Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

Prefetch.zip

windows7-x64

1

Prefetch.zip

windows10-2004-x64

1

Prefetch/5...979.pf

windows7-x64

3

Prefetch/5...979.pf

windows10-2004-x64

3

Prefetch/7...8EF.pf

windows7-x64

3

Prefetch/7...8EF.pf

windows10-2004-x64

3

Prefetch/7...F9A.pf

windows7-x64

3

Prefetch/7...F9A.pf

windows10-2004-x64

3

Prefetch/7...D46.pf

windows7-x64

3

Prefetch/7...D46.pf

windows10-2004-x64

3

Prefetch/A...734.pf

windows7-x64

3

Prefetch/A...734.pf

windows10-2004-x64

3

Prefetch/A...A6E.pf

windows7-x64

3

Prefetch/A...A6E.pf

windows10-2004-x64

3

Prefetch/A...CD5.pf

windows7-x64

3

Prefetch/A...CD5.pf

windows10-2004-x64

3

Prefetch/A...4F0.pf

windows7-x64

3

Prefetch/A...4F0.pf

windows10-2004-x64

3

Prefetch/A...BB7.pf

windows7-x64

3

Prefetch/A...BB7.pf

windows10-2004-x64

3

Prefetch/A...3E8.pf

windows7-x64

3

Prefetch/A...3E8.pf

windows10-2004-x64

3

Prefetch/A...0CE.pf

windows7-x64

3

Prefetch/A...0CE.pf

windows10-2004-x64

3

Prefetch/A...7F4.pf

windows7-x64

3

Prefetch/A...7F4.pf

windows10-2004-x64

3

Prefetch/A...1EE.pf

windows7-x64

3

Prefetch/A...1EE.pf

windows10-2004-x64

3

Prefetch/A...9A6.pf

windows7-x64

3

Prefetch/A...9A6.pf

windows10-2004-x64

3

Prefetch/B...7D1.pf

windows7-x64

3

Prefetch/B...7D1.pf

windows10-2004-x64

3

Resubmissions

25/03/2024, 21:05

240325-zxdnnahe48 3

25/03/2024, 20:59

240325-zswcxahd77 3

25/03/2024, 20:56

240325-zq3dfahd45 3

25/03/2024, 20:51

240325-zm6xfshc96 3

25/03/2024, 20:45

240325-zj6ghsca7s 3

25/03/2024, 20:38

240325-zezs6shb67 3

25/03/2024, 20:36

240325-zdscpshb45 3

Analysis

  • max time kernel
    30s
  • max time network
    31s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2024, 20:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Prefetch/54449E3A-7D48-4A3B-8938-6F0AC-DA408979.pf

  • Size

    32KB

  • MD5

    a95e40c651a7a0c5c58b849bb9208afa

  • SHA1

    47402ef1ba20944fdef2c95a4fdce811cfef4f4f

  • SHA256

    92e9118cce4d45634e34e7833976eb1240c30f17b07360ecd81ef99af93c5e91

  • SHA512

    03e727cab9a3a1729a3f1f14724d601a15702bd3f15d81bf4e1fcd31fad5cc253fced340cb9b73920199e1654accf70a577f9bd59257faaa42bdbaa7a1559e79

  • SSDEEP

    768:XTyCNiE5vRH9MYJpwqfffH1Jzuia3zhAXj:XWC8o9tJp11QLzC

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Prefetch\54449E3A-7D48-4A3B-8938-6F0AC-DA408979.pf
    1⤵
    • Modifies registry class
    PID:3272
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4412
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Prefetch\54449E3A-7D48-4A3B-8938-6F0AC-DA408979.pf"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3312
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Prefetch\54449E3A-7D48-4A3B-8938-6F0AC-DA408979.pf
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3600
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.0.1570094896\492687546" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a5f1dea-fd42-475c-a22d-c7cdd66414ec} 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 1980 1aecc5d6358 gpu
          4⤵
            PID:2224
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.1.545466718\454901520" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2126447-61a7-4fb0-8b7a-e725b633bd68} 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 2404 1aebfb6fb58 socket
            4⤵
              PID:3588
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.2.1533328109\1055761782" -childID 1 -isForBrowser -prefsHandle 3056 -prefMapHandle 3052 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3463e797-769d-45a3-b00e-d4f10ccc482a} 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 3044 1aed04d5958 tab
              4⤵
                PID:2016
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.3.1541971761\1183532607" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3c7ac70-f222-4832-ba4f-45147af4e200} 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 3596 1aebfb60d58 tab
                4⤵
                  PID:4932
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.4.1818206321\34380942" -childID 3 -isForBrowser -prefsHandle 5036 -prefMapHandle 5024 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c18ed75-aea2-4216-b97a-c89edb8eaf5b} 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 5060 1aebfb65958 tab
                  4⤵
                    PID:5416
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.5.826229662\1411366644" -childID 4 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ded8edc-e578-4dde-a8e1-abcefe260792} 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 5192 1aed304d958 tab
                    4⤵
                      PID:5424
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.6.1564806424\1510955089" -childID 5 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f29ba6d7-7788-40c6-97f6-7b339bc855d6} 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 5472 1aed304e858 tab
                      4⤵
                        PID:5432

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  30cef4afd3de31c071e598a955516d2a

                  SHA1

                  a975e34547b4251a84b0a9872306be89f4a6abec

                  SHA256

                  4dc150234a40724e6f0e0a0294fab6c183a66376f5eacf8877e89cdaeb1ffc6d

                  SHA512

                  7db6597ae724e56fcf501ddb3589f68bea4da794c86fb4b882626d260f3899df506b590e6ab5de48d8483d01466fc583dd4179534b43fae163fa32be83d27122

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\a6b8204a-1943-49f9-b3bc-b9a47ff0809b
                  Filesize

                  10KB

                  MD5

                  be1f36e858bc0b86886e4fd6ee7ebe62

                  SHA1

                  cf990a8e6ca398d25de25a7e2b03759632a63011

                  SHA256

                  290527f49677fa0217595397e03bae1effd20a19b99df2ebab7d540ecf783000

                  SHA512

                  afa2234be88849e79c3c03d3118a5ed0cf585206de208bac701b8f26c6767e285fcff4ce9222e41268a22e01ddaa559943c6e77eb60869855aa0b6a731e4c0f0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\aae70c9c-95ed-4b97-b24d-71fa31c2cd09
                  Filesize

                  746B

                  MD5

                  67f7aca0fa55b71b25b6b620420f8ab4

                  SHA1

                  9a743df8af74b9ab5f7f8a0dc791032f1c0cfdb2

                  SHA256

                  3df22512c1a84a2ff7e0195706f7aa8d3a250ca3b3668434e26e8020e9deb31f

                  SHA512

                  a1cd7bb03f15150e223a9495772ee95f0ec32856949937a04f132e659d4c2bbf8b58ef5fc67c22aac2884ccff1be073c4e0b9070fe638914cb55373c7109b928

                  Download Submit

                • C:\Users\Admin\Downloads\xhGjOUwy.pf.part
                  Filesize

                  32KB

                  MD5

                  a95e40c651a7a0c5c58b849bb9208afa

                  SHA1

                  47402ef1ba20944fdef2c95a4fdce811cfef4f4f

                  SHA256

                  92e9118cce4d45634e34e7833976eb1240c30f17b07360ecd81ef99af93c5e91

                  SHA512

                  03e727cab9a3a1729a3f1f14724d601a15702bd3f15d81bf4e1fcd31fad5cc253fced340cb9b73920199e1654accf70a577f9bd59257faaa42bdbaa7a1559e79

                  Download Submit