Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

GlobalProt...n.html

windows7-x64

1

GlobalProt...n.html

windows10-2004-x64

1

GlobalProt...n.html

windows7-x64

1

GlobalProt...n.html

windows10-2004-x64

1

GlobalProt...n.html

windows7-x64

1

GlobalProt...n.html

windows10-2004-x64

1

GlobalProt...el.exe

windows7-x64

1

GlobalProt...el.exe

windows10-2004-x64

1

GlobalProt...st.dll

windows7-x64

1

GlobalProt...st.dll

windows10-2004-x64

1

GlobalProt...me.jar

windows7-x64

1

GlobalProt...me.jar

windows10-2004-x64

7

GlobalProt...af.jar

windows7-x64

1

GlobalProt...af.jar

windows10-2004-x64

7

GlobalProt...64.exe

windows7-x64

1

GlobalProt...64.exe

windows10-2004-x64

10

GlobalProt...e.html

windows7-x64

1

GlobalProt...e.html

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

Resubmissions

26/07/2024, 09:06

240726-k2ts4ssbnb 10

20/06/2024, 20:05

240620-yts4havhph 10

Analysis

  • max time kernel
    1622s
  • max time network
    1622s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 20:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GlobalProtect64/jre/Welcome.html

  • Size

    1KB

  • MD5

    a0154e8b351df4372081d55752da1c61

  • SHA1

    1c3dc9c2e45a2ff9c0c66db0f0212fae0cd8b0ab

  • SHA256

    285517a831a095139ab3bb5b323c9f7cd989d7edb71e73c2b359fd01fee7f077

  • SHA512

    f1608cd05039ba8264da965eff1ccfd77523f253acb25a529f110ba4d788bc64793f75a672cf11c5eb2e0ab23d95a7f91abcdeb1f5b5