Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

IMG_202405...38.jpg

windows10-1703-x64

3

Analysis

  • max time kernel
    44s
  • max time network
    46s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08/05/2024, 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IMG_20240506_133638.jpg

  • Size

    101KB

  • MD5

    2ea0a63614b48dc51d99db80504f3430

  • SHA1

    27204bab261edd845a3078ede4fb13d31f339239

  • SHA256

    2c4b0391bd6a5e3b3bdffd86266ff3819a4a06b45b56017aa5f1e7fe1deceb15

  • SHA512

    610cef94203402157753fa13dc9e5c4033a1be1f6d441a52ceff4b3d09e7a624582b4c403f63d567babff82428159c17194a9375c6df046b6901da42a2227c51

  • SSDEEP

    1536:d0CRlfzhNGdrMI11gvY9txrhxQx1CBAGNVe5RRoKklaJNLdhaQTNMYwkiIWRxG79:zlfgLzPQj4KNZnNMYHYRxG7XN

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\IMG_20240506_133638.jpg
    1⤵
      PID:4384
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1624
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3780
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.0.469517323\55339271" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f991c94d-5238-49e4-9ecf-05825a687e84} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 1780 1eb763d7358 gpu
          3⤵
            PID:4340
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.1.1568395773\1013563836" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d487be9-a44e-43b2-bfb8-dea2e4466eeb} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 2120 1eb63f72258 socket
            3⤵
            • Checks processor information in registry
            PID:2284
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.2.1516559941\1054867576" -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 2964 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {315a959a-2540-4104-9c85-eca399ba4efc} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 2980 1eb79b71a58 tab
            3⤵
              PID:3516
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.3.526612116\559458125" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6ff49f2-20d8-4d89-a63c-b6f92e387a7d} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 3576 1eb63f68758 tab
              3⤵
                PID:3316
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.4.2099830564\713084487" -childID 3 -isForBrowser -prefsHandle 4100 -prefMapHandle 4092 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fb75d4c-5b33-4874-974f-a059ccb32053} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 4112 1eb7c0b2258 tab
                3⤵
                  PID:4088
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.5.612566157\865490547" -childID 4 -isForBrowser -prefsHandle 4924 -prefMapHandle 4928 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6622c2de-65e9-4cd9-9553-b31f5ae81f41} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 4948 1eb79f8c258 tab
                  3⤵
                    PID:1124
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.6.660314341\142967488" -childID 5 -isForBrowser -prefsHandle 4992 -prefMapHandle 4996 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7805b102-1b87-49aa-a4bc-81515b9e88a8} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 4984 1eb79f8dd58 tab
                    3⤵
                      PID:4388
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.7.788704638\47303747" -childID 6 -isForBrowser -prefsHandle 4776 -prefMapHandle 4768 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a9b7fa2-9ebd-4355-868f-d2562b3784f9} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 4960 1eb79f8d158 tab
                      3⤵
                        PID:8
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3780.8.1747689934\1868068396" -childID 7 -isForBrowser -prefsHandle 4476 -prefMapHandle 5392 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1364 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53867616-b09f-48c2-8adb-bbcd594eb5a0} 3780 "\\.\pipe\gecko-crash-server-pipe.3780" 2536 1eb768cd258 tab
                        3⤵
                          PID:924

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      e7c157be5f6114e73fc12791dbc62fed

                      SHA1

                      f203f2f591b5e72308e6ee7c085dd2e545cb7d48

                      SHA256

                      f49117badab338dfd9a7cdff14d77cedb0f9e3296ff86f229a11fcc2c5363c10

                      SHA512

                      7d5c7d6a2fb0813990cff9b89d2fef727eadc5975c15f1b838bfe911d22f7b793c9cb16ee58e85199b7d0285835de7fa6fa04636d6f35cee601f7c21320d5f25

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\037c0503-ffbf-45d4-9e7d-2aa4854af3ca
                      Filesize

