Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

BONELAB_Oc...64.exe

windows7-x64

1

BONELAB_Oc...64.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    153s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BONELAB_Oculus_Windows64.exe

  • Size

    638KB

  • MD5

    71fe36e8c22d844b7cfaf31b7e1c89e7

  • SHA1

    9eb8131549a5ced7ed98a424a0b2c1a735a2293d

  • SHA256

    bb05befc1472d6f3706414e21fba67d661912c3a7ea748a461c4621a41451362

  • SHA512

    38087b8fb507cffb47e8c965aff473f23d1d8e54856bed14af34f4d88893dca81957784a0c0c166902aab0dfceb56c7f31d5453b05aa881254b8a62ab956c961

  • SSDEEP

    3072:xQ/EJhz2WnBUCsyfYDbMLrJFr0O0CIY9M:8EbaWnBUCGgt0CNM

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\BONELAB_Oculus_Windows64.exe
    "C:\Users\Admin\AppData\Local\Temp\BONELAB_Oculus_Windows64.exe"
    1⤵
      PID:2260
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3744 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:2364
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1076
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2168
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.0.2043576064\601984409" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2305d87e-7124-46d4-b5a4-a8a5e53ac603} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 1996 1797bcf5b58 gpu
            3⤵
              PID:3932
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.1.1313841862\839390626" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2360 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c6d45cf-741d-4c07-8a1d-da41806b5703} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 2380 1797b63a158 socket
              3⤵
                PID:648
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.2.321403999\2123615183" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 3228 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77199a0d-8727-490f-9976-cf3b786e5170} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 3064 1797fd06258 tab
                3⤵
                  PID:3476
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.3.369476193\2144518147" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 3148 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bec8d6e0-25f6-4965-9d52-27dbb23dcbbb} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 3464 1797e4e5058 tab
                  3⤵
                    PID:3076
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.4.1154786569\313346210" -childID 3 -isForBrowser -prefsHandle 3760 -prefMapHandle 3756 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b7017d6-6e5a-4a07-9e6e-2a95d5016056} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 3772 1797e7ee758 tab
                    3⤵
                      PID:4036
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.5.1653118282\2096070496" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5028 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0aa5787-791a-45a7-a460-04bc7c326477} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 5108 17967f5f858 tab
                      3⤵
                        PID:5584
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.6.711763736\1847075877" -childID 5 -isForBrowser -prefsHandle 5144 -prefMapHandle 5148 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7c932ed-4068-4cbc-92f9-40cc23f048f8} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 5136 1798219bb58 tab
                        3⤵
                          PID:5608
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.7.1940095355\1917691170" -childID 6 -isForBrowser -prefsHandle 5336 -prefMapHandle 5340 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71545f6e-e3c5-4115-a4aa-02f18545af26} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 5328 179821b4958 tab
                          3⤵
                            PID:5616
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.8.860153906\1320696903" -childID 7 -isForBrowser -prefsHandle 5788 -prefMapHandle 5796 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fa56962-1c80-492e-a416-b4fa246e560f} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 5800 17983c69758 tab
                            3⤵
                              PID:6048
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2168.9.348350723\2132889788" -parentBuildID 20221007134813 -prefsHandle 3020 -prefMapHandle 4808 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6859d2c6-8ca9-4033-941b-f67ceae96b78} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" 4140 17983936a58 rdd
                              3⤵
                                PID:5300

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                            Filesize

                            442KB

                            MD5

                            85430baed3398695717b0263807cf97c

                            SHA1

                            fffbee923cea216f50fce5d54219a188a5100f41

                            SHA256

                            a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                            SHA512

                            06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                            Filesize

                            1.3MB

                            MD5

                            88b0a096c994237d68843b96fe9aa30a

                            SHA1

                            6c2994e7e5332f688bd4d005d10513b3f3ab3758

                            SHA256

                            bfb07cdd92f0980c93689c4c2cec053f03114dce8175702a1c726e74c0141dbd

                            SHA512

                            54fe10592d2e6c7879379bc60a52168130920b1877335f8320f9c1fd7350564abca2cecf0c7e7c2058967af5da4476815a68ed742a35240f2e4a8d2af790cc18

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
                            Filesize

                            2KB

                            MD5

                            d3bf365cc7195af1905d4b76108b29d2

                            SHA1

                            a3517c2b23a79c3a9e6e02b47feb2cccfdb54f40

                            SHA256

                            754f97d6dfb86cee499e91b12fca26fe38bfb0f8192efe683c7938e25329ecc5

                            SHA512

                            b080c1b3f2693371bfc7a207fdee13da2ca671d62cc6f290126f919ad61b0865e6321b5d56700cba8fce16042b05901c9d550e50bc962bfedda3978cf1796fb6

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\39da6158-edaf-47ee-8add-b56ab24db1f8
                            Filesize

