Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

pagefile.7z

windows7-x64

3

pagefile.7z

windows10-1703-x64

3

pagefile.7z

windows10-2004-x64

3

pagefile.7z

windows11-21h2-x64

3

pagefile.7z

android-10-x64

pagefile.7z

android-11-x64

pagefile.7z

android-13-x64

pagefile.7z

android-9-x86

pagefile.7z

macos-10.15-amd64

4

pagefile.7z

debian-12-armhf

pagefile.7z

debian-12-mipsel

pagefile.7z

debian-9-armhf

pagefile.7z

debian-9-mips

pagefile.7z

debian-9-mipsel

pagefile.7z

ubuntu-18.04-amd64

pagefile.7z

ubuntu-20.04-amd64

pagefile.sys

windows7-x64

3

pagefile.sys

windows10-1703-x64

3

pagefile.sys

windows10-2004-x64

3

pagefile.sys

windows11-21h2-x64

3

pagefile.sys

android-10-x64

pagefile.sys

android-11-x64

pagefile.sys

android-13-x64

pagefile.sys

android-9-x86

pagefile.sys

macos-10.15-amd64

4

pagefile.sys

debian-12-armhf

pagefile.sys

debian-12-mipsel

pagefile.sys

debian-9-armhf

pagefile.sys

debian-9-mips

pagefile.sys

debian-9-mipsel

pagefile.sys

ubuntu-18.04-amd64

pagefile.sys

ubuntu-20.04-amd64

Resubmissions

21/05/2024, 00:50

240521-a7ax3sdb7s 4

21/05/2024, 00:49

240521-a6nsjsdb5s 1

Analysis

  • max time kernel
    613s
  • max time network
    1588s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21/05/2024, 00:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pagefile.7z

  • Size

    79.4MB

  • MD5

    ecda4d60df1dd5a867f94f75076103ea

  • SHA1

    e9e4c67cd80950f418e17ccecf699ba3e70b9201

  • SHA256

    b4b96e61980599af727294cc05e85675e789f872b5c42346096f422c118de084

  • SHA512

    f2f9f34158966a42e8ced2684c8febfb72973636d2e662fa4b80c2c2edec51cb0285e7a0f097fb38d8adbce2fb6b718d09a0ee015c5875d369783570a3d07133

  • SSDEEP

    1572864:3qzvGjsfKKocul6DRJMawJIjK6QD//fB4cGLlR8v7qFrohUxt:30vA8KKo36DMbF603fBzKm7qFP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of SetWindowsHookEx 31 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\pagefile.7z
    1⤵
    • Modifies registry class
    PID:4176
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4576
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\pagefile.7z"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5076
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\pagefile.7z
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:204
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.0.1211070746\1537363916" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1704 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {673f686a-5f7d-4d3d-ba93-4b8d966e0cd5} 204 "\\.\pipe\gecko-crash-server-pipe.204" 1680 26e6e205e58 gpu
          4⤵
            PID:2208
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.1.843721164\2046504232" -parentBuildID 20221007134813 -prefsHandle 2160 -prefMapHandle 2152 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dac1a4ba-51a6-426e-9827-06bf6cecac72} 204 "\\.\pipe\gecko-crash-server-pipe.204" 2172 26e5ab73858 socket
            4⤵
            • Checks processor information in registry
            PID:4104
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.2.242377595\587891987" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2952 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e915d00f-c210-49cc-9303-6a0864d37119} 204 "\\.\pipe\gecko-crash-server-pipe.204" 2944 26e712d8b58 tab
            4⤵
              PID:2192
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.3.1228302131\1797576054" -childID 2 -isForBrowser -prefsHandle 3292 -prefMapHandle 3288 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {12a02b3c-466a-4ea1-8113-4d5c7a48d8be} 204 "\\.\pipe\gecko-crash-server-pipe.204" 3324 26e6f6a1358 tab
              4⤵
                PID:1428
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.4.1552925244\940600336" -childID 3 -isForBrowser -prefsHandle 4968 -prefMapHandle 4944 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9f743f7-7be5-4953-b33f-741040bf8046} 204 "\\.\pipe\gecko-crash-server-pipe.204" 4980 26e712d7658 tab
                4⤵
                  PID:1956
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.5.1227333994\109027515" -childID 4 -isForBrowser -prefsHandle 5116 -prefMapHandle 5000 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a38900ab-65d8-42d2-a959-a1a0155750e4} 204 "\\.\pipe\gecko-crash-server-pipe.204" 5104 26e72c8b958 tab
                  4⤵
                    PID:3132
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.6.1625037180\50457887" -childID 5 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab6da9e9-1a1b-4364-9291-cbbfb643437a} 204 "\\.\pipe\gecko-crash-server-pipe.204" 5300 26e73551058 tab
                    4⤵
                      PID:520
              • C:\Program Files\VideoLAN\VLC\vlc.exe
                "C:\Program Files\VideoLAN\VLC\vlc.exe" C:\Users\Admin\AppData\Local\Temp\pagefile.7z
                1⤵
                • Suspicious behavior: AddClipboardFormatListener
                • Suspicious behavior: GetForegroundWindowSpam
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SendNotifyMessage
                • Suspicious use of SetWindowsHookEx
                PID:2624

