Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
22/05/2024, 04:29
240522-e39m3aca78 1011/05/2024, 11:09
240511-m9hrxsge69 1011/05/2024, 10:59
240511-m3ndtsdd2y 109/05/2024, 13:02
240509-p91nvaag8v 1004/05/2024, 06:42
240504-hgj23ahe67 102/05/2024, 14:21
240502-rpcsdscg77 10Analysis
-
max time kernel
93s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
04/05/2024, 06:42
General
-
Target
https://download.tt2dd.com/
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://download.tt2dd.com/"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://download.tt2dd.com/2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1888 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ab55624-db43-4917-8ab2-e788895b5b95} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2364 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc7d4f79-a304-4103-80d5-4baffccc5140} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3084 -childID 1 -isForBrowser -prefsHandle 3068 -prefMapHandle 3144 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa9bb077-c39b-492e-86bc-b26800643554} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1388 -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f45e676-b52e-48ce-a936-448951e20d57} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4348 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4396 -prefMapHandle 4324 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc87eb76-f413-45b9-879a-3b4eda81ed68} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5288 -childID 3 -isForBrowser -prefsHandle 5160 -prefMapHandle 5184 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4bd77b9-15e0-476d-ac47-6afaa7b598c3} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b27649d-f4aa-4c3f-bdb8-6959f4ca1243} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 5 -isForBrowser -prefsHandle 5620 -prefMapHandle 5624 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 888 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {150bc809-d360-4838-ae9d-e59380fdf529} 4236 "\\.\pipe\gecko-crash-server-pipe.4236" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD541b4d39eb2669c949edb2ed61854d072
SHA1bc7c4fabae1f76c39421869adc72994e6d28c0d2
SHA256a89a516ab2863a8c71476c11b746dd16819c5d27fa8ecc3b7c8c88952dfec1d9
SHA512d8e355bff026948850f9c9ec33db5f5f2fbbfdfc9f41bf2b03f8fae9091a58dcd4ee73028a1f1dde11d2b2df6a273ede4e28ebb665a052c56aa5ea79e29f8ec9
-
Filesize
13KB
MD5d90ce39c7e8cd4477240b1c64f010e18
SHA15e04357c67dab56e5d9e0a99ab124d45a9874fe0
SHA256eb1e3a24fd2ced4d5be73fdf682a29dda7083fff4752b8bbbe6f004b6aad0d05
SHA51220acc72b1fd2af2fbfd7f1e1d1b54ab800a90132665132b10af1af529074ac77cb15e225aaa8f7768cba9b0add1b25dfe368de66507f618764532c0fe39887bc
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
6KB
MD5fea175b8b38c3c4052de9a3fd83f957b
SHA12f9414e7e19859fbfef3e636fc7cb6e0d248cd5b
SHA256c9d14f9c622d1e1143e2dd4d5182a03d994be71407fa371e01d5b301961c5aa1
SHA51222c5fa31f173756de88bf34dc3b5d07931f3d7926de8ff8c103939e21b5b55e78a5c243e0514ab8b78b8a3b7258914ad0b4b38ed173abbd8074ea835e58cd564
-
Filesize
5KB
MD5dd4b276aca16dd9920eb24bda8528406
SHA1ed3e4e7ba29f679e9e6d0bf32753ea1aaa86eb49
SHA256cb31912c50de7f672558b09e4f393adfcacc0a442434ee92494d4127acb6229f
