Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

URLScan

urlscan

https://github.com/V...

windows7-x64

7

https://github.com/V...

windows10-1703-x64

1

https://github.com/V...

windows10-2004-x64

1

https://github.com/V...

windows11-21h2-x64

1

Resubmissions

20/06/2024, 14:19

240620-rm2czasamf 7

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20/06/2024, 14:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Viper4K/malware/blob/master/MEMZ/MEMZ.bat

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Viper4K/malware/blob/master/MEMZ/MEMZ.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Viper4K/malware/blob/master/MEMZ/MEMZ.bat
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1340
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.0.455399173\1277666389" -parentBuildID 20230214051806 -prefsHandle 1808 -prefMapHandle 1800 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e6c878c-5439-459c-a6d4-60be290d7506} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 1892 2940de2da58 gpu
        3⤵
          PID:700
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.1.1460906764\930531471" -parentBuildID 20230214051806 -prefsHandle 2412 -prefMapHandle 2400 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2463179e-8eb5-49f9-83e1-30edf9734884} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 2444 29401089f58 socket
          3⤵
            PID:3036
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.2.820704974\2141905271" -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 23028 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31345463-832e-4383-9488-61a23a7ba550} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 2952 29410d3d858 tab
            3⤵
              PID:4812
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.3.1223548594\1012380872" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ab44ccc-317e-4417-8682-add35ec0b3a4} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 3640 29413be3358 tab
              3⤵
                PID:3340
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.4.1693521632\933855482" -childID 3 -isForBrowser -prefsHandle 5084 -prefMapHandle 5092 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23297627-4b20-483e-8b70-1947c43bdcd2} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 5104 2941590e558 tab
                3⤵
                  PID:436
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.5.255264699\1275459436" -childID 4 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e00b7a61-ed77-4392-80bb-e88f4f03d266} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 5192 2941590eb58 tab
                  3⤵
                    PID:1276
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.6.1376271899\874467496" -childID 5 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7f9252d-5f56-413b-a41f-e4cfa46ae12a} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 5392 2941599de58 tab
                    3⤵
                      PID:2128

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  23KB

                  MD5

                  77ff5b76db5a1457236a999c2f61ef29

                  SHA1

                  5295314269f2b0b6c5f64cbcff59778853c367c2

                  SHA256

                  8ea9f495520741d7c20750c81b039f01d554f9d4cfe8c4e3e681b9a453d5c156

                  SHA512

                  c7f2243bc773945ebb581a7e88f0f7d921ad83a558c9d80d1f38c5ba7a5741e0dd1b4896ef341d18eaf7f69c09b2ab91925cc6fea5bbd7dbb66f3ff2e833b84e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  3b1452b039f35ec84ae133ab3adcc19e

                  SHA1

                  89a57bede34c477291815bbb253562225b53da2c

                  SHA256

                  7fba7f13c9c240da6900d15e1ad5237624f9b605bd3f89b1006d19a3e4330ace

                  SHA512

                  5a85a8180059784a86c3f2edfbbfeddd3625d1811ce4c5549f754f5ad5e4d1981a925af189bdc35ab89805d1c2cefc163f4a000b1fc5ef86e07ea93cd0706f2a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1019B

                  MD5

                  8b3363910bf9e7e00c9fbe214a083afd

                  SHA1

                  d978f1b7cca1f644091e91bc0570bfe457cce053

                  SHA256

                  9a05c97d0048d93ace63c2d3bfb7bc95af362f9c637f45de72ae880d63d06a09

                  SHA512

                  9eafacc8822801f6774fff689a7291e1b4362cf586d8179c615436d180802d3e48345c8a26626da20f84696c4287fe00b603ad9f1db863fe6d4f4d3059d036d0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  56f6f4db8a6a8fa82b6d81f558e94e1a

                  SHA1

                  593d8bb72dbc29cb04e26a2c748944dd128f9e10

                  SHA256

                  5cc137b2552235fdea1cd9ad3bb0e7742ec9de162cfc4e9b3166987ad3f52846

                  SHA512

                  9851067b968f7dd546bad358964c013731b1e21bb504a6a42e5f37049bd030eda4cd31552eddebc1536164b5aadeab3d2e674ec33ca8b5f49e9d10be153748f2

                  Download Submit