Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1560s -
max time network
1562s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
07/03/2024, 16:17
General
-
Target
sample.html
-
Size
727KB
-
MD5
71ffbd6b27f7251295f72f451e0e45e8
-
SHA1
6d10452e8bdd6ac9eef38c002b2e7fe825463e85
-
SHA256
07e4162ceaee1b06ccb5d4c6c3202c6b018c837284237f538a41892075935d3a
-
SHA512
1b2ba768b3d52fc76e03f75901cd34e18c88da7e1c2b99e2bc055678533b61495809f5710f1b5da2c4ebd10c985f456b188c2a247751b85849cd35035ba7ba7d
-
SSDEEP
12288:nXfyDr6CBnfkA142O7RwnvLII4vDuaHbRM4Uv:bC142AwvoHVM4Uv
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 9 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 32 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 6 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\sample.html"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\sample.html2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.0.696740726\377764588" -parentBuildID 20221007134813 -prefsHandle 1248 -prefMapHandle 1240 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6806874a-e076-4ff2-ac0f-77804a80170d} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 1312 fbf4e58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.1.842086603\88721669" -parentBuildID 20221007134813 -prefsHandle 1516 -prefMapHandle 1512 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fdca64e-13ff-42d8-afcd-d60ac1b939b9} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 1528 e73858 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.2.896019514\207008013" -childID 1 -isForBrowser -prefsHandle 2040 -prefMapHandle 2036 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b2eca9e-610c-45d5-a6d4-98693aed1df5} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 2080 19cbc058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.3.1118331873\1110579125" -childID 2 -isForBrowser -prefsHandle 2652 -prefMapHandle 2648 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b516c81-8200-43a6-8b1f-a92eb9f1e544} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 2664 1bfb4f58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.4.2135986746\1284167351" -childID 3 -isForBrowser -prefsHandle 3756 -prefMapHandle 3752 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba1804e1-5e25-4c6f-bb99-a577d548cb1f} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 3764 1cece658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.5.398645900\418390704" -childID 4 -isForBrowser -prefsHandle 3876 -prefMapHandle 3880 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcd48011-64e4-42cc-bc29-ec848b5bb916} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 3868 1eb48858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.6.616994547\1301096357" -childID 5 -isForBrowser -prefsHandle 4040 -prefMapHandle 4044 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e31397e-3878-4623-afab-0b36a6745ef9} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 4032 1ebeb058 tab3⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
Filesize
344B
MD5862a832234e74b76158bb02eb91a43de
SHA1f92df4b4af6684211513a524976457c00e265716
SHA256aa5c0b78ec88cdf25a4bd7a708fbb77c66a317c4697e4ae67464b81ebcea9bb8
SHA51283791164475036eab580e1299e7d8e83b50746a03fdc165085eca19cdd0333aca2dd224eb543ed42bde7a8474b50b364a4061cb93d5e1984227ad35c72edc349
-
Filesize
344B
MD5a5ffc224a14e5360e536cb0bb828b097
SHA16684b4460cd899c6201e8f1db5b00a5a5bc0b35d
SHA256fe5f689f768b570a38d248eb0292b9f057518ba0208fdad1ced6e0073f7d475b
SHA5121d1cd7c714affab34d97f6a5f4a480804bb984a1e5d11f5e22ce6176b849d7845f1c74e8f6234401ab87fe985fe298ea7f49ab8a0778dc020abd6e6e3d65e9d6
