Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
388s -
max time network
385s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
09/05/2024, 05:59
General
-
Target
https://www.sendspace.com/pro/dl/x1wf1p
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 32 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.sendspace.com/pro/dl/x1wf1p"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.sendspace.com/pro/dl/x1wf1p2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.0.374694216\247380959" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1476 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f884438-8970-4a57-8aba-0b724350fa0e} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 1812 1d87edd2e58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.1.923830013\1708703699" -parentBuildID 20221007134813 -prefsHandle 2176 -prefMapHandle 2172 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6f08dd9-0edc-473a-bb57-5ff62d6ae541} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 2188 1d8001c3e58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.2.2125273564\379861584" -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 2744 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7924fba7-289a-4f26-afa1-77205309bfd8} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 3088 1d80313c858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.3.168718531\659660826" -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3560 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6877151-9c03-409c-a267-64aeff106966} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 3628 1d803f9fe58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.4.1871770454\508493874" -childID 3 -isForBrowser -prefsHandle 4684 -prefMapHandle 4668 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20cc1321-1d9d-44f9-8527-f60ea718bab1} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 4708 1d8036f1358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.5.1284362419\198389195" -childID 4 -isForBrowser -prefsHandle 4848 -prefMapHandle 4852 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd7c8835-5a4f-41cf-a1eb-9b26f6fb383c} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 4840 1d805954258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3484.6.1964926916\673166024" -childID 5 -isForBrowser -prefsHandle 5044 -prefMapHandle 5048 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3da6eb77-eb55-473f-bdff-19495daffcc8} 3484 "\\.\pipe\gecko-crash-server-pipe.3484" 4932 1d806a8b758 tab3⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\INVOICE-VBDSJ09HSJA.svg1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:692 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD5e74d7f23f39430d89ee44772270487bc
SHA19ce7c780f494104bf86de6bdd9ceb87e5d2581a5
SHA256a177311aefad9d1282f5d6a54d29879142fa9b31b45c570813d009aee31cecb3
SHA51259321c277001415390879503234f4601730c0e8bf3b294ac499cd33802dbecb401f3541e6209ec808d6656f0f447329a5d6571843da0d884a3b95b9b0d1513e5
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
Filesize
7KB
MD562ca7ad82b453b6dcb822cdba37b4526
SHA1d9bb189e50c35d498cac5d359074c0363a26dbac
SHA256b2875a6cd68939e520380c791d9ff5a680be3a0c95f79748b1aeff7686d61e3f
SHA512c3c4736a4768ecd6d8c2759e40343a4efc60d05453cc86123d7404709f57900e3078b8c03d87daa67200075ae2e18a6c677b024b7d5c12e3a634720b8c27f0d8
-
Filesize
216B
MD5dbd65bb61d8045ad6b4dcbfcfcb4a4d6
SHA1c0d1bab5e0181852a6b0fd48e18c29e8433dab52
SHA256dba797492d99273bf17b85f9b9196e923e473b0d3f73cbfd2a6235326ef17a32
SHA512cec85743c431a4d8020451378753f9be4777f3b2726155899e996f9fdb8c5a9e54914731746825e7550987de9042c641bfd67d80fbabc354270cc89e729321d3
-
Filesize
2KB
MD5f354d584bf8917f8673ca3623094fb39
SHA1af7bff2bd2a926bfb2c479550832bc90dac9d5b1
SHA256326a0122bc7a3b64469699f2d98bc247ec6b91964b316ed4017b9c41cbe26bd4
SHA5121477e3532889bc5b1e420ffc9d625f1ef05933bb0a1a4b519d9e69cd37cab148dbf86c375ed04b796d14e21efee0a060b3f30be60d0e7fc1cf6c0d2673f027ad
-
Filesize
9KB
MD58f067140207393e581e28dd37f838e6a
SHA1bb73362d6e25fcb297059703eb8e9096e59ca469
SHA2562dd0aa922b4a52a2faea7679b5ec4f57d2022f31a51fbafaaee19f5fe556322a