                            10KB

                            MD5

                            de68c91b242d3bfbc4ca8e23ac49750b

                            SHA1

                            7dcbd1eb8d272e3ce2d5b56a8aaa3874145c240b

                            SHA256

                            a1210662e8474a8dcb93f8f5ca3f5bf8646443b1e64efc19865c72a83b0ae231

                            SHA512

                            755e6a508eaf0673ec0a5cde081e8e24a8892de2819259875b634047b31ec82dbae294b6d38ccbb00b73432ae7322891f5e7546dda1415dc7bc91a72172ac5b4

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\a3e07761-2950-4974-9ac0-cf376eda35cb
                            Filesize

                            746B

                            MD5

                            59b12a17acf5593bae3e393e588bdadf

                            SHA1

                            0a76c689f0e562aa1ad61490723daf70e467ab2b

                            SHA256

                            ff12de8ffa4489e38d644aa8436102ddbb0855f379ba453b84c91047b83ddca8

                            SHA512

                            2f04f42ab64c7cc1ae7f5c37d1bd54fbda74e47201bb63896f25bcab2335672ee1593a3bc03dcad2709bf94c31655bba0bd03d9d9cae94578c799db5fcac66fa

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                            Filesize

                            997KB

                            MD5

                            fe3355639648c417e8307c6d051e3e37

                            SHA1

                            f54602d4b4778da21bc97c7238fc66aa68c8ee34

                            SHA256

                            1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                            SHA512

                            8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                            Filesize

                            116B

                            MD5

                            3d33cdc0b3d281e67dd52e14435dd04f

                            SHA1

                            4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                            SHA256

                            f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                            SHA512

                            a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                            Filesize

                            479B

                            MD5

                            49ddb419d96dceb9069018535fb2e2fc

                            SHA1

                            62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                            SHA256

                            2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                            SHA512

                            48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                            Filesize

                            372B

                            MD5

                            8be33af717bb1b67fbd61c3f4b807e9e

                            SHA1

                            7cf17656d174d951957ff36810e874a134dd49e0

                            SHA256

                            e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                            SHA512

                            6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                            Filesize

                            753KB

                            MD5

                            cb076ece026c1b4849be14c7aac51e40

                            SHA1

                            17d697c11f4f3d64b53d630dc5bdb18efb0d7fa3

                            SHA256

                            71c50e79b9bfabf0c1e6b4598ea4723136ef0a12ca176af2185a2ef2bb10f27b

                            SHA512

                            8fa7cd7bdd6af3db879cfe7957a48e6114c91d8332a23e32cafec82325cfd44664259254e316e94f8739a3e0616401ffe4d41c5b60b1454f5a764cb20b198593

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                            Filesize

                            1KB

                            MD5

                            688bed3676d2104e7f17ae1cd2c59404

                            SHA1

                            952b2cdf783ac72fcb98338723e9afd38d47ad8e

                            SHA256

                            33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                            SHA512

                            7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                            Filesize

                            1KB

                            MD5

                            937326fead5fd401f6cca9118bd9ade9

                            SHA1

                            4526a57d4ae14ed29b37632c72aef3c408189d91

                            SHA256

                            68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                            SHA512

                            b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            38e09ee99d8ee4ece98a110c6ebebcd2

                            SHA1

                            bc269141369e22255127995bd92f81189d21ebf9

                            SHA256

                            c13062b879d23479569671a00883146383b834169c8ea29f50b46e49b506abbe

                            SHA512

                            c6cc780aa687cdac084ed6fe5d16f12b4c2bb4a86a1a8c3e3144bc2e94d2ed5b20102ed3f0bf6fda54e091f0a647a64defde5ab9cbc3f55423e839bcad6dcc1e

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            9629b0484a7f33e4b54992c8610bbbcb

                            SHA1

                            80a4d8698a3d1d8138b645ce4b0d928dc8667994

                            SHA256

                            ca5e992cc83665fb90f60f78460b05e4ad6fc78f8dcb16d14335b186bc578350

                            SHA512

                            c233819c85fa7e6ff2276d16f9b61defefb905b32c965a67c05b6cba79875bbfd25cb1e377d78a746e777f58fb3fea94d132e2fc6515ad33d301e6cb8cbd9336

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            23KB

                            MD5

                            48798261333d9f74ca915a114749e192

                            SHA1

                            85b54d0df6191c87439c07a68c96a7e7669bb387

                            SHA256

                            ec2b0a2805e175e9542b0da57da1b4986aa081f8efaf5d0d5e5f9f3e48889f2b

                            SHA512

                            0cdade9ecb65312ea6c5503f085e2e7b88f8868897e40c1cfdc1741d581ca07b9868703bb06c62ef3b3ba755fee555be1d2e33e87fcffba07d670643187113ca

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            1KB

                            MD5

                            53e401e4f7df40f547b8984647b2dbd2

                            SHA1

                            c76c125654e107726a3b7c501e6559c82e7ff3eb

                            SHA256

                            e45ee9c911cbbf278cc3a10c782f9a14ddd7d6a61ce802a1fd1941c6ee5ff62a

                            SHA512

                            a88462b3cee5a2ee17559bea277d6b995fa1db5d21f3e5275e135ffbd190ebb77cd31a302f123a83ef3e3979a3acaee7674aae391151b7b746c5b32d1fa8c38d

                            Download Submit