Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

MHDDoS-main.zip

windows7-x64

1

MHDDoS-main.zip

windows10-2004-x64

1

MHDDoS-mai...NG.yml

windows7-x64

3

MHDDoS-mai...NG.yml

windows10-2004-x64

3

MHDDoS-mai...rt.yml

windows7-x64

3

MHDDoS-mai...rt.yml

windows10-2004-x64

3

MHDDoS-mai...ig.yml

windows7-x64

3

MHDDoS-mai...ig.yml

windows10-2004-x64

3

MHDDoS-mai...st.yml

windows7-x64

6

MHDDoS-mai...st.yml

windows10-2004-x64

3

MHDDoS-mai...ot.yml

windows7-x64

3

MHDDoS-mai...ot.yml

windows10-2004-x64

3

MHDDoS-mai...is.yml

windows7-x64

3

MHDDoS-mai...is.yml

windows10-2004-x64

3

MHDDoS-mai...ge.yml

windows7-x64

3

MHDDoS-mai...ge.yml

windows10-2004-x64

3

MHDDoS-mai...ignore

windows7-x64

3

MHDDoS-mai...ignore

windows10-2004-x64

3

MHDDoS-mai...erfile

windows7-x64

1

MHDDoS-mai...erfile

windows10-2004-x64

1

MHDDoS-main/LICENSE

windows7-x64

1

MHDDoS-main/LICENSE

windows10-2004-x64

1

MHDDoS-main/README.md

windows7-x64

3

MHDDoS-main/README.md

windows10-2004-x64

3

MHDDoS-mai...g.json

windows7-x64

3

MHDDoS-mai...g.json

windows10-2004-x64

3

MHDDoS-mai...tp.txt

windows7-x64

1

MHDDoS-mai...tp.txt

windows10-2004-x64

1

MHDDoS-mai...rs.txt

windows7-x64

1

MHDDoS-mai...rs.txt

windows10-2004-x64

1

MHDDoS-mai...nt.txt

windows7-x64

1

MHDDoS-mai...nt.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    89s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/04/2024, 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MHDDoS-main/.github/ISSUE_TEMPLATE/feature_request.yml

  • Size

    1KB

  • MD5

    680511c3c3279ecdd90f8ae3e0693e52

  • SHA1

    a7fe4f69397f2f9b83faf2dc99f38dbc09e5479d

  • SHA256

    b73780a4ce64a133ec19109b9118d5e24979dbc27bf89a1a70ed8277708db2a9

  • SHA512

    532fe3509d9dc3453766937d7b2327d4e9d749b6ea87440f39d452f619c599a5808ce5691d1dd44346e9354febe22d2eaf10ad02e162b452068d08000caf9de9

