Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

SY40iA.html

windows7-x64

1

SY40iA.html

windows10-2004-x64

1

Analysis

  • max time kernel
    8s
  • max time network
    4s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/06/2024, 19:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SY40iA.html

  • Size

    504B

  • MD5

    e0363a8c4b776ad4ac2c554f3da045e7

  • SHA1

    e4884cfe52382fe63e5b64636c054d80f39a948a

  • SHA256

    1a3bf6a6e9f28d5ed4cfd2796b07c61765667f5f1b71de6e5bb7e75ec13ab496

  • SHA512

    409730866ec94b44597f645d1d309ee5aacd27467bef82ac76d0dbd4a918f6f09f5b5302251487fdd4bf100a24eeceb1fb01346f148d3d1f6723f311702ecced

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\SY40iA.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\SY40iA.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2868
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.0.1586118115\690237403" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0c2e5a2-6c94-4031-b5a8-2f96e582d90c} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 1284 11db4b58 gpu
        3⤵
          PID:2524
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.1.1595997544\802900880" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89058e71-978d-418c-8fbd-098998381f28} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 1504 d71d58 socket
          3⤵
            PID:2532
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.2.366510794\2170522" -childID 1 -isForBrowser -prefsHandle 2212 -prefMapHandle 2188 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35009166-a165-433e-b9b8-85b44fe4c731} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 2068 1a0cb558 tab
            3⤵
              PID:760
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.3.390876529\1684671959" -childID 2 -isForBrowser -prefsHandle 2856 -prefMapHandle 2852 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1866800f-7869-47d9-8de2-2a34e4bdc57a} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 2868 1c23f058 tab
              3⤵
                PID:3044
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.4.888499292\265524806" -childID 3 -isForBrowser -prefsHandle 3528 -prefMapHandle 3380 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {68c387bd-f3fc-470e-8ef2-a2ee26900471} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 3536 d6dd58 tab
                3⤵
                  PID:2996
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.5.912044025\1709585530" -childID 4 -isForBrowser -prefsHandle 3644 -prefMapHandle 3648 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02672d97-37ca-41b3-b03c-52332f9d8610} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 3632 1d962558 tab
                  3⤵
                    PID:1380
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.6.638950483\1476451431" -childID 5 -isForBrowser -prefsHandle 3808 -prefMapHandle 3812 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4019bcc-5fe5-4517-aa03-f7b984937694} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 3796 1ea8d858 tab
                    3⤵
                      PID:2056

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  89057b3eb29bede7e13f333968da8315

                  SHA1

                  23cf4409432e24056a38a6335a6cdea5a7408541

                  SHA256

                  035975dc73b03cb097c7458ac7d10fdeb3af8ef192deecb4a8d4f198532081ba

                  SHA512

                  f0f995a4d76770ee5b2f3cb72a879eb9e6bb991b6d2219d9f92d3d48249c6f1b7a8b16f1e11c0b58b261df0c966ef46de0e6dd9b02f78e730a78e9f38c2fdf28

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\1f80bad0-388f-43aa-8cc5-c377059f6559
                  Filesize

                  10KB

                  MD5

                  8077d365d3f65659948f0342cd6b1439

                  SHA1

                  d7a3b1d835759f114b8fe160faaa548eeb9137f7

                  SHA256

                  9f2297203d2151ab22eee46ba8da2452decf074e252863c2e1f55e576222e52d

                  SHA512

                  72520536d7d241e206476a842b136d3f3f3bc8733de2686be7b5e9654c4b1e2a4aa79db41103ea11a4d3669e7646059886ee713a15c5d3c90d1c1f7158485da6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\8ea7da47-7742-4a5c-885e-12707ed13b27
                  Filesize

                  745B

                  MD5

                  75eb0533272ea7a8e7dbf42b5254430e

                  SHA1

                  20c1f229ca40741acbddc25bedf50382d65ae424

                  SHA256

                  4af5b31567773190eaf37532b0d2cff35e06df426f895522eb3a5156cce2d376

                  SHA512

                  1b86129130ec78a929b01e1d9d5c1ac539823b6ad4c02011ccbcdad60f02a51e8bae4157286c91aa896ec7dd5482eb52010cc97a8d7ca7315c6be123c98c33d3

                  Download Submit