f218a57e457d133be2d4ba34d2286db329a17799983abbf93a52aaed0752595d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    993B

                    MD5

                    3ea1676cad50fc4c31760de3b4d0926b

                    SHA1

                    99c87e52d9d875a9d1d19cc451768116111a4dff

                    SHA256

                    abe9458baa116e31d46c78984afb39b62493c851ca2132f821f743af20fcdd6b

                    SHA512

                    ed5aed169f2694e3e17bcb0cdad9d8acc8ab5e1095a447d5ccfbf068277b2273846ad33279679ab881b7a1588a1c31732706673ec3a7a61ccc64c1e0abe2424a

                    Download Submit

                  • memory/1200-0-0x0000000000200000-0x0000000000201000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/1200-1-0x0000000000200000-0x0000000000201000-memory.dmp

                    Filesize

                    4KB

                    Download