Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

URLScan

urlscan

https://github.com/V...

windows7-x64

7

https://github.com/V...

windows10-1703-x64

1

https://github.com/V...

windows10-2004-x64

1

https://github.com/V...

windows11-21h2-x64

1

Resubmissions

20/06/2024, 14:19

240620-rm2czasamf 7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 14:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Viper4K/malware/blob/master/MEMZ/MEMZ.bat

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Viper4K/malware/blob/master/MEMZ/MEMZ.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:920
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Viper4K/malware/blob/master/MEMZ/MEMZ.bat
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4480
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4480.0.350472740\1220256008" -parentBuildID 20230214051806 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5c30060-e472-4f9e-845a-3cde0e1db47c} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" 1840 16e7fa0fb58 gpu
        3⤵
          PID:3236
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4480.1.914789561\1443208204" -parentBuildID 20230214051806 -prefsHandle 2468 -prefMapHandle 2464 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40069da8-4286-437c-b353-8f4983795c7e} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" 2488 16e6df89c58 socket
          3⤵
            PID:4920
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4480.2.499393236\1008974475" -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2992 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 960 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48878276-f7aa-4a31-afa3-596c65182772} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" 3004 16e0514c258 tab
            3⤵
              PID:1216
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4480.3.95885449\1299244758" -childID 2 -isForBrowser -prefsHandle 3792 -prefMapHandle 2736 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 960 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ba84eb4-1ab2-45ea-ad58-7a1af7b7acd2} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" 3396 16e06ec4158 tab
              3⤵
                PID:2176
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4480.4.1483065333\1950937736" -childID 3 -isForBrowser -prefsHandle 5064 -prefMapHandle 5060 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 960 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {091a6f74-8cdc-4588-9f89-0711e83e5bdb} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" 5076 16e087a4b58 tab
                3⤵
                  PID:2980
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4480.5.501090792\98117597" -childID 4 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 960 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98c9be76-15d2-44be-995e-e095f6416f17} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" 5180 16e08243d58 tab
                  3⤵
                    PID:5104
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4480.6.1627545697\536038968" -childID 5 -isForBrowser -prefsHandle 5380 -prefMapHandle 5384 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 960 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c9662e1-bd76-4937-a889-9f3f0288cee9} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" 5460 16e08244658 tab
                    3⤵
                      PID:3212

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  23KB

                  MD5

                  90dc15bfc2e4631777e978fdb9d57479

                  SHA1

                  21890ff4ab839490e26c01fc2fe494dd7ac2144e

                  SHA256

                  ae6cfd2cf16b1dcddd65ec8d00bcd29f1bff0b6c423f00009c93a81ee4731374

                  SHA512

                  2ef674398f59b74d2b3e98eb169084cdcfcbb5a25892814a4ffb283bcff0ea0f196eaf6eeb54b437e62fcc0314d2e6f51628b44ae4f7cf1c66eda08d644ee405

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  095145d0e95949c6070251c9e3bbcf1b

                  SHA1

                  f62a1fcd9c01ac41e15a01d82dfd7a0ebae1152f

                  SHA256

                  fea307e737c3cec85c7d6ffeb3a3d25f1dcb878e5e2f828bab4a58c4aeda36d2

                  SHA512

                  93be83932fcb8639e20e99072243729f76e913144cfc7bcc4d1a2ca7de57f190da2bc511f11bfb793e8b584306087e923828c986e08ca06473c4573ce35750a8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1019B

                  MD5

                  f4e9cc350840254ea311f3b81ac1d8c1

                  SHA1

                  9d39b1939f4ac9e88006e66af840d2595a6ac116

                  SHA256

                  92a696bb19ddaec959c1187b317a866b8b66e7afc8d021f9046065e958552177

                  SHA512

                  ccc3d72c76dba99395cc6e556478e5f03d5f3b5ae21cd11e975574e6ead292a7b8671f7e9cde215811574e4ff598cb2bcce9c360690dfd7e99a8d8c7584efc1f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  c1cf6c342e7f38309ec7892aca93c83d

                  SHA1

                  f9c35f79029a0fe5cd2ae81da4fe7610c80aacc4

                  SHA256

                  ffb01383aa6e65b5757d60372b78906b1586012a32096b4b693ba35ba4bee7b0

                  SHA512

                  3dd9a998cc2436a35297901603e6c2152bc36c9a8b36bcf9cf981b9e4c51b476b7baafe4c1df4adc280acd07fca0f3296939f9ad6e70da6340a047d3208787c1

                  Download Submit