                      746B

                      MD5

                      133c8b1a23d28d44b42d103e750539a6

                      SHA1

                      d2f18fa2a3e5f78d9df0954c2c94e10c9254cede

                      SHA256

                      9c3f39fe5f4c2023b68efa636f9e2b64477a2c65bb8242f8afe598b60c0eda7b

                      SHA512

                      14007def4fafdfa991ed7fa9ec675550d162d1f1c849149fe23bfe8573ee52f24c0492db7aab7e0f3b3bf26c4bed04f6ff40ebc4da5552ca92a74363c2273b8f

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\4e93f0ac-f2f3-4a54-9590-7ff60f5bf817
                      Filesize

                      10KB

                      MD5

                      7ceeb33ba2dc4188562c1253a19f8edb

                      SHA1

                      b19de878fbfac8113b48b909cc2a8ba8067a0f57

                      SHA256

                      e59e73bc330d60bce8ffe99c23820d471dde8a0a173050647d06aaf08f436f80

                      SHA512

                      17cf292c0672b5d09b76ef6ade2c1d206336f24bb66b7f25d4deb9d2c678c470a1edb66c35e01c687902b3657d32ad1239faa0fe9207566e600d2a584d3af176

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      9df788f3a47b984f52fe6ab120de614d

                      SHA1

                      8ef264b6cfe1702f81d37d2a2bb714047034344c

                      SHA256

                      06197f165be3f1ec833b52a06534be5815e9d6a11b5d8f0132e4a154cb650ed4

                      SHA512

                      8b79b55b89ac7f24e8929b5eda3c086fb314c34ae2bb63619b81d49e72944c2ce5643e4f1daedd7c2369ac8cf43f0577f0124b8f807d61625a7e097fd23a30a9

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      153910df3d967d2a36420b7b57cf70c3

                      SHA1

                      fd0a319cfaac1615f182c31959cb222f51359512

                      SHA256

                      dd76b5ade627f6beeb5828fda1e7d4b680c3d7b04a40eef331a16be189a75043

                      SHA512

                      d32179821b60e26ad353a365dda59f41e427d1a185000fef89aeb4d460f3f473727690c7fb3b0185de20a1d3360255e8c1c7744e3d50c918153605cfbb613e15

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      bc424a250ef1a06405a9f8c5836a44cc

                      SHA1

                      cddb336425989035b5923549f4b6fc793ef54683

                      SHA256

                      1919fd982f77b8f62eb0447a71c757614749b8b7f515e03e5d6c9a04b8037630

                      SHA512

                      a7e56798d2da07b27040ceaaff5d063100372589728d1f1513b5a9b57d3f1fa8d9384356de36f3226ff8277f21fcaaeca07d0c92c9dc3d812f87b5bd63fd1a4b

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      5decaeaa4eadcf188dad5ef0a8e24de8

                      SHA1

                      8d2e94a8ab1f76ee0a434a2cba9b02c4fa230778

                      SHA256

                      f828e797d791bf89f1c345943f204557117c5d1a5f74d6aba17b3bfa434e70fb

                      SHA512

                      fc89cc4438a8113ed4db0378fd0633e205f2dc0e3c4486f4f8b67b32cf86e272897c9ebe40fa47c971c1270de9fab7bd875731ba13a7b7b704ad6f2eaee6bfcc

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4
                      Filesize

                      4KB

                      MD5

                      19dd6bfb5972f7931f245b8cd0cda95d

                      SHA1

                      dd9d203471e53ab7f29e602a687daa925e0044ae

                      SHA256

                      805dc4b0db115b356ac41810ad62e02033cbf25df8d49510d3cf4d5e6d0424b3

                      SHA512

                      2a2b7e8191f1b222c82c202b1478873439bf5c2aa5fa6a6ab7a88a88db818065d6d0daa0ac371d52bba8b39142e03e552747882e061ef9b1815da6f6edc0b8dc

                      Download Submit