SHA512ae20ae01c03949b7711dc9f9a99afe403bef23b5cf6c45902cae620d930962bf2b918b97b45f022c351700c7b5d7badf8f910b3010d9610d325958df36e998c6
-
Filesize
14KB
MD5eacce17d9f88ea547353ad1378263772
SHA1ca92364a88cf48332eec7f006dd1ceb1ecbd1db1
SHA256bdd3eecf0b3a1e90e4a51884b40ca9fc0d1804224588a608616cba6ab350c431
SHA512365aeed1af5141f04cf1e2e3232c0884a13789f72dbe3dbbb86ca285d77508661872df7aed3c50160618c793ad3a5bc778d5fe1e2ff251bccbf84a6e468ca735
-
Filesize
14KB
MD5c2c4889f940a2ba323b43b37b3b0ee08
SHA12d3070c2086b83399a512d86ac8c07e134890e85
SHA25622421dd52f291960ab7329b1a2d5a3215d7b82a39ffe1392114e32a3e7131809
SHA512c0661d8f3743b9ca3ecbaa8ae1ed3ab8fcdcc110f7d7f426ecbefedd1d3b1e398202b2a2bdaf3c656a31d067530744029040640c0c03e8af995f0c097798a657
-
Filesize
6KB
MD5a78d248c7015d303b364ddf16bacef28
SHA180994d96f2f7ce759e0a97e40c9594d7e317e904
SHA256b079878317ee5e392fccb0934d5396ee76c775f8fd0611a426ac3af5be371468
SHA512a3b06a3a1ac8cfb5d30515cc4cdf183a7856a55226b5550f7911529f4913398675f3855ee86a1c49f69d90b4d44038af0bbb23dd7df11edba6a5566d876261d9
-
Filesize
982B
MD58e519225476cd100ade72c3368175ce4
SHA1f5fb84deea2966e0246eb036fcb9488193292490
SHA256cdaa3f6c21a30042c35c76d51e1e1a0c941783a397f8dca2d6673b0d33636ec3
SHA5123dc9146911095c4fc38978e3faeceb6ee105e4187d159d63789ff895e324dafdc19cf4569853f001fc1f5e7cc953ba8318d517c869055cc73d80a6b927ec101a
-
Filesize
26KB
MD56c6d34b4e11f382b675333424b6ed657
SHA14364e2c7558f1c30a1d1cb5cfdfb4b8340fd72ef
SHA256b3526b486110647d44aeefe102127618bd8b71b8e0ca8a9b7eea4bdea0e6dff8
SHA5129965b9b8e273382a5ed240f4c5711b109b5b0f55dc660abfde50d02bc52a1437d2895d3d00fc19091ef9d8a8bda421239f7f35f1131cb7066f8675bd71342745
-
Filesize
671B
MD5f5ee251ab95298f1df44e06e6c8b82e9
SHA1a5247a5f87ca9de32312b2e15ba1ad500e5a6286
SHA256f1118398d4f56236a9d93457446f926b7148780c8d5d9572082faf1c77707ded
SHA51202fd2fe15589d2d216cc21aff4470635f05743b92a27c88a6aa5b2750d62822eb65f8654ad00923ae00cf3e0d145678b0af1e43c06d45b09361583b9e9cc433f
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
10KB
MD5352a802ecc61d85b12857dc17b9bb507
SHA1976e335376a80438ef577973776edfbe08799df5
SHA2566ecc83d740c149b9e41b5bf7702434f4b615f6687f51aaee826495cf76dbf593
SHA5121a93774490a5459b341efcb2073e7bb43143e486b1a2cbb3793cc42cf31d4adc4537595a75c0da5a2d9903e1c953275259ae4e5963c661be47abb30d45154b0e
-
Filesize
13KB
MD53ed7852b2d30a01ed9017a04f7bce02e
SHA1293d4179c6069590fc13c57a22cf1ec7b7dde835
SHA25696aa7f189f4ee2fa56553a962de75e46e74b0302e0c5a93f43546fa56e0b611b
SHA512f6f12fe995d9330f1bb3dc4da425222ec267015cf213e4eab3515fd1c190dda2552a207a2a41b1882f4de3cb42cdf2a3d61c7b4f8f567af35f80981c802ccd5f
-
Filesize
8KB
MD5061cb8ce129fc221c9a0c869b0732361
SHA17fe74ca6a68d9cc1e80e6897a0010ad09e412210
SHA2563582e51406f7de9c5db0279b55e91e835faa15ec7440034f13be782dcf31090d
SHA512f28805bcb66eeae8374d8748504437b798b5080cc858808ee0bc8e095a74bc6e23cfd1f768a96101bbb5fc9d7aa8a975de5e8a31a064ab969ea89c9d9a4777a3
-
Filesize
8KB
MD56c26fa6a654fefc3e31392703f0af88d
SHA1a430e379caf20bc34575e9ba02ffc2687cecf18d
SHA25644ffa4ea2670709298b1bee0bd4ce54bb4d1f8e9d044b8bfc4f9383f7719b6e4
SHA512343d5a0b68eb87c2683792d91a4eb0a2794f5ba953a4170545ca28309411cea65bb36eb80ef3288ec278b310244c84c6a2bbcff88b3dddd85994f2644765cdb0