-
Filesize
344B
MD50ae5afd8cdb0ab481396140170b24a90
SHA1a1a78c1dcba3d1035f0a076b1863dc67735c1c42
SHA256300c0525624f845be61dd6af595058fcc86a5feeb4c9f9bca59ebff3ae6c84d0
SHA512be164bcf7b50d0384c03a8af006481e6b9dcf0ee41d64c44b00a050437621590164daf2fb761045715b6b1fc9afe0f7fd57af73f32c8b98fc60ed1287a1836c2
-
Filesize
344B
MD5bea9bc35a43bcdd88080edee4d2634d1
SHA1c8c7276e62b0db68ec134b15d0502b227a78b4bf
SHA2567e7a1a4d479fc595d890183570ea91c7fe6ac19eed8ed72b188b693f1e45846e
SHA512cbbfa739cb894d6498503370e1a6d9f02daed818ee4c777dbe65598e6a3ad1299b3759a3ac80f96b195b69cbccd6f60271abf68fb5c697592df203434883b32b
-
Filesize
344B
MD5fba6c6bd40546018917f0233efd98407
SHA1d3007f21d1ee5a3e26d02cbe8d161f447ccfc743
SHA2565fdb68d1197142458ff1f319006327afba26ddd692a1f5feb967d8806c3d204f
SHA512d69b53bfc7e6e7a66a55a8d7db40db0b02b37a2e4b85caf47967b593b976044d1f31489b02af615ac93ef9515183351381fb24edae0536db03cd3a6ce94532f3
-
Filesize
344B
MD551658297a152885032e5c54454d9b208
SHA1fe6104fbf29dc3853f5b3b64dcb13d8bc32d4b8f
SHA256b7c8809fcd218e0ff48eb97530b6ad7098a0b6107322fc5dc12681ae0bbb52b9
SHA512049fe181513f547cdbde89fa8b6d40cae4eaa27a0c7af3ea83a1c0172f55f5e3ec82416dbd9528e18d8158b7e6f5a86db938ad56d006b888c8499851d236023d
-
Filesize
344B
MD5f05246f20a5736e8bf3af258451ab32d
SHA1e0e0fb15ae9839ac1e84c1bdaab54cc104e5ab72
SHA256113496d1ef0beb48ea1dd8bb7563875262bfe6a88ab384939412b35cc46cb5fb
SHA5128d3cc3a289de5fa720ec26de9b9066f1c4e420456e1765cf09bbd0c24697ac324276d97bec73d1270826884f68244e0c8a49bef126568202c226918dd6abca52
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
175KB
MD5dd73cead4b93366cf3465c8cd32e2796
SHA174546226dfe9ceb8184651e920d1dbfb432b314e
SHA256a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63
-
Filesize
2KB
MD5c473abf032760d854996c14a780b1d2b
SHA1b1298b0b5bcd1e516ceaa4202feb86d219deef3e
SHA256e153e5aa3f2d84d72ca2a2afe760d94dad39bc95d3318133a9d3c7c82b49799d
SHA512dc8bb99001dfbf4a549b4ca7074877a97d5305573ee59964440834126cbfe01f76d7a0355dc62945573ebbc7c74fce5c01596a0458d155d9e4853f1c06c467e6
-
Filesize
11KB
MD5b1ff57c683ba4b8d29b377584a48ee6f
SHA1f92fc3f84010c5649bf970e4f8627b09db256cb5
SHA256444e98bd6dbb73ed9cfeb4633db3dcf778226f9eda7c386418ef945d2455423f
SHA5127032b61deac42a477d4ffa0b5f1bdae4bbd2595c84d096a0b04333bead983ddff6df52ab5a82e4acec3b9d411ea437ac20057bf859ce0ab45e3fc5da081f9aa0
-
Filesize
745B
MD5693b5388549b56ab41e1d03dc1a32c47
SHA16ecd8774aa8260a8213431829b82e41c98d71028
SHA25650a5860bc66a8dac3586d39c925eeb26c787c864f094b6b04d05391f620e805c
SHA512f6cb29cd72961f48e036ca29fad5772a94f69d997744a1cb398e6473ca9ca0513aea2db2df727cec54ce2c4f172b7980f1159bb252e47d3d89bec5c49b8a1435
-
Filesize
6KB
MD5eebe7d7d950d7de5e9e7a7248c85c52c
SHA11e74420186996c17a33c6e4b08613b68996fcd0d
SHA25683a5cb17f854d2ce6cf799187e851b151650d71f0fbdfc51b96874cbd3b249af
SHA5125b1c771001fd4ab940f4da77db1544ab66b1caf831a14595a7ef7faa513a8a103a403c5c1d3b4105756f1e7abb91a3e4fa0b148411717c66de4c812a4b07a872
-
Filesize
6KB
MD5b39298d1ba253bca826f512af6ea2a96
SHA1ca324cb7301899a2a0dedd1a218bf03bf52b9051
SHA256da721cb7d58d148a5f79f2dd10fd17e68a1a8c7bb9ae5eddcf2b56c5e2599591
SHA5122ea4b78423d9d2ed93c2ae7d5079a1493ff96fe5a99fb0a21174b89e0010cfe94863f96406c2226ca76617e756c65e08de809e831ff1498745319137a7a219d0
-
Filesize
872B
MD50f1f3eae0a36940e075735586bdaccf4
SHA1787755671e89582e831c1be7c437207387650b1a
SHA256d0c9b33f5177fa92045aa0ef1554b8bceeabed8da766d4bad5343d4c842a4026
SHA5124dbb9d3e2275972ea9be1b43ba4cad6d3552ce7e71a0f4473fbf1a92f26d64b6e07c420a52928abc1a15965a64853b7b6e2ed761c4a2a117b4c4b991b06f05a0