Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
129s -
max time network
137s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
30/04/2024, 20:49
General
-
Target
spoofer.exe
-
Size
5.3MB
-
MD5
e9ed10a833d1d944afe0cf0896268872
-
SHA1
61c38a37ef7a2e76eacfd6a14c9178bfe20a5ddc
-
SHA256
276cc73c5bd6125c3ca8d3684f84af94e6f12538513a4f08c5705597fddd1c6f
-
SHA512
7a19d3f5ba5a95229c3918d8ee80c1380105c956fd05768e1445dc71aeb707dda8c0d8dca83efb20077c3025645299b9dfa2cd3c491a2764d81d4469fbea300e
-
SSDEEP
6144:Oy6I0jmJCvIBp4Z9zoyYaoQ3IL60qGWx11GREW:t6IfJCvIb4Z9zoyYa+0xVW
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\spoofer.exe"C:\Users\Admin\AppData\Local\Temp\spoofer.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.0.1693981519\1712179400" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1688 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eba17835-79d3-430e-a1a1-82dabdc1f724} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 1796 20aa21c3b58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.1.523451616\1529465698" -parentBuildID 20221007134813 -prefsHandle 2132 -prefMapHandle 2128 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58cbc2af-6d05-463f-b61e-808cd98efd93} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 2152 20a97172b58 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.2.742411941\1723404768" -childID 1 -isForBrowser -prefsHandle 2788 -prefMapHandle 2820 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7de3c9f-c8f7-4e2e-a5ef-6f69f150f8d6} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 2736 20aa649e358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.3.144178876\1912313445" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3036 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3fa152e-2536-4941-847a-9e7fe1175d1a} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 3104 20a97162858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.4.859976909\970947395" -childID 3 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a62836f4-61f8-4a6a-9ffe-9e1934b5b582} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 3916 20aa764eb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.5.1514325582\2113342197" -childID 4 -isForBrowser -prefsHandle 4808 -prefMapHandle 4784 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad04f3e7-7a00-48e5-87ab-3a7f2d9f234c} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 4816 20aa6a7fb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.6.852910409\897533963" -childID 5 -isForBrowser -prefsHandle 4952 -prefMapHandle 4956 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79dc9d0a-11a9-445f-b9fb-bc2829cc35fb} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 4944 20aa8991258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.7.1482024478\556100271" -childID 6 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9379f9a6-b223-46fb-b7f6-b9d7ed9c2b74} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 5124 20aa898fd58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.8.347537922\865116412" -childID 7 -isForBrowser -prefsHandle 5452 -prefMapHandle 5468 -prefsLen 26593 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56f2bc42-ada2-4fb2-ae0a-7bafae8eb8c3} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 5520 20aa94dbf58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.9.1440811088\819425451" -childID 8 -isForBrowser -prefsHandle 5652 -prefMapHandle 5648 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b62a515-307f-458f-969c-6b7cb32961b8} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 5664 20aa9cfcc58 tab3⤵
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD5c460716b62456449360b23cf5663f275
SHA106573a83d88286153066bae7062cc9300e567d92
SHA2560ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30
-
Filesize
2KB
MD5a45b16c22d3c659efdbb79205146f3a8
SHA1bd84db2b449d3b963d2ef2b9af3b402ede1cad04
SHA256d92e6aafbfe1cea7a6b2d8116848cac2644c6d8bf9527db06ac96a85245fd840
SHA51252dbaa89533420569a4cc83766fdd398921c8c0627ff47488ad11e2ad636f44a500fa4869a1e9ae7946ee1b1abb5c12ada70779d5f4b239cb34987f59115e6c7
-
Filesize
11KB
MD5a27d0e12db5adb6907668041cbb7c4be
SHA17137b7a00f2d9b2c33b6b0561baa4bc4126fcd3d
SHA256617f90da69a7df6b7e39a363ae141aab9ad3aee3a930a384aff0384833a53d11
SHA5126580ba28c998e97fa248d3ba211cec00416b47b6f86907f66d1a1c167efc7cee3d0de99fe1f9050b492fc63c6068fce9cb969e3aaa052695e557a0a7fed22072
-
Filesize
746B
MD5bbdd642268bdb91ce6d3ffbfc852ee05
SHA1ee0793cd3b89be0c47c38f09395f203543a9e7c9
SHA25698f09cca9780c333045fe4328fb4c8102c5fbdfd32cd836fcd950cf797df8ff6
SHA512ee553035b4f11f77e7120585b8897607fc0fc1f93c81893978254b373adcb864f1bd3355a8a7917009847988a372dbaa09b1453702a4a7452be0131f061cb80f
-
Filesize
6KB
MD57f46959252287b8b2b78db994eab91f8
SHA13aaf1679d4327b9a32e39c098633bd09957b94c6
SHA256bec81c9cfbbfeb728bafc6602abbd84550904115a985681518f37263834482ff
SHA5120161fc32d126e1373318ea1915a7572b831e51e2dbe3af8b5c162313ef8a0c28f0c1cb12dae9332e29469501874fed61a69667f13ede0b1a1dc91e3a52f05db3
-
Filesize
6KB
MD5fed71f4f322d30357f0b2188b8db3d8b
SHA1a808da3e91dc1bafaccb27dc87c24ab5c70f8006
SHA256d722276f6da534cd9185725218a599a20f08c8a160cbd5700120907cd63004b9
SHA512932d1cd84d5fff0d247b3c4d27c81073430bbb76bf42ecb42c659752f16ba0ea2a05435e0c05e2bd99fde316b7185c090f3def8e0cbd518f0d67f97f214bd4e6
-
Filesize
6KB
MD59349a90081a26bb0f21bfd9780910097
SHA10fb479b61f7eb387e0501a44b44ebf68fbc13e32
SHA25620b2ddf41c5916750ce8cbc2ad758d95071d50c5fcd53fcf85d9170e5b58ec0c
SHA512bf674f9346418e3b3d0f8f38c7190d1b178bfa285dbc4bcf1990db7a72540cfb8b36f0578290610f5d4dbd7e18503b333ef0a4500c0d29f987be7ddc72c80654
-
Filesize
1KB
MD5139269f727ae7766cc0d8c7b4a599c78
SHA166b1032fc7c3bdc52752e85803ddb65c94e1f65a
SHA256546d0532c41fb3b4920b185d802c877a4383ebdba74e0ed7019b3beb773b7d33
SHA5123171323c237ff8697da3b94cb0bf44d39bf4d77c27068f8e5648f54c11651a90f8b8067399bd8e00c33116f79874f011b5276c7ddd0bcf9c4eeacead13ec4bab
-
Filesize
1KB
MD54ea5685fe608d9290a17e918c67bf375
SHA1e2dcde7d71bad24f2ee27b37b903e4c4973c00a8
SHA256fe0ad800a3aecab54ce9fdedba2652ad0dc4d0999866f6d563af80d019f7adfd
SHA51290d457f90ed2ba0f929fc96aa844b2bc59867399db82fb3dab0e838628a7459f4c702b2b6322e1fe0f7b1a74428d1beda6e9d16f541f6847c48f65ff949d522c
-
Filesize
1KB
MD5eeeea2559f16eacf939c060894c4846d
SHA13a0e9f314947ba837e3a7961e511a95e14aa37b3
SHA256813f48942891fbf4dfda16dcd2bdcec21de44f18963616c2936603795e7948c0
SHA51249dce90a2c879587e9db24f482d79ec3281e3cf433dbe0f9ca3a0a0870c27039da7cd6499614a3df3e50d189531c689cee24a3ae9800722b8171fed01eea2528