Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

ModrinthMa...er.exe

windows7-x64

1

ModrinthMa...er.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    125s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 18:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ModrinthMalwareScanner.exe

  • Size

    5.6MB

  • MD5

    5bc1df4069f962e9d1c390120c846452

  • SHA1

    021c5064a905ee8cc84885d19aeef4dbba5e7e20

  • SHA256

    a62cb27be3cb54a9b112b1d1050744038db42f4f3426d000b119b307bf2bf93c

  • SHA512

    a07301135f019c8e09d189e58ff2c4c5feb145528e5a9e9af68fc1ea3b0c2af1f0ed1e233ea25bf035b9c28ed4f1b70e3f809563c7bcf84cd0e9f0db9b3776ee

  • SSDEEP

    49152:PGmS+T5Orr1RS5RiGd8P59SNS4jjJUoZf5116lcDrP+Z0AJP2VGjn0pjHS3DQkQY:P8HSIyFUEGlcDLDAdYGjn0pj/5BhbNQ

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 14 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\ModrinthMalwareScanner.exe
    "C:\Users\Admin\AppData\Local\Temp\ModrinthMalwareScanner.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2644
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ExitDebug.mp4v"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2984
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4284
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4284.0.593439977\967614641" -parentBuildID 20230214051806 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a0326fc-ae4a-4210-b908-08b4dbcc504c} 4284 "\\.\pipe\gecko-crash-server-pipe.4284" 1820 2a135109858 gpu
        3⤵
          PID:2340
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4284.1.1131677603\733511917" -parentBuildID 20230214051806 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {431367d2-4339-45d3-abed-a74ec5156455} 4284 "\\.\pipe\gecko-crash-server-pipe.4284" 2392 2a128488758 socket
          3⤵
          • Checks processor information in registry
          PID:4660
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4284.2.222198229\1863944525" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 2900 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6608fdcf-2f98-4aa8-b63b-a69cf536da65} 4284 "\\.\pipe\gecko-crash-server-pipe.4284" 3024 2a137f13258 tab
          3⤵
            PID:1556
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4284.3.1426719905\219754787" -childID 2 -isForBrowser -prefsHandle 3700 -prefMapHandle 3696 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3a72670-0413-4b90-92f6-eeecb98edac2} 4284 "\\.\pipe\gecko-crash-server-pipe.4284" 3596 2a128479f58 tab
            3⤵
              PID:1908
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4284.4.1576599138\162059148" -childID 3 -isForBrowser -prefsHandle 4988 -prefMapHandle 4984 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4b1739e-560b-4d59-af1f-b313a7232923} 4284 "\\.\pipe\gecko-crash-server-pipe.4284" 4968 2a13ac25558 tab
              3⤵
                PID:3680
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4284.5.1243535542\592583451" -childID 4 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ccccd8c-c5c0-4710-a5ab-4261cd59f94f} 4284 "\\.\pipe\gecko-crash-server-pipe.4284" 5004 2a13bb16858 tab
                3⤵
                  PID:3264
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4284.6.1250397206\742220175" -childID 5 -isForBrowser -prefsHandle 5332 -prefMapHandle 5340 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c63431b-c07b-4215-adda-bac4baca29bb} 4284 "\\.\pipe\gecko-crash-server-pipe.4284" 5320 2a13bb17458 tab
                  3⤵
                    PID:4184
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4284.7.1445346717\332937557" -childID 6 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5c9b575-b595-4155-a09c-0ebbf49afd67} 4284 "\\.\pipe\gecko-crash-server-pipe.4284" 5380 2a13de3e058 tab
                    3⤵
                      PID:1344
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4284.8.1793776583\1779622983" -childID 7 -isForBrowser -prefsHandle 6020 -prefMapHandle 5964 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45da1cdf-54eb-4a24-bcff-e5814e0ffd26} 4284 "\\.\pipe\gecko-crash-server-pipe.4284" 6028 2a13df89558 tab
                      3⤵
                        PID:4848
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4284.9.430808558\158163346" -parentBuildID 20230214051806 -prefsHandle 6224 -prefMapHandle 6228 -prefsLen 27776 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4335da88-173a-4d26-8420-24d1fad7d0b2} 4284 "\\.\pipe\gecko-crash-server-pipe.4284" 6244 2a13de58958 rdd
                        3⤵
                          PID:3236
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4284.10.83473293\1166120842" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 6232 -prefMapHandle 6220 -prefsLen 27776 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66c12ce2-7ae4-49aa-aa50-bbbdae510a12} 4284 "\\.\pipe\gecko-crash-server-pipe.4284" 6264 2a13de58c58 utility
                          3⤵
                            PID:2024
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4284.11.1216743406\1849770053" -childID 8 -isForBrowser -prefsHandle 6700 -prefMapHandle 6640 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0adb4dfa-fc63-4eaa-85d8-04526ea712e9} 4284 "\\.\pipe\gecko-crash-server-pipe.4284" 6704 2a13ac0a258 tab
                            3⤵
                              PID:5164
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4284.12.867365434\459734576" -childID 9 -isForBrowser -prefsHandle 5052 -prefMapHandle 5056 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {872451aa-1960-45a4-b6d5-fe460d516880} 4284 "\\.\pipe\gecko-crash-server-pipe.4284" 5044 2a13ac09c58 tab
                              3⤵
                                PID:2100
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4284.13.2123263911\1753633280" -childID 10 -isForBrowser -prefsHandle 5252 -prefMapHandle 5228 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1308 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c58630a4-a110-438a-93f7-b1f7c7836807} 4284 "\\.\pipe\gecko-crash-server-pipe.4284" 5668 2a13ac22258 tab
                                3⤵
                                  PID:5152

