Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
48s -
max time network
38s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
-
submitted
19/03/2024, 00:58
General
-
Target
Supermarket Simulator.exe
-
Size
638KB
-
MD5
9d3ab312a46d6791d21eec62a3db7685
-
SHA1
165950096d29f38b5f7db6b4652107dcf4bdc995
-
SHA256
ea407cfe38627c7f7800d6f61fa5a59f7e53c5ab5bd6b210c1b3bd4646421993
-
SHA512
f9a7d4add7cfd48c4b121e9b8ad8c96075374023b9d0bc28abdbf4a291a5a84fb8e7dfd394cf14bfd7872bd0a3044a09f862c10418cb889848146f273fc432ad
-
SSDEEP
6144:sEbaWnBUCGgpU9cYa4lTIkWHGBBQucpYRR2pMwLSMR:soCCNHGmVFR
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Supermarket Simulator.exe"C:\Users\Admin\AppData\Local\Temp\Supermarket Simulator.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.0.822967701\70227503" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1696 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe15de1a-a318-4682-8316-3ab2a22deb19} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 1796 1b4910cc458 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.1.463354651\862773211" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c17f6c66-7c9b-4d65-bb75-1750f76378b5} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 2152 1b490ff9258 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.2.1000075968\649425085" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2848 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7e9fb16-5b13-40f9-9597-62f5a30c0129} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 2864 1b495398a58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.3.1567364770\1763078980" -childID 2 -isForBrowser -prefsHandle 3448 -prefMapHandle 3440 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44f14322-533c-4e76-a53f-ad04c8b1f574} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 3464 1b493778558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.4.654994859\1036101814" -childID 3 -isForBrowser -prefsHandle 4296 -prefMapHandle 4292 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3584dab-d663-4ee2-9938-d2fb45f81e86} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 4304 1b497318d58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.5.1916859058\1697604685" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 4904 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {977cb88e-1c8d-4512-8737-4831783c7b12} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 4924 1b49787c858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.6.1076949501\1152283823" -childID 5 -isForBrowser -prefsHandle 4920 -prefMapHandle 4916 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {435ed492-df02-43b5-a59f-f31c63cef7d6} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 4944 1b49787cb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1316.7.1352715605\665092646" -childID 6 -isForBrowser -prefsHandle 5056 -prefMapHandle 4944 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98aa5659-5f05-4b17-bea2-c130d15270f2} 1316 "\\.\pipe\gecko-crash-server-pipe.1316" 5164 1b49787dd58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD58a3e7f9029da1fca7ee019f5438ca58c
SHA1d9a6cfa0c1a4a4e3bc6862584aa9794d91788142
SHA256ad6d9038e03ad9e564044ed5a3591becb77ce5c1274aa7078be174b3ab6174f2
SHA5128d6c872972a5823b1375c14dc753d02a4e898af98924dc8ef30c9cce54e5dd5f5c1dd25c87942ff3ff7098cfaf3a77ffb70b3ea7b1b42ba64059a71193190c03
-
Filesize
734B
MD55c7c0554398935ab946872c686e4917a
SHA16caf38ec5a747dbfcbfcd5afe343e8171b95d41c
SHA25617211a3cdb738141e03fc52d7760dbeba880fd055f37fd60c8546c3f3fec11a2
SHA5124099c1a80ab94b09e1625bcded2a6d83355665a874c6b9f28ac02f93d087a82a4bc29cc800811910b8bd743edc50f5db319de1dd25ce4fba00df2bb98a2568c6
-
Filesize
6KB
MD5646f7d7a5198af56cb61f8fcddba02f7
SHA1fd2e754c01e9189508aa30bc12b37221fc0d4586
SHA25629e62e94f866e1efd22fbfa110ae74f4c29666180655274431cc320066ed4fd5
SHA512899e9df3f9722ad3fd5ef5f5a9fe1cc4f056cb71999022162926f9a08fb85b02f5ff10648082b31cc6f7517508e5db306908e5a68a5d908fa98d99d0f4ff4bbb
-
Filesize
6KB
MD504325e46dec7490582cb79e7a5c3dc65
SHA1179903c1f863a5c098e263f61e1f7d0455547d0a
SHA256180d46b8acd4c9c83bf4500d8415e68a59343812c80dc8f73d30dd7b6379a069
SHA512d6afcca1ef8b4585aac6f8c57ade4148d4fda4de10f32f920ffceaff2ab9742fe6186d1c7c7be5ac8cbbcb5109ef96b9c510fdfc13e1c482b48dba224b7ba265
-
Filesize
1KB
MD5d0dcbb8377d68efcdb21c07d3cfef99d
SHA13f0449fdb7c778daebc9cd0f23756eed02e4c52e
SHA25687283273892b55521b5252b43fb80e9ff4e7d3984e1037a2e552a4d7045998fa
SHA512e441dde352532ee627173e568df46b7403318e4ba4b31b4c93de7d3bd6bbac3bcda107e122c08e4234534c1ac71a424fbdf5efbdea61afab5464f1d976344def