Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
148s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
-
submitted
13/06/2024, 14:16
General
-
Target
http://www2.ati.com/drivers/installer/Patch/amd-software-adrenalin-edition-23.7.2-315A123E-D6874F44.exe
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://www2.ati.com/drivers/installer/Patch/amd-software-adrenalin-edition-23.7.2-315A123E-D6874F44.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://www2.ati.com/drivers/installer/Patch/amd-software-adrenalin-edition-23.7.2-315A123E-D6874F44.exe2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1560 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed4e1c96-dfbc-498f-91bc-a91320a967f6} 232 "\\.\pipe\gecko-crash-server-pipe.232" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7c5893e-22b1-45c0-9bbe-a7710d736ebb} 232 "\\.\pipe\gecko-crash-server-pipe.232" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 3280 -prefMapHandle 3276 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb1c6aab-0240-4691-bcf8-cd63ccb7dab6} 232 "\\.\pipe\gecko-crash-server-pipe.232" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3668 -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 2628 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25c619be-58f1-4b0f-b305-d801d1fb8905} 232 "\\.\pipe\gecko-crash-server-pipe.232" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4200 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4312 -prefMapHandle 3996 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0424bc5b-266d-4668-8e0d-df54f5b36911} 232 "\\.\pipe\gecko-crash-server-pipe.232" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5184 -childID 3 -isForBrowser -prefsHandle 5224 -prefMapHandle 5236 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ee0c260-4438-4e1f-8ba4-b1f2a4945c97} 232 "\\.\pipe\gecko-crash-server-pipe.232" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 4 -isForBrowser -prefsHandle 5352 -prefMapHandle 5356 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9db0425c-a41e-44e7-a635-bf5854ab9dbd} 232 "\\.\pipe\gecko-crash-server-pipe.232" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 5 -isForBrowser -prefsHandle 5612 -prefMapHandle 5556 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {419b4a2c-f470-4260-8ccb-fd020a33b129} 232 "\\.\pipe\gecko-crash-server-pipe.232" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3472 -childID 6 -isForBrowser -prefsHandle 3304 -prefMapHandle 3292 -prefsLen 27795 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21a81db0-e126-46c7-9d23-dafccdabcb58} 232 "\\.\pipe\gecko-crash-server-pipe.232" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5004 -childID 7 -isForBrowser -prefsHandle 5312 -prefMapHandle 5216 -prefsLen 27795 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9480743a-7db3-43e1-a100-5163d4dddacf} 232 "\\.\pipe\gecko-crash-server-pipe.232" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD5b6006c7751dfc5a1b2855352beb950c8
SHA1902bbebd3ad43b5f6e31fca3dcf021afa7625ebe
SHA256dc94f44811c4899d00bb7004ba2560f78f2cbf6739513e97affbe6352ba30797
SHA512b63a0b6665ee940fc4f239615255736e4b2f62da01c910dd81fa1ea39dd3a37de92eacf419e0c34fcf89e91e548a34cebc87e37e1cd735c87dc530e0c6cd5e1d
-
Filesize
23KB
MD574ebbe2421936feb5584ecca475c9e90
SHA12f2b162f31df7d940f885db0ea03803d2ddd37b1
SHA2561565595b298a1a446e426be0db5033ae1665e075c5a6724f331f641cc4482b6e
SHA5129045beed1e403af75c56df56f0dac3cd91d1a27b6ca08a11ae7a43138ab8033ea1b054cf68a98f92ac6ed4aa1e7e04b6b227b95f343f48e70bf866e1ce127c4e
-
Filesize
5KB
MD542c3849b8a324165e7a029f19248cb80
SHA17b8e81a1467a4427ab5e056731f170740142c2b3
SHA2569ce0d831ffce807653ae8c661176fcc77d9e68d102dd7e1eb5d6725105de08a2