SHA5121973f61b32fab43562226f7de171664d6ea8bf60223b92b189106c39f136641e5595b04a27660e189e625467a5d9d8565ffb278bba6ed4394c9f1e2cc4aa243a
-
Filesize
746B
MD50440598bf7ff8544d7fe51814eb5f25d
SHA1a017fb619f95109df1b58fb9ade07d6b2127a371
SHA25658db92a704f65c53a8f0f2a037007364a268421527e66318b8780e584a6c6f09
SHA5126deb3951d859cc19b049b5502c72a7bf2b6fe6b9d8b497bc7a8c0b9728ba9738dec1b12e39c6b231d7d9bd7a2f27595c972e72504adf9eb955c08561757e326f
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
10KB
MD52981ce60a25e96d65255f7f7446e1497
SHA1ce1ec6c314ca1df2e5ce4eba3c86ce404776a098
SHA2569f693cc5013c22dd9cd9e97095e1f2a1070fa3e8e4275b81333702a4d0392c22
SHA512a8304efdf63849e9e20a4c31121fc21d12beb8d6325bb2fc631a974c39a6b9700db98c71a961a1f7b2f3ee6caa15e93d2b6c9c23d63fe85c02a296d881f56537
-
Filesize
10KB
MD515a59b8da3b1205f1db342a5e4563868
SHA12642fb7a9b545392fd14b6f8b649c798d0e44bbe
SHA25615a60c2eabee2c8f8bf388797856ebb489b01dd3cc3043e86b8e8a70edd67195
SHA512aa3cc586c1c21ba36e595b4fc41763151168a39f3f1b00071368a98cd50c54117b11a2412af5b998e3520f29be2704b247e4ddd7442f8a0f365f2860a49b32e2
-
Filesize
9KB
MD59897d48ab6f7774475600a9054d28587
SHA155c1234e2fb0b1b66e126321d36222d1aa8b3be2
SHA256b8d366fa073c78a96c018fe78aa92c6b81ddee3a7662d46017c61a16a3e793f5
SHA51227a2dd82f5e039d4efa6f29be5e0dc9e3c0ca1bbfe35c7324324b44d61eb3583ab8b84ba0cefa6ea14de154b41f7964c5b32d25147229fd262d1e8d4bf641094
-
Filesize
6KB
MD5b976427c275dd2c9d91a85c2ce594459
SHA175131241e91b1b7be95195b43717c19883dddfcb
SHA256d1d5adfc96948ced4cd5e21f1f507a7e25c215306cc04917de3b6051742a6567
SHA5129eaf4418a583f35f9eaf1596564e235fc2c60b8bbcb23c9c28824a2444f5adba747e83739d4187fb29fc0b16a04864e8c5715bfb770f7a67a04c9e6a0d865747
-
Filesize
6KB
MD594ddc6e4e1d69e624a89281c2ed528d7
SHA1f2c188b5567c4c232a5f05943380f080f66c211d
SHA2566b9dfc3fe1f585488c3a70fd98bc545f141a034b8d9652052c51d7a8e7303102
SHA51247c013ad26fed5f41316173efa033660f22856a35335b93aaab58aaa76413fff177e0d49a6a6c03a8d41c85fb4e1f6b5648b78cf5abd98558d7de01bd8f6ede3
-
Filesize
6KB
MD5050858f70a1ce3019afee79b6ad29305
SHA1ced7cd5412e202fe23487a3aa5e0b94964996743
SHA256834ca6c6551074bae3042b41b70f8524c204456e454e17c846893166d2dcda3f
SHA5125b0c819f1e1dc86b6560138afc82c65f53d5e14370fdefc5e0ade5b5a31fbfea03bab8024eef475869453485fe6495ed136dac8ebe695c42b9dc84b5f65125f1
-
Filesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
Filesize
1KB
MD5a21c3da883a41fe3b374a9e6fa08af6d
SHA122df423ac03a671c883bb2bd1ba0424e06119d2e
SHA256e5c4a7f9c220dd46f2cd4e74fab7f408114bd894a2a6d4c5faad75666f3f81ff
SHA5125fa1bcab1b51134fe56927df38cfdce8a97146f9464e570165edb6fb65c30d25dfd0b157701cffb8a7e3decc74a1d2c0c0b3968b3ad1f7a71a0a367915b9768b
-
Filesize
1KB
MD5afa09b2d4bfe7c8f0fb85d73df03e5d5
SHA1d94b226bc1a10097738de08124a1d4ce4aa1ce34
SHA256edf06f78b4b3e6f1dc63804f5e0365f2dfc9681ed86f58cfe0c3cd7ec3448947
SHA512244ac7f6aee933d0ddb58a44922e9fe7c99c06432a29a725e27b61494a92aef65cb78aa9b3849a6b898f546dc38ce36fb4b6be20bc632be73dea4a82a9552cd1
-
Filesize
7.7MB
MD5f108c94a85665bdf37a37ed7b1ae4f28
SHA1536b88ddfd21cc8aed94e361ab2a6bbf6a3ac383
SHA256688ed0e81cd83535f4c9b5489b0ab20eaa08100b3644fc31551b5d9862496f83
SHA51272abef903a1510d96d5aba8634e099b7bd862cc19322da7bb943b5e5e77533e25767a6532d99a24264fb2dbbdb56e601d7337daa327de1b5fe6af89082547759
-
Filesize
3KB
MD5d2d89f4c6b6036c9bca736ad23dba6c1
SHA18e9349709d193992fe181d561b17648f1e807741
SHA25665b6bf264d87cefaeb6e9fa0b7889d08273f278c79de73fdfc3fb57cd463d71f
SHA5127427d2a9160eba80c242d6b1ccf6dd283e4a852153bd7b387e2f4404b43872b73455dc0fe923e7bfdc78843098f4df55996d13e2db721913f5c60c618b708e7e
-
Filesize
141B
MD51995825c748914809df775643764920f
SHA155c55d77bb712d2d831996344f0a1b3e0b7ff98a
SHA25687835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776
SHA512c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c
-
Filesize
1KB
MD5c17bd6c58592d3b13f76acb6970c80e1
SHA1051d65f29593c51312cc817218b48bead50652db
SHA25698582e229fcb702fe2593db6acdb0e9481efcf8fab541ccf96ecb034b58a540d
SHA5122953063f58b0930b282ab8beedbca1332a68481d6701a56b79cc914aaac4d035f675649aa7c5eb527568e7415328f2f8e076f2b3cf1ce651e026d5635178388a