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                Filesize

                9KB

                MD5

                53e45eca6bdc032b6fb905cd5c1a6fd3

                SHA1

                13f6922fbbb58cae09f908151ea950cf442fde2a

                SHA256

                25c944a373f49da640ce8728aee38b6249245054707c3df74ab473187038c215

                SHA512

                39e55d1cc86e2d1394228b09631181e05c77c0e40d54c5ec0e89cf57d7095e89559ad242b2d4a368dabc686d4e2b8503fc6af039c422072fa78c99614373822f

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\866cbe70-c9e5-45f7-bf81-6bca7b50ae89
                Filesize

                734B

                MD5

                3d5e25eedf5d73c9f4114e15d59b0741

                SHA1

                08b8e5583e15486bfbb15e7838a4c3d2625cf731

                SHA256

                8e94e2603bd4ae52087b8228574e32758405993a27de40b8ee989f17d09ba237

                SHA512

                32bfa9ce4fc2cb0829a9491a7f2d07ad1fb96bbbacb4f016087b0ce886dde03f36facc95ae941eff212cd1f684007a5e093475bf372d0072e75993cc395b899a

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                Filesize

                6KB

                MD5

                7f963b6b01646b120956b4fdc65304d3

                SHA1

                27095cda73123255cbda93c4a35ba77ca0c370a6

                SHA256

                3341ec10b467816ec60c1ed8082b2a17fe1ff02b3c58b7d288010670ebb7d3fc

                SHA512

                914024ab019339869af996f723ef75ca0f3bc1caf22296208e256938e2e8744dc99ae19f76ead38c47ce7896aa44b25fe19b93aab1bc34aba28641be01a2858b

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
                Filesize

                6KB

                MD5

                225da7fcfed72e27709abc5e39729253

                SHA1

                10e95a52b9826f74d37ebfe7d36dcfca1bc128aa

                SHA256

                8f4f8b5750dbf1fd7b05a606f1641470bd8991b5d6bb388d3b9a4b0471668c09

                SHA512

                44e43cbfa9575948cf9b2e92ad8fd2e00029aedda468f5bd39714e3bccdb499b04c09a14435e1182f4e281eda6d870a0391b420a4feb5558ead37c2ca6776004

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
                Filesize

                259B

                MD5

                e6c20f53d6714067f2b49d0e9ba8030e

                SHA1

                f516dc1084cdd8302b3e7f7167b905e603b6f04f

                SHA256

                50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

                SHA512

                462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                Filesize

                997B

                MD5

                20fe2fd36ea393c230c008653202b465

                SHA1

                ea413f9ec8002b5f66088f6ceb6c9e3ac57725a5

                SHA256

                390c40d251c4fcc39131601a8e84ac40c33b246fa33ab983b1255de87dbe9fca

                SHA512

                75d7b1f829eab67e45dee5b72fdb285c648b6ee9398ea0bcb43bf0492ab9abd6a70a25d803ccd14bd9385f9f197fa55c21fcf2a3a54d25fdda977dc5a3689e60