SHA5129772d2b246080167f3d9a5d889e4dc164c9167ad913c7b95107a8da559e32c5917bb72519d16162e27ce719a25b97a9c113f3d43641c72b2ea3b81045f1facc9
-
Filesize
5KB
MD5227ad354a9656fab6f1c752db74629a8
SHA13d4ccf2dcad22f2c04f1f16c267acb6cbd0f3c2d
SHA256871615d2c7b3c3894d8708a36ed53fbe3b8ef6ae339975d7c3e40e9bd6ad4f10
SHA512a6e097a3a95d80c0f9c90cb3719b9df4e582ed9c86ed909da69fb475f90069713cef8af72936fa7a2cb7f545f44dd5a8097e5308cda58fc7a4bd3be718b60e8a
-
Filesize
11KB
MD507ea1fe1abca7baa43c9961803e82197
SHA14925a1ffb591ca84cf8c962d2f1397dbab8c2a02
SHA256b6fc979d9daec20a839a434503c2ec0a8ee39fe55625be0a67c99d195e4bc540
SHA512c61e8bf8574ab20ef12dc6c577ab32b785a1745c4afa1a78e516e20864f12f3a701b89a453746d24e0fecc2c381c380503dc4ca418cdaad969e5ffd7ef3222ef
-
Filesize
982B
MD5d193b45663ebb4df4db210dd51a7a0db
SHA1f18fe2ac82d44878cbbe7d79bcaee48d53e8637b
SHA256b71fcfc04ed61020f19658ba03c94e6eda801de2d5937421b48fc0933da42da8
SHA512e2b71b82ac326f1283c5b4e947990038504a922b92788e42763f68240074c34620ab950b050eb193c130c93c25e5a447ed5fdaa9734050c7364d471dc3b80909
-
Filesize
671B
MD5f8d1be55d58f1013264cd4a645c04904
SHA13569a129656c7b1c430381741951b1e3e8bb27ea
SHA2568d5d013b695b367ac8a30673ddea29a1ea6b871761a255e190f76e1e8633b0d8
SHA5120e4f339c8cf01772597064614ae5691af92b6f50cdc6f6f623bc7bff7d42839cea699b57356d872f16e88d4bc7248feee88a380e56dd2db80b8a176877f0765e
-
Filesize
26KB
MD5ffd82beb71892802325612abb86af6a1
SHA179c4666e214ce2fc1825c81b86ac8d7d8266183f
SHA25668f932d9b0458bb192035856dfb52a116cff98663f7a2abf8184102669b6fc66
SHA512a41782b8255c19992d348aa0afb1848d9a986fd42807443a46b10825a3b87dc6d427c7f8b2b9ecd3226e5c2d7db15e93d0685d1d0b8e3237e38a66ed17337918
-
Filesize
8KB
MD563a742388c5397c60d94fb95a48965e7
SHA13ae4cf1b929b1592e48167ecc86fbde0c43fe1af
SHA256d657b25bf18ed56e5586f5691713e035d48dfab87239faadea199ab666fef8b6
SHA51281ded8d02a392e4da861e8703fe8e4aa91c17170082a8db3aca888a2c710c57eac160186c72b9aba7d23901e85376a3a084935a0f096bd8a5523af50a9e5c8c2
-
Filesize
8KB
MD5176daf473b638c337788f46483d7f6b7
SHA11e274ff5f3bd37b6adf4daf8cb4766183c3644e7
SHA256c45fddee915accdab6f377e0d236625ddbbf33e5c16eebf95957b210c59996bb
SHA512915f87396fb96dbd55d0dd3409422868e992bd1c6de217bab9b0aade8689053d3bd76aa71c0deae5c0c301f50d352f321f0b182eaee205337ec5133f32f3b668
-
Filesize
8KB
MD54d9e2d1bcc4887f021bd654975877bd3
SHA1b3b801e7aa8491b51cdab49efc43301fc7d528b7
SHA2565f2ae6a61a619b6f9f7344877a81ceaf262b8a590fe819118c7e9c14eade61bc
SHA512761fa541c4f09d0ff5883447ab29fb91be5809862eae0489e4342cf24cdce4ca14a3b844dc2e469b20804da5839e66f167e4d843ee6e559c6152c2888a6ebe56
-
Filesize
8KB
MD53b5ca2ecc21e545aa1c41fb0efa9fc62
SHA1381ced82bab8487a9b368270e496add4ba9ee1cd
SHA2566227e6e97e833bd3028c75cf583cb1dc541d8a000968804887997c05d25e434e
SHA512c8eeb8667fb305d7fc8c2ff63e65c06ab8ef6aa854bc7379dd730073db576e05506e8193f171a23150d40e95f42886fba45697e271f06efdd52976cc72a56bee
-
Filesize
1KB
MD5929542103a9dc135e3f3f6dab89380f6
SHA1b44c89ee034d963b547bc6cc25e0363e8286dba4
SHA25620272dbe9fb01de7d3bb2c0a5d61327b693f479e7f5e49cdf04ae7a71ab56d4e
SHA512267012c995a202db71a8f0a23f9dce9c6002a517d1560c98d71747faeca66c06cf3ecb75b0cbf33772f60345fc774e1d3f2d9ef2cbe9dc87578a042e29b0f331
-
Filesize
1KB
MD5114b6b0782acd3a5df655aee0ec59788
SHA1690b421b7d88c3ab56d8abc4a124975e5cd5f613
SHA2564a9b04bf71930ecbbffb9445822da9839d7724e01534fd4ecdc5b7d282b42b7c
SHA512db8fc30c3ca9bfe7b09a41bb96996108d410cc0a5323c56f765e2d039cd39c597232946014dd2e3568cfd0047bdc0aca5882786f0e38ccec9c32c5fe24a9ad8d
-
Filesize
1KB
MD5b1cf3de4929983dcaedf7c1b4ce46772
SHA1d837cc48cb75717b211a2c8202bbceb4e80299ef
SHA2561f674db37da27c71279078e4cc05a2f23980e6e5850d189b61a5a90ba2826036
SHA512e21eabf2bbf227e9615c76d0aa37f33e13bce4682e68e676772a212fee3d54f73b693e53b046d4de535ad7f90e3b8828cde9993fb914f27140b633de800d1a81