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 18 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\MHDDoS-main\.github\ISSUE_TEMPLATE\feature_request.yml
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\MHDDoS-main\.github\ISSUE_TEMPLATE\feature_request.yml
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\MHDDoS-main\.github\ISSUE_TEMPLATE\feature_request.yml"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2432
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1336
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1384
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.0.833838557\178368368" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1228 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48aeface-5988-4c86-8d0c-05f289dba036} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 1300 11ec1158 gpu
        3⤵
          PID:1612
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.1.1550566735\2115621337" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c0a3310-83b9-4c78-b509-d47742705c9f} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 1504 e71658 socket
          3⤵
          • Checks processor information in registry
          PID:336
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.2.1194315621\713783095" -childID 1 -isForBrowser -prefsHandle 2084 -prefMapHandle 2080 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b703c5f7-2e6e-429a-a83c-6e0c537c7aa8} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 2096 1a3abb58 tab
          3⤵
            PID:3056
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.3.2025419603\46600840" -childID 2 -isForBrowser -prefsHandle 1668 -prefMapHandle 1648 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {225defc2-42ce-470e-9352-8462182ab3ff} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 752 e71f58 tab
            3⤵
              PID:1936
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.4.1667112528\1676473943" -childID 3 -isForBrowser -prefsHandle 2792 -prefMapHandle 2788 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8616ff8e-448c-4826-bb8c-0a85b9ed7622} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 2804 1bb33558 tab
              3⤵
                PID:284
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.5.1690821569\806178723" -childID 4 -isForBrowser -prefsHandle 1108 -prefMapHandle 1936 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f1bfce7-13d3-4b48-b7b8-d46ab7ce7f0a} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 3684 1d9f3258 tab
                3⤵
                  PID:1336
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.6.1699835778\617009792" -childID 5 -isForBrowser -prefsHandle 3792 -prefMapHandle 3796 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b8895d0-b2bc-45c9-a44f-bac56b3994a4} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 3780 1e8c9158 tab
                  3⤵
                    PID:604
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.7.127161894\1818904422" -childID 6 -isForBrowser -prefsHandle 3976 -prefMapHandle 3980 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3007cb43-5d90-4b51-8fa5-5c18a8851b7d} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 3964 1e8c9d58 tab
                    3⤵
                      PID:544
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.8.1669774981\675883153" -childID 7 -isForBrowser -prefsHandle 4156 -prefMapHandle 4248 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8aa9931-0429-4552-aabf-77de3bb4d68a} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 4288 22039758 tab
                      3⤵
                        PID:1892
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.9.656028838\1714142846" -parentBuildID 20221007134813 -prefsHandle 4548 -prefMapHandle 4544 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b19297cb-81b5-498f-84bc-5e6d294d6594} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 4560 2245a758 rdd
                        3⤵
                          PID:1712
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.10.730165055\960885065" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4660 -prefMapHandle 4656 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b480bdbb-cf53-4b11-a0c6-606b7971b71d} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 4672 21076258 utility
                          3⤵
                            PID:2812
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.11.447135606\348119655" -childID 8 -isForBrowser -prefsHandle 4820 -prefMapHandle 4772 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {297ea801-0ff2-4b85-8644-784c1863532a} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 4832 21266558 tab
                            3⤵
                              PID:2828
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.12.1552237180\742958189" -childID 9 -isForBrowser -prefsHandle 5076 -prefMapHandle 5072 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 832 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79d83777-3698-4456-b177-bdfc38a030fb} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 5088 224a7258 tab
                              3⤵
                                PID:3196
                          • C:\Program Files\Microsoft Games\solitaire\solitaire.exe
                            "C:\Program Files\Microsoft Games\solitaire\solitaire.exe"
                            1⤵
                            • Drops desktop.ini file(s)
                            • Modifies registry class
                            • Suspicious behavior: GetForegroundWindowSpam
                            PID:3148

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
                            Filesize

                            3KB

                            MD5

                            fa9fd61b2e66ac6f134d65b3e87343b7

                            SHA1

                            6a9b36f4c9e00eaeba6dd36805bbe0304f890236

                            SHA256

                            053ce86b9e0da0951cbc6d7f1457c12df6de13cf5040b04717a6c6668bc5129b

                            SHA512

                            cb2ee654af73c431d0e2ddce079c06d5442dc7dd275dcf55a4f4e1f9627e3cca47a5d705e262d5f85c9057f35aa58baae09dd775f54f320170484d18a088e2fe

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\db\data.safe.bin
                            Filesize

                            2KB

                            MD5

                            09bb3bab76867e98fab79a34747dc2bb

                            SHA1

                            8b25d8cc438862b11b1c4f8356641558e127fa2f

                            SHA256

                            17890193dae4e4a7b12a26e369b8f5d9d2598a73d2100311193a903dcc778f1c

                            SHA512

                            fe894ccf2e1847f0d6b810f6a6de523a54126459c3b09c09bf1c70eb2d859e2cbc64803f6075c8b2bd0ed7abf9acaf89433d970e319644eedf27e0fff9b56fa3

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\a8c66267-919a-4637-b110-381872ccb6da
                            Filesize

                            10KB

                            MD5

                            7c661cc858510c9db2b557db42af7aef

                            SHA1

                            c9515d21f437243f0340fc9ec03d2c9e26fcdb6a

                            SHA256

                            6f60e50e5f3f24c5fcaf1bfcb3e634a2d3c408041154dd0f7ee30782f0602d48

                            SHA512

                            0a40d9de23ed503c2c123e3fdc58efe6135911e254ba58505ea7ab4c275d8a71f3978b42e859a9b291097dafb35c5ae4dbe4804f6d1236583399fe6ad183c0ea

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\c08dfa8b-9edc-478b-bbb4-30f8a8cb3411
                            Filesize

                            745B

                            MD5

                            5aceee0bdd2b6526d2ef63792b972232

                            SHA1

                            85df630778f7c6ab3532646b8e535d85ada11ce1

                            SHA256

                            9d2785759746c59ecfdc9847ede8a18b635e8d64fda954d1376e053e703cfe4c

                            SHA512

                            a477f7666162de54ed2ec3697bd17c20cb40e64311702895dbf32d4057bef5182b44e3c574c3f6edf59f269ab67bdcbd321b0b41cc14d21a81603eb74e820289

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            1a0a8580274020bea8a5b402bb218cfe

