Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

free.html

windows10-1703-x64

1

Analysis

  • max time kernel
    16s
  • max time network
    18s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-it
  • resource tags

    arch:x64arch:x86image:win10-20240404-itlocale:it-itos:windows10-1703-x64systemwindows
  • submitted
    08/04/2024, 17:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    free.html

  • Size

    15KB

  • MD5

    4928758af003e19a6f86b908015d9b37

  • SHA1

    8d6a1629ea6ce97180c5c9768fffb4832ba927e8

  • SHA256

    171b362ce6384032e44690f8047de9c7992097fdbed4be918b597ea485060c37

  • SHA512

    4e0bfc766f03f896391c00ba7da1c8321f6bd5530ad06bacae09e666c506d82930bb23e4667c0049f5a42b570327c2cfa1df4288f1b30f1833dd7d2f374e9e17

  • SSDEEP

    192:PNx5Ssv99qXoqTJkNr423x+tmT1TwVwDArC7AIqczwVlFtyrrN:5Ssl9qYoJkN0u+tmTFWwAIqcktErN

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\free.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3208
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\free.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2000
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2000.0.1559672195\429623370" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1688 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6592a3de-be9c-4378-8e7d-d22d049fa8d9} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" 1800 1755d603e58 gpu
        3⤵
          PID:2404
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2000.1.1489183197\66341979" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cae2cfa1-b289-4713-a066-e7ed2f5ebc3a} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" 2152 1755c2f9258 socket
          3⤵
            PID:3564
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2000.2.1829693704\1250029943" -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3048 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1e872fc-e413-4a63-a4f9-34d4cf7eab15} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" 2744 175603d2858 tab
            3⤵
              PID:1076
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2000.3.374384701\1252110434" -childID 2 -isForBrowser -prefsHandle 3408 -prefMapHandle 2736 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e3cc5b7-1d06-4810-89a1-ecd8bbba7b99} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" 3468 17551360158 tab
              3⤵
                PID:3708
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2000.4.1944800817\1425916420" -childID 3 -isForBrowser -prefsHandle 4660 -prefMapHandle 4656 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e81cfbef-bc74-4089-bb51-aafc70eac497} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" 4672 175628a1f58 tab
                3⤵
                  PID:1680
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2000.5.229089882\318381178" -childID 4 -isForBrowser -prefsHandle 4812 -prefMapHandle 4816 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebe8bd14-1535-408f-a70e-3716e700255c} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" 4804 175628a1358 tab
                  3⤵
                    PID:4392
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2000.6.1539812943\1106670278" -childID 5 -isForBrowser -prefsHandle 5000 -prefMapHandle 5004 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c27eaed7-ba22-4033-818a-db737d4dbd27} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" 4992 17563669a58 tab
                    3⤵
                      PID:3912

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  e8f354400c64699513f608f6e8f8cc90

                  SHA1

                  8780625ad791f52576c8a2b7e31133a4ca189fab

                  SHA256

                  79dee9400b808a3b0f346c61717d12ff14e65d045bba2c131bdc7f203031837c

                  SHA512

                  9f02cf40cc5f568e7ca05d48312a4cf3f413f9874abefa3b4c398e6392c232eab21ca2f06f9cc30765decc5c7fb05659cb93bbb86bb6f33f707dbf1b080d3320

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\a4aa1555-4dce-4bba-8339-67bb3629d0ca
                  Filesize

                  746B

                  MD5

                  1cea641218b6ba97cc167876acf90a87

                  SHA1

                  f8534105b2228b38439040e2339b7cf30920a153

                  SHA256

                  f1a4591b0e72c745cff11adf4dfc63d4a44c43928cb4c2173098e6c126aed942

                  SHA512

                  71e72ac3ac7387ab8625b6798de92719c99c75ed431066050b656fab7e09e0f61a14dd1dc28839e10f326a6dd8b9fa5e129b7f43ed5affe3e7b12c116c1dfc56

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\ea37dc01-4499-49e6-8ccc-bc7eff9cb07b
                  Filesize

                  10KB

                  MD5

                  439b1ff760a8ed9ca6a83b3b02e7666b

                  SHA1

                  19da07b353224c501dc24391ca02cdbec4032a71

                  SHA256

                  5f1d06b945e45e550fe265f1a88c42a59fe7a3c7122e15bbb89ff36629a8f705

                  SHA512

                  663f0da95595d1e28276a26dcd30b9262a3f5fbbd21d63e54e25d68d42dd6d5994326bdd4939a216f41ca2e91dba3591bbc349b74e4f677568e8a00a03b99043

                  Download Submit