Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
95s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
-
submitted
27/04/2024, 16:20
General
-
Target
notmyfault.exe
-
Size
299KB
-
MD5
833d5bbdf80d17a384e9b27798ea4d6c
-
SHA1
4ab55a97e76fd2cdb55ed305c984d87e9a06b1b1
-
SHA256
41ddb886060471d702693cbff1e7aa73c8ada5b29d9ee313de9972ab663a100d
-
SHA512
ae0011fd58b09f752d2c1a926b8740780798cd17b2704adb666826d8334e07208ceaac661122c8d7ac82178f3f39aee2ac2724776e96dfd3ee526d9e98a82ec8
-
SSDEEP
6144:whvkHmbGp7MCvRDlfJHbwZCjO0fNg1iyk:whMGbGlR5Pm1i/
Malware Config
Signatures
-
Drops file in Drivers directory 2 IoCs
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\notmyfault.exe"C:\Users\Admin\AppData\Local\Temp\notmyfault.exe"1⤵
- Drops file in Drivers directory
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1896 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0783cf3-e645-4c84-b521-0e60111d3868} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 25491 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3af15116-9195-45e3-af64-3a0a125e1f43} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2956 -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 25632 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5297ae3e-f6fc-4ef1-adf4-7fd17a08ee25} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3536 -childID 2 -isForBrowser -prefsHandle 3376 -prefMapHandle 3548 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {296bec92-de87-41ed-9d5d-52d584470cd8} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4584 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4592 -prefMapHandle 4588 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {634e3a57-f8dc-4bd1-b48d-bfce5f0cbb24} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5216 -childID 3 -isForBrowser -prefsHandle 5180 -prefMapHandle 5196 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {670d32c9-5965-4fcc-8757-903519616427} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2e1505f-0fde-48a3-830e-b87bb78e52d3} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5608 -childID 5 -isForBrowser -prefsHandle 5684 -prefMapHandle 5680 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {179a35cb-fe88-489e-ad54-69adf1a4f827} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6056 -childID 6 -isForBrowser -prefsHandle 6048 -prefMapHandle 6044 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fd92dba-8933-4311-99c2-57148ab1c5a1} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD5f93b15d105c574024a192e0783865ecf
SHA15eb285c5323cebe58022f2b1a180dcaee5b99523
SHA256af7882780875065388bfa22c69e6bdffa1f930101c85b91c6528ce7edc2a17f6
SHA5124d7e31ec5929570f3466468922129573ec5bfcd2e49db572c761000ded7cf3c1a589acbecc9c3d78f711250e94763e2aac6fdb693fc203fc4fb2018cf5e83cdd
-
Filesize
5KB
MD5ea02e7b8e7e6a18fb810dd2f8f6e5a24
SHA1cc623cd7832e40e8c5600dc20fed97edc6756913
SHA2563d7a48d9d028b75733ac28c1c82bf1d17cdd14a2847a10382009ff7409d8fda3
SHA5123ac4dc02dcda924f73e3ad75cf27c2c7e97d6b6e5e08d019f66c3667946e83e4020f2fc6b08340372c21b776941383871415073bf393c83b473c055adbdc90ee
-
Filesize
5KB
MD5a1b2addfee0befb7427f87370033c413
SHA1bbd328334251532c34d18f44569a229717d87810
SHA256a8b52d9b4d5ba43645ec1c67ec4ca60ef0c640f6036f0f9c79bfb9c09a9604b3
SHA512d3a6ed92689f67197952c2de5ebe6cbd25beb77495c43bc82a298665f910c0863c31c76d601d13c0a8cbaffd6d91c20a1b9a419ab636dbcd7c83707a21e43d20
-
Filesize
671B
MD55a538055258d5cfe84e020fc5b519062
SHA1cf23f8c4f12156e2d598026970ba376c61363b47
SHA25674b84e7a603472d909d05447429e83eae1cf14fdb2030df185a6907078825f09
SHA512559233dc254b857b7a7ced09a191de997ba0da88d96134c185488e844dd81bec76649d8e47306b4bd1ac11ab7b2cc9088a04433757ea52338393f8b21641e5b5
-
Filesize
23KB
MD5af9484860642f6eb7d72516b5718dc82
SHA16d83d184e5ef725814153546c2e257a175f8f458
SHA256d399a47a028336951dcce6f8565a5fcba8db33e708dce2f6d64bbd17ce6c93fe
SHA512695198ebaf9ed1d6a491a7e51b6174ffaea0b90920b2bc1cc3619494feb87f1a24c78c9d39df19b9350704180b12285c26aa227072042e36e77aaf2ef667b0db
-
Filesize
982B
MD5134e453789d31f0443655cd16c1e0e97
SHA15815697fd354c7cd473ed813df8f464523cf86ac
SHA2565dda220551a27062d2f2c5dc6d5c53085016ca21dd6a266bd4fc00b0c4701ce8
SHA512c6d4868227aeccefd754975a2cd9da9a61de4a168a832c203ab68d346781f040cdad2f3bc87c02abe486140730f9f488d887032543fc2ac8d56da5c26c595aab
-
Filesize
9KB
MD56957c7abc5d15ab0bfd9727ebae3b985
SHA1728813f4709d29e1449fb4ec2af2270bbb769609
SHA2561ff7ec00e10ce7d5cb3925100d5582a67fa5fa147ef84b2bc2a9ec0df16f436a
SHA512bcf44c43a3f4fcf70e285ddb5059652b66cc44164cd10687bd63896f8de4c62cc0066be093e95e19a7b0b4d1b756099dc4490d862364d1db2a724b7f47f5356c
-
Filesize
1KB
MD520a27d3159b6f21947a10acf7d568d29
SHA109bad33d288705ac320f58a875f50967f52a1f50
SHA25631546fff180dd2cb35aa5fc0a30724f972a2311b79bdde049c262e887f014121
SHA51206a2e13e329351b8ea5aa645b5d7fc7491730444aff4930d44adb5543da85a8851d20e02ae9d413472c2db8ba924d0755cb636a96c19acb38e3dfb22b9183395
-
Filesize
2KB
MD5f74b399bc37afd6f67c892e02bbc1e01
SHA1dbadeb2b0536052d8a024866594f5289413a35cc
SHA256c4d7617e7da1a3f0d2505d2a218a899c87fc2634476dc24d3ca5247a46c733f9
SHA5127183a18ce39700aa243615df5fddde66027810b0dd08f47ad9524c8fd51b156b9a082229658e46d5af2520818dec053ffd6afc3e0f6b359e74613b458ce954a8
-
Filesize
2KB
MD55751464458e7a2276fb6633607fe8ea5
SHA16c19b0eee88029fb3602b14b00ab28769d40d822
SHA2568f37f4cf3ed8363870d008cc1072f59e591e7bab1672f12a8f8a7d043564eb9b
SHA5122a0f1c8c5809dc9f18fb3ecbc72f03aa12240069b5f214c04661af8b0fce08dee3e0a1429fe23965ed32ad73c1ab5c6620b79dd66efbc19ffdea840b53b6d037