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
                Filesize

                639B

                MD5

                cd0c63d1eb9faaaaf05fcb3740dcd2b7

                SHA1

                964724af86cd97d5640b4f59edd784f65dff2d5e

                SHA256

                98d73ae6e1762780a2686a124001f3035ed55532d4cd85ed8f505412cfb3ea69

                SHA512

                1bfab18842eeaeeae6d28dc005a8b211401f134348ed092fb632b3c3d2bbec1d4f14260fa97c09a66081c6766075d7ffc829596ad5a9718fdc6936b648f9f1dd

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                Filesize

                184KB

                MD5

                7f868e557b098795d645df9ea302427f

                SHA1

                001f3306144559b4049a8ab139b4139f51e59c0e

                SHA256

                b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5

                SHA512

                56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a

                Download Submit

              • memory/2624-119-0x00007FFBD82C0000-0x00007FFBD82D8000-memory.dmp

                Filesize

                96KB

                Download

              • memory/2624-113-0x00007FFBD9850000-0x00007FFBD9867000-memory.dmp

                Filesize

                92KB

                Download

              • memory/2624-116-0x00007FFBCC2E0000-0x00007FFBCC4EB000-memory.dmp

                Filesize

                2.0MB

                Download

              • memory/2624-124-0x00007FFBCC210000-0x00007FFBCC221000-memory.dmp

                Filesize

                68KB

                Download

              • memory/2624-123-0x00007FFBCC230000-0x00007FFBCC24B000-memory.dmp

                Filesize

                108KB

                Download

              • memory/2624-122-0x00007FFBCC250000-0x00007FFBCC261000-memory.dmp

                Filesize

                68KB

                Download

              • memory/2624-121-0x00007FFBCC270000-0x00007FFBCC281000-memory.dmp

                Filesize

                68KB

                Download

              • memory/2624-120-0x00007FFBCC290000-0x00007FFBCC2A1000-memory.dmp

                Filesize

                68KB

                Download

              • memory/2624-109-0x00007FFBCC4F0000-0x00007FFBCC7A6000-memory.dmp

                Filesize

                2.7MB

                Download

              • memory/2624-118-0x00007FFBCC2B0000-0x00007FFBCC2D1000-memory.dmp

                Filesize

                132KB

                Download

              • memory/2624-117-0x00007FFBD8240000-0x00007FFBD8281000-memory.dmp

                Filesize

                260KB

                Download

              • memory/2624-114-0x00007FFBD8300000-0x00007FFBD831D000-memory.dmp

                Filesize

                116KB

                Download

              • memory/2624-112-0x00007FFBD9870000-0x00007FFBD9881000-memory.dmp

                Filesize

                68KB

                Download

              • memory/2624-111-0x00007FFBDBA00000-0x00007FFBDBA17000-memory.dmp

                Filesize

                92KB

                Download

              • memory/2624-126-0x00007FFBCA730000-0x00007FFBCA765000-memory.dmp

                Filesize

                212KB

                Download

              • memory/2624-110-0x00007FFBDBD80000-0x00007FFBDBD98000-memory.dmp

                Filesize

                96KB

                Download

              • memory/2624-125-0x00007FFBCB160000-0x00007FFBCC210000-memory.dmp

                Filesize

                16.7MB

                Download

              • memory/2624-115-0x00007FFBD82E0000-0x00007FFBD82F1000-memory.dmp

                Filesize

                68KB

                Download

              • memory/2624-146-0x00007FFBD9890000-0x00007FFBD98C4000-memory.dmp

                Filesize

                208KB

                Download

              • memory/2624-147-0x00007FFBCC4F0000-0x00007FFBCC7A6000-memory.dmp

                Filesize

                2.7MB

                Download

              • memory/2624-145-0x00007FF7977B0000-0x00007FF7978A8000-memory.dmp

                Filesize

                992KB

                Download

              • memory/2624-148-0x00007FFBCB160000-0x00007FFBCC210000-memory.dmp

                Filesize

                16.7MB

                Download

              • memory/2624-107-0x00007FF7977B0000-0x00007FF7978A8000-memory.dmp

                Filesize

                992KB

                Download

              • memory/2624-108-0x00007FFBD9890000-0x00007FFBD98C4000-memory.dmp

                Filesize

                208KB

                Download