Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
136s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
13/06/2024, 15:07
General
-
Target
https://ufile.io/ntimxghr
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://ufile.io/ntimxghr"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://ufile.io/ntimxghr2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="416.0.2068202165\1737288223" -parentBuildID 20230214051806 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fa86c4e-b9bf-4756-a57b-64e743c6437f} 416 "\\.\pipe\gecko-crash-server-pipe.416" 1868 17c7690d758 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="416.1.514474715\1876672919" -parentBuildID 20230214051806 -prefsHandle 2460 -prefMapHandle 2448 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3b63cc5-54a1-4006-b298-99ccfcb5c0e1} 416 "\\.\pipe\gecko-crash-server-pipe.416" 2488 17c62585958 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="416.2.367347728\949377226" -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b7c1132-de0a-49bf-8a7f-cfbc71d32a29} 416 "\\.\pipe\gecko-crash-server-pipe.416" 3092 17c79a35158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="416.3.907295161\1548672227" -childID 2 -isForBrowser -prefsHandle 3828 -prefMapHandle 3824 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a567b026-ce0c-4e43-9a96-1ddee2f13c8e} 416 "\\.\pipe\gecko-crash-server-pipe.416" 3840 17c62576e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="416.4.1923269052\2056825353" -childID 3 -isForBrowser -prefsHandle 4920 -prefMapHandle 5048 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cce8e6e-6c59-4cf0-97c8-6c33db2b0b91} 416 "\\.\pipe\gecko-crash-server-pipe.416" 5056 17c7d0baa58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="416.5.841952615\1376215722" -childID 4 -isForBrowser -prefsHandle 5204 -prefMapHandle 5212 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52ceebd2-4309-4095-ba85-e8ce1a5f3a85} 416 "\\.\pipe\gecko-crash-server-pipe.416" 5288 17c7d0bb658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="416.6.1731228025\1940326269" -childID 5 -isForBrowser -prefsHandle 5424 -prefMapHandle 5428 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {448f5f92-1cfc-4107-bef4-104556ff2a31} 416 "\\.\pipe\gecko-crash-server-pipe.416" 5416 17c7d0bad58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="416.7.1208185877\1315667887" -childID 6 -isForBrowser -prefsHandle 3604 -prefMapHandle 4908 -prefsLen 28603 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6729f7bc-e3a2-4585-b8cb-0fc4fa3dcf94} 416 "\\.\pipe\gecko-crash-server-pipe.416" 4724 17c62541b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="416.8.972765879\2037050762" -childID 7 -isForBrowser -prefsHandle 5988 -prefMapHandle 5984 -prefsLen 28682 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5a71422-e093-4339-a228-dfd86b42a232} 416 "\\.\pipe\gecko-crash-server-pipe.416" 5996 17c78af8d58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
23KB
MD50d06c2daa3cd60b56b2238d3fc64af1e
SHA1c9d977d8cac013bcecb8e00c7b0999c1fa2362ce
SHA256fa135239ce63951634538a554bb32d1b11e7eb1ad2254478f2744a25c48bb3ac
SHA5128a82ea28c05e4277d88e535556a4fb1cef85e7733b1ec1c4f1f07fed9cff559468c971e67ac8e9f65576c5596ee3153cdae8f8e3eb78ed15322631cf25e9e98e
-
Filesize
7KB
MD50302e226fe48debbf94a5eba8c7b2e2c
SHA1795ceff44bcf78c0e235efae24a1606d4292a1a3
SHA2563288a32c0c195999f1274ed9a58f1424f518adeb966ce1a8d014dfd1459488cc
SHA512a060f1d50565cd05735ac2c0edbe9cbfdbfa18607c7a5ef6507c43744482f746ab36ab3d413897e1b06d23b0eb09751c5e419d628e2a63dcb493bdf5e1fdcce2
-
Filesize
1KB
MD5515577a2ac8458a3e3bc50b8fd40ced1
SHA1453e11cb6ad64953e6e4c3790c1a1d94f88db824
SHA25638154e2d667dc79d4f7930027c7f1854c7f155ce00964c6dbb9c244440c158a0
SHA512b524bfbfb906868884611e6ee596514cc5717a371abc00261d2e966eb51e433faf74fa54ff12df7f1ba837ff2bdc55a4e178f0d07ed0001ef2fca1835070b72f
-
Filesize
1016B
MD580f192bd30507992109c60b2f4762fc3
SHA1e08953295688db9d34ce50d931a5bbecba99e594
SHA256b80f648d95bf6f5d6784a76b224fc4e1070c7df025d0d64b6a0f34ba78b01b51
SHA51214fb0615d8a76673735f6368423cfcd0ed314da6dabbcd6ab0ae4bce06c135e89710db5b9c27ad01ca1f0a5385c5575e4535da441f15491ef53e9badc918b693
-
Filesize
1KB
MD56476d6798eed4350d26d1acdf2e8157e
SHA1989f2ec3197f0700d20877e0fe45bfc3b818fd38
SHA25688c1bac800006ba76ba77cc63ca72984c9a44f0557879454c809f6f23baca25b
SHA51296597b4f5cb9a2969f7230d096c64d7460739c83ecd0cd413ad8926700ba1861b6a9c0a7986bb27e5e8bd5e4d28e39848dcaca0f4e5490e52b1437dfb57688a1
-
Filesize
1KB
MD54fcfc75a6f4cd0fe535256f0c93de5f9
SHA12363a2cc06f19220be33d6c60f1ca2e711a95062
SHA256ef14f7c9e23249aad673ed022752706d87d08eb21a797157537d55535725cdbf
SHA512ef514056d43e996ee717504f9c65e1bc8f378e512f65191e7493df5ab08fd00da4e1d58c060f60ffd7e563782a333c8b335bdb119622c0d27b59328998c470d6
-
Filesize
1KB
MD5bc3250171965de3a569258036099989c
SHA100ad5e0ee54954c66548528db67fa7076e0dced9
SHA256168f6dd0da9640ebffac7c5ccaba77fca6e3a09cd4b597f119313c7100fbe4df
SHA51294158fc02306164bd1da59cb404e25a8d4577663543a0928e86f2282b755d5263b850e3621ae5b1059a72db4ec3c67bb1e1d5ebc3c38d2e92eb6a41d82c0c6c5