Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
15/06/2024, 11:23
240615-nhcx2aydmb 115/06/2024, 11:22
240615-ng1byaydke 115/06/2024, 11:16
240615-ndewtsscnq 1014/06/2024, 17:58
240614-wkcn2svbrk 1014/06/2024, 17:57
240614-wjtaeavbpj 114/06/2024, 17:56
240614-wh8npsvbnj 114/06/2024, 17:55
240614-whjdtavblj 114/06/2024, 16:38
240614-t5wxbaycqb 1014/06/2024, 16:38
240614-t5hppaycpe 114/06/2024, 16:37
240614-t42feaycne 1Analysis
-
max time kernel
534s -
max time network
531s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
15/06/2024, 11:23
General
-
Target
http://p1t.fun/?l=1031
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://p1t.fun/?l=1031"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://p1t.fun/?l=10312⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.0.451977269\1939255542" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {470b0d42-6861-46cc-992a-6a8924469a76} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 1296 11fc2258 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.1.1832754471\1481261988" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1daa2628-b242-472f-a0b3-a3e96ca6b88f} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 1500 d6f258 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.2.1635411970\117209479" -childID 1 -isForBrowser -prefsHandle 2116 -prefMapHandle 2112 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b119873-0505-461e-bc55-852e8f517dda} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 2128 19e9e258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.3.942494144\753340365" -childID 2 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae6556c2-09a4-4e91-ab51-c4d27d91d448} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 2928 d62858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.4.331861399\1972616476" -childID 3 -isForBrowser -prefsHandle 3508 -prefMapHandle 3584 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67afe5e4-a7e0-4a52-b3a0-d74391c2705a} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 3552 d5d058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.5.330181766\1302021049" -childID 4 -isForBrowser -prefsHandle 3668 -prefMapHandle 3672 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39f0b59e-7763-4286-8d16-a64162ffb5cf} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 3656 1e473c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.6.1061291154\601026531" -childID 5 -isForBrowser -prefsHandle 3788 -prefMapHandle 3792 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be984e52-d0d1-4b95-9279-1812b2705f45} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 3776 1e474e58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
26KB
MD55e7760f54ffc445e4966bd2877ba0965
SHA105cbde5a5e21016cb111bd9691faae6e2f528e35
SHA2565ab08f4edae6ca1a7ce3125b975a039c1ff95bf1eb4b48ac306631e49664a7ca
SHA5127d91f0bbcfd9b0ea9dac1387c998e1590457fa88b3432bc9cab21ae3fa3dc19abc6f9738bad46e817dd4682690fc145bdb11e7f7781b7026d05b9b3ee47f977b
-
Filesize
5KB
MD501d61c09d7dba7795aa437fb43890caa
SHA15dcfd68ec1a2dce4234e118f0fd6e941bfaf9811
SHA2564ebeb5be280c08eec408287357dcd5d682c2040f80fafa9d3b674acd40c3ebfd
SHA5125449ab46ebb881265cf9e917a19c6b8a806e85bd5488afdfd525180d0a2db45b6c9e9abce90525a49de89d7647d354a6fbad62b1b885e934c86c7024fc456115
-
Filesize
5KB
MD541b618353b4d2dcf9245fc2b705941c8
SHA18da3f96ab69fc7c83e43b3a0f7b04a945fc0bbbd