                            SHA1

                            8d026065bb111b86f1a8984624052d904a93476c

                            SHA256

                            81dce6689b4e797ba0632c636871f721d241262dddd4164f27cc9a8aecd2a347

                            SHA512

                            b76041920402e41ad264376ac06f976a3e9381926d44bf9467aa371ee789f0595db028fc7fcf3b0fd829daf591dcee135a876f372f46f0bc1def8e8ed5f5578d

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            d8566c7a03b9f95e5aa8248abc2ff0ba

                            SHA1

                            b93dae76ba94ca8c730757eec36cf5b19a1bc167

                            SHA256

                            d32314f919dabb601ff8806b7bda9eb2c3ce560b9d911867d3022a60bb14241d

                            SHA512

                            1731c95e5b668051ea6de9f7f0057cd66e54107161333a1e075c13b6cacfdc52a38a0cd6b9b976d9015cd5be02645e4e45c708afe5e459ac6ffd2c774f9c0ff1

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            1KB

                            MD5

                            de5e85f9cd6d444aae46ae4c17c16c1f

                            SHA1

                            27622107dcd0aff8dc108f973e31ded6f630621b

                            SHA256

                            06d97e7de01c894e684ba8a626317721735f32025ddf03b284579c7af9d41d1d

                            SHA512

                            67c8eafa2979bf6a63606a6dd8c186e25f0a209e259a462fa126fb5a4251e557f517a91aa22da7bd19c80223ee4b63c9a507ae757d733659b076ead6007db693

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore.jsonlz4
                            Filesize

                            3KB

                            MD5

                            8a54c50c2ddd3ffa1f9ab2b5adebc719

                            SHA1

                            267cb5c079e9da0672552d752dce21570466efbe

                            SHA256

                            d478a314ca2fa70c5ae08670a25c8c8b8751b36965dd46b7b19e4a75b29eade8

                            SHA512

                            a04d4a83e1e1f6a12dac0af8bffc8b56d4cc85d502de36aa22c932ed5a4427be4b6595c3009faa3083d5378d9100c7c47a99d7fce815dc898bf9f253bc23031a

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\storage\default\https+++www.youtube.com\cache\morgue\152\{83810993-f92d-4b18-8449-fd9625bd8b98}.final
                            Filesize

                            192B

                            MD5

                            2a252393b98be6348c4ba18003cc3471

                            SHA1

                            40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

                            SHA256

                            04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

                            SHA512

                            07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\storage\default\https+++www.youtube.com\idb\213583328yCt7-%iCt7-%r4eas9p7o.sqlite
                            Filesize

                            48KB

                            MD5

                            485188e029d5ef68073f08960acf78ca

                            SHA1

                            7d0738345f95cadbc312a182e155e531642505a8

                            SHA256

                            842b372f82f9849e17275e0762451ccb97df5e2a0727e13c9d012e773ed58ded

                            SHA512

                            6ebfb66cbe5d12029005b95e6832ced3a6dd300306c66541d436a525973c1c77f24292b5ea165b301678e4582dbd4eb0e79624164743235668f2d5b46edb445c

                            Download Submit

                          • memory/3148-818-0x0000000002090000-0x0000000002091000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/3148-822-0x0000000002150000-0x000000000215A000-memory.dmp

                            Filesize

                            40KB

                            Download

                          • memory/3148-823-0x0000000002150000-0x000000000215A000-memory.dmp

                            Filesize

                            40KB

                            Download

                          • memory/3148-821-0x0000000002150000-0x000000000215A000-memory.dmp

                            Filesize

                            40KB

                            Download

                          • memory/3148-820-0x0000000002150000-0x000000000215A000-memory.dmp

                            Filesize

                            40KB

                            Download

                          • memory/3148-819-0x0000000002150000-0x000000000215A000-memory.dmp

                            Filesize

                            40KB

                            Download

                          • memory/3148-824-0x0000000002390000-0x000000000239A000-memory.dmp

                            Filesize

                            40KB

                            Download

                          • memory/3148-825-0x0000000002390000-0x000000000239A000-memory.dmp

                            Filesize

                            40KB

                            Download

                          • memory/3148-843-0x000007FEF67E0000-0x000007FEF6911000-memory.dmp

                            Filesize

                            1.2MB

                            Download

                          • memory/3148-848-0x0000000000380000-0x0000000000480000-memory.dmp

                            Filesize

                            1024KB

                            Download

                          • memory/3148-847-0x0000000006C40000-0x0000000007040000-memory.dmp

                            Filesize

                            4.0MB

                            Download

                          • memory/3148-849-0x0000000002090000-0x0000000002091000-memory.dmp

                            Filesize

                            4KB

                            Download