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\activity-stream.discovery_stream.json.tmp
                              Filesize

                              23KB

                              MD5

                              dc12e52a5e398538b52bd4d4475ab261

                              SHA1

                              a93e96073871cd1e5390616c154e60fed6d14277

                              SHA256

                              9df8512cb97fbe8ecbe80b2dd00272c1653e256c82ed0fcc991faffe2c31e97a

                              SHA512

                              ffc150e9af49044a9ac071a0be7577fdec16dab2c1445e6a487593bd9928869c7fe391233cf97be044500e6055555bba0d6878015e42d5b6b4ea4e5d9d011c72

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\activity-stream.discovery_stream.json.tmp
                              Filesize

                              23KB

                              MD5

                              3b1ac6f1590783fe3df7c8dc3632f80c

                              SHA1

                              1bbeb4b33f15508b5de2074776cb981f4e988ec3

                              SHA256

                              4086fe32b3bd96ed0ef08829ccaa8f9a8adfed13e93019e8b53f27e298d45a1d

                              SHA512

                              3522a4bb0b4e8778bda238bd5e442fab63120cb87e99763b1a04f5a87c44c59224906f90d3805763bfdc8c27dbcfc41aedc2a12b81202decb7664482f7063571

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              85ff868ab566853cbdc035b305df7323

                              SHA1

                              ee5c27da1cad12b43d3c76a6170d8b820f732349

                              SHA256

                              c3d1063d0e72ddd440a09a664584f694ccb1518fa3a96ae4d45bd5642ea59b84

                              SHA512

                              0f7d9facc9af0c0f387e4ef89f71aab793b0679059ccb40a85cd24d0f31cafc2ec77bc51568a58152f5370aefce96db707c29106fc3fe3d2260013f9c212ae53

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js
                              Filesize

                              6KB

                              MD5

                              0a23e43699825b5683cf8e4bebfcba99

                              SHA1

                              33336a304664480a6a99c2f2910e132f5bf4240b

                              SHA256

                              574f8e8ee765f0913438077a5058157a047a5a3fde3160d93ac817580004f395

                              SHA512

                              dac34e1f846a448c10d78d9a85729da48c103a306975ffa66765956f19a3df7f4c36f8b8411ac2daea8464e4897bc80fe7152304e87a4b657236b54b99374012

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              1KB

                              MD5

                              4994cc3825f4741e80cad719dbcc7f71

                              SHA1

                              fdf62663d1f5fc4729d328dc48a325df043605bc

                              SHA256

                              92671316aa8e22c0a3f4a1715558009498f62dbe2406aa3915e2a29e6e69fe32

                              SHA512

                              6c544361328f42470219ea9271f253b23b9788592e03f811bbbe87160aff0f3259d4f08cd4c2d7473df30fa807206aa369c27ba88af7f9ef535530115d64b8f5

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore.jsonlz4
                              Filesize

                              6KB

                              MD5

                              eae274a4d8faa86a489a4a413def606f

                              SHA1

                              c69e8160904a6406a74e09b3fd7f8d6a9f85cbd1

                              SHA256

                              708578a8e25ea77f5e705fd04da7090f108b3f0ec8f1374e8b7924f06a49817d

                              SHA512

                              fbf12d7cff4bcbb612831d926047527ae7748eca0d29050da537bef85384f76e7d8bfc13c987bae06442d50c4580a895464d9c389746fbf006b304808cfb8c8a

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\storage\default\https+++www.youtube.com\cache\morgue\67\{6bbecbfe-bda5-4ef5-96cd-24012d37d443}.final
                              Filesize

                              192B

                              MD5

                              2a252393b98be6348c4ba18003cc3471

                              SHA1

                              40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

                              SHA256

                              04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

                              SHA512

                              07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\storage\default\https+++www.youtube.com\idb\4096906028yCt7-%iCt7-%r1e2s2p7o.sqlite
                              Filesize

                              48KB

                              MD5

                              07abf73b72955233e35f97c8326aaf95

                              SHA1

                              85e06a24576cc5df283556914b076629b3a97c50

                              SHA256

                              7c41e604d3f3da616cebc8dc0c3e17092fd43c730ceaf694dba0fc8177e98ee7

                              SHA512

                              f0e068281378c4a5fafa8ace38eba262a4dbd149206d57873348eec3549f439ee12f4f339692ee616f3703e564d7cee6ebc1cd079d0ee6474728137935100204

                              Download Submit

                            • memory/2984-13-0x00007FFAEA210000-0x00007FFAEA244000-memory.dmp

                              Filesize

                              208KB

                              Download

                            • memory/2984-12-0x00007FF743E10000-0x00007FF743F08000-memory.dmp

                              Filesize

                              992KB

                              Download

                            • memory/2984-14-0x00007FFADA5E0000-0x00007FFADA896000-memory.dmp

                              Filesize

                              2.7MB

                              Download

                            • memory/2984-15-0x00007FFAD8BC0000-0x00007FFAD9C70000-memory.dmp

                              Filesize

                              16.7MB

                              Download