SHA256c222e352ebebbcd99e31b336b837b236c9ece69607d6238bd01d40bfd07261cb
SHA5120f05b4173827eb2e3840ef8eaa7c56f729d7623570b91b126d634a4b057505214f466268a6670602cdde0eb549bc40f367c7a74a562302d5342f5b5c749b5a8b
-
Filesize
950B
MD508124f8c43020ff133b437333a6fbec3
SHA14ecb00a469c1cb05ed544cc96394cfd55c0fb0f6
SHA25610992dc5e6d53ef17931567106c4009e02c300889e63a58994edc56c04ed7adf
SHA5129fc5b4eeffc5e64217cd24bcb4a28c556f11d56363092a04212a93c248e15f639d14fa53b1a60071da16e61bc2b0aa54a50e67dd35b2dec2d2faed825fb55e60
-
Filesize
204B
MD572c95709e1a3b27919e13d28bbe8e8a2
SHA100892decbee63d627057730bfc0c6a4f13099ee4
SHA2569cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182
-
Filesize
2KB
MD5e77dd30d72894f1b924401c024a84ebf
SHA1ef8397a5ceefa9e493819d928501c3add0ba2674
SHA2565c117d094ca208d359d9d4f037cf7d5e6b8cbbbfbdd69e0e51a6cc7ba0582d49
SHA512dbc6674eb66e5b2db8e87d404be07636a169986910e49bf3f672d0f15e51733ac5e6883ea5fc621925953a9871ec5aac9cfb2b10fc9c8bd48c73f0bf492b4835
-
Filesize
745B
MD5aba9d9bde179c824a605c3140df4cf10
SHA18a147586a674ecf37fe68a32951162caf4264b10
SHA2564173126046d36cec371f29ca9433f535431bd6be10acaf746e56d079c9673cb8
SHA512df50485dc84084f28af7ff6813d0e4dcb9aae34cb801abe587de4386b41d03694d8d4b4ab9ebe6e1ea986d94b3575888423dd7fdd7edc9d169132259e862b74d
-
Filesize
13KB
MD574a32c9f2afbb9fd28379b8260fd9a05
SHA18c6587199fd202abb08bae000fc9b678f3afef76
SHA2563dff458cbe18661c3ef8089fb3470998a66d2c15db23513855ec993c7d87caeb
SHA512e56f01476a2860e39e31389d9f812dd56250c1898b1d30f816a60a606f54a4d82c91710fe3b55d252ae526ebbc6bf03fa50a96681b6d747c51398ca1ba4ba92d
-
Filesize
7KB
MD5e2bae9455d4ed3f352ae32423b5405f6
SHA10191ad1be37620f3a3b981ec715a3ffa5b928fd4
SHA2565772a423b191eb01bd4551416889ec154e96d14c7db9760462caadeef0c8bd4b
SHA512f506c668a5a84533c2336d361673632229488cba29741a1de3ecca4ce1d782d514e54cacfbbdc1a17c3d7cc1773112ab477dc1f6ad9604667d6e991d78285f50
-
Filesize
6KB
MD556c6eb597fb28521589aa3b4a8aaa4e5
SHA182cf0e20b09ab4a70a8b67a4cb892a79e6759a1f
SHA256bc82c84fcb20c843c7578048334e46605d8cef9ea715bd927313b36c7ad8dfd1
SHA512656efb4d0701db015489dfed84d2f4a15dc0dff0e1681479ce25442fc5d8041e2cf85081e6cb62d7e24f12dfc67d59167a9db2bda9d71dfcf9a6147795bee97b
-
Filesize
7KB
MD507f87c4e90cb261b93db602abe3f0ea7
SHA1c155ae73d1a2b8d72e4af1f8c97eec7553c8ea95
SHA256288aa2c4943720dc2b1f5686ce154d211ba579b4b85165f7f6df4869a80420b9
SHA512e75f53506c5e2211fd201ed41064aed7476742d2b33cf38cf7c0fc17b3222c11d630a9c40c0c7a3f2a2d222c62a2a5f82f54e8a815e37e4f90ab0bf4933bd623
-
Filesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
Filesize
935B
MD5b7215413f19797a7a71757adccd2d695
SHA1e1cfa0bcb2384c251a1d808881dffd1093b38446
SHA256c3b00795f4dd71b8f70f17a941694008af6bc4559518151fccce2c4cc5cea692
SHA512f214c030eb2ead79c5a18b7342997c939f84e895869a7276f1fd9c8d4b27f4dfed3fdb471bc8874a381fd8f51ab3ecebd149ef00ec558e3162d62c705176720d
-
Filesize
1KB
MD5a4ab07c7fc42254d589a467ed2a7798f
SHA1532acd9b3c8b479c788a3a779176475c6d072785
SHA256dcbb8539de304cc08eb714f88c51926b3bc97e8a70bd81e3647415c1052ea167
SHA512dea71244281c67b7f61a7493e14106886dff9ee08442a3c6a307155033fa96e86d75ee174d266336732e78b9faded647b3f624935277bd1608b9865b58c14713
-
Filesize
4KB
MD5da8e3a2ad9051ff5276a502d36e89998
SHA14479c6e906e6fb7027830540ec2340f2f4a58f59
SHA25662e369a29084708ff8337f1f7f25ac997de867fcb9ac778590e4c3057575c1a0
SHA512dd6dfb561a8443003b920fdb923b7acc3b06c73d2b89dd5ae5cd81ef3aa4574d2b6ad459fa2c6fc03b3dafc6a0c0847772ec01fd370ab7b8ae79ac431b89bdc9