Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
-
submitted
30/04/2024, 07:17
General
-
Target
http://www.pspad.com/analytics/matomo.php?rec=1&idsite=2&_id=6478664049b3d93b&uid=6478664049b3d93b&rand=V05218867&action_name=pspad+5.0.7+x64&res=1920�1200&ca=1&e_a=pspad+5.0.7+x64&e_v=775&e_c=login&new_visit=1
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://www.pspad.com/analytics/matomo.php?rec=1&idsite=2&_id=6478664049b3d93b&uid=6478664049b3d93b&rand=V05218867&action_name=pspad+5.0.7+x64&res=1920�1200&ca=1&e_a=pspad+5.0.7+x64&e_v=775&e_c=login&new_visit=1"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://www.pspad.com/analytics/matomo.php?rec=1&idsite=2&_id=6478664049b3d93b&uid=6478664049b3d93b&rand=V05218867&action_name=pspad+5.0.7+x64&res=1920�1200&ca=1&e_a=pspad+5.0.7+x64&e_v=775&e_c=login&new_visit=12⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97e7cf3a-4013-4d76-8fa6-bd5a8f80878f} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3432f5a2-bcab-4a29-968f-230c95c00215} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3396 -childID 1 -isForBrowser -prefsHandle 3388 -prefMapHandle 3384 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ac964c5-5095-48d8-9ced-3b782ffd5be5} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2892 -childID 2 -isForBrowser -prefsHandle 3288 -prefMapHandle 3188 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {459cc7d8-2854-4502-871b-7d3b72f0da6b} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4756 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 1616 -prefMapHandle 1472 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c528d254-c268-4024-861b-3f474182cf8c} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5276 -childID 3 -isForBrowser -prefsHandle 5240 -prefMapHandle 5252 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed58af37-1006-442f-b551-819f349dece2} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 4 -isForBrowser -prefsHandle 5124 -prefMapHandle 5232 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d01a032-c8b5-40c9-b251-0443dd6abfa1} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 5 -isForBrowser -prefsHandle 5592 -prefMapHandle 5596 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab951af7-25a0-4d43-89b9-4086fac1901f} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD519ed039b4b1ce247cd06fb4aec492095
SHA1f707653c2e013ac469845a89b68dd5ad154c3c0b
SHA2567d4421e227a482d113c1875eca00a51d4fc53a0cc05622b82a8928f45702269b
SHA512573901f8dde57bd738d7738fca0e4405b4c4a5ef9e0982de87b3b8550df4d008d44bb23e20bb2262158c8d7132485d96e441f218e42b0b57cfed7dc3daad95c9
-
Filesize
5KB
MD52f58d8fff76de012eb5e7b3ada9b3663
SHA196c9fa3d9eb5b94eac766112ca36f2f94b20a760
SHA25645a6eeddf8fd19199137fa3bd8cb970c51266087c162dddf67ee6b8b94180b52
SHA5124e9acbbf9802011a6bbb90187cad8d50e44bdc2b100e68c517bf081ea02e412652793473ad8177ee3733ea6a7e33c2223054b2678eff4502a1b4805de1bad598
-
Filesize
5KB
MD5286de789a48d1fda597e8c5b73b1f351
SHA1f55cfb988554e862db292a7f76357c51efe15bf3
SHA256cd24478e18a3b9a8aaac4205e1b6a9b8d75aa95c6dc2be2d5ea9c63f66a8ad6a
SHA5120769332cf9d32e28c2529bc6870318ff49534a58e52c7bb41fe4f9d60a1003211ea11d4a2912ab6668f0335fe2e9f66f10b7828a0e6e685467507e3260ef55fa
-
Filesize
13KB
MD59ed3a92f66500e199bce3ddc468263d3
SHA18a0b06b4dfd374627da49d33574b7f81ef8c379a
SHA2567ebc23ed57fe90f54e65cdcb0db175bf1267ccf8b653bd52f4fa1f3fd7a5b91c
SHA512da4f072ce729f9fdcdbe3308ab85f54d364167bddf8fcf905d4d2d71a30d83ca346ec2e1930e3b8820eac143c503472687f0053941125cf19adfc5e8c1d6abfe
-
Filesize
982B
MD5475d1d8a5e8473a695b1a06a9d4b935c
SHA1f7549f2079a0cfbc0548ae051f6facc913969cb4
SHA2566e78a1a290426335ae390b4579910cfc30610f846c85e7879ad9dac7144c819f
SHA51253d7f558d3a547a0de39a2fc3958b254530dfe3bd8d13c88d1509970e9afe1da341730fb77acf2cb52864ea9a530fe9394ff0814529f28d55abb36bf20b400cb
-
Filesize
25KB
MD5b47f4bfcca78e19cb6e863999c717e12
SHA1dfcb6b26c8e65ba1b9b54427903248f62b2016c0
SHA256da2ce266b4c7549731f7edcb26196cd6905b48f7ad68f90a930a927b7897716f
SHA512f775f1c0e49826796791bb48d1e6c0e02e1c8777cf820c3dbce883d617501474092cf890a6dfd315e815c82358ecbab78264ecfd874b4ff3246b9129af6e5e06
-
Filesize
671B
MD5ed70f89b27d33830e1649f47349b5794
SHA15fafe500d9d73734e9ce7114fc648eea6c28d76b
SHA25625455868895bfad10f27f0170592eb839c7551050fb7ba873bf308bebafd6f96
SHA512c113b702ed79e1a4369cc4102bed284f9f6bb674841f37f8a448e1eb8d4cab07a9395b03f9b1b3e1af1f6ce9ddff5cb27d78a733c7567e387a93a7a9d1af9809
-
Filesize
8KB
MD522637db96d3d9653c6a1b4af94cd9ff6
SHA1e3bfe8996fff8128b49601fd1410a595cd2cd7e6
SHA2562ec12fafcbbd61d66ba16bb3a795242f3ba52aafe5c125257a5326288d071f86
SHA51231189b6aab7e7513a75d7ae3521f96f3f9411a148b943dc5030d0940c72040c348bcc732c19bf16e53f759f3a4b1bf71036f59e379527f9cec054ed94bee09a4
-
Filesize
9KB
MD5f17790117c3206a6be6d49db60aa6c5e
SHA1e5d01b74a993642098092bcd227800a41276fa54
SHA25666655d0ec054446a22cc64aaedabe8f22b6c370e480156e04593f006254f1971
SHA5124f8a5cc7176f18fcce25f19236d01838f6800fae2d85ce060709e3094042dc74d50a4185edc6f7dc7c07fdb2a532960e84b7936029c8c308f063049348384518
-
Filesize
8KB
MD5faf6eb1b84889c5ac6620857c15c4995
SHA1929ae68f2f3544f4ae380e801f46116ee18e72f2
SHA25660cd45ecde36d94dd8c484aac5f3843c73c28077ac83671bf574c3db8f910dc2
SHA512fced2051fa731ca2e2c2ea34a090579d5a24e3b14b675eaa9e5a63ced38a05089cd168195cf7dcb0fd50e358622e842cffa1b6c6870b26b9d3f4d597d60a696e
-
Filesize
8KB
MD579347a9f43959edae4b654a1e5f1ea31
SHA1ff065ebc6a411740621ac0dd46d6c0be21dc993d
SHA256d82b9ecf05d5be9a4002255823bf3d1e770df0d647b86305dfde2ba63f39ff29
SHA5128930b373acbb700c938fadefd01922bdd1631e7bf25c1faf5609beaa750c8232378ef7ebaad37686234d48ee732cf476d1566e0853da06a958407cb4e2d77072
-
Filesize
1KB
MD55bc69e0b053b9d1fe0ef9949b7ea5a61
SHA15cd7bac484938b1f06e82e1a53990b620a347b3a
SHA25698cb451d2e90aea66d5e0c56b028ad6ae83a552828c0112285752c209628f92e
SHA512d3d35caddc6d3271c1d8d14274eaf8dff6b0df31a8188a8edcebe356366fecd2d93961e1ec2e3aee7ec0b1eb52040371f9a9baf1b33b155fbfb9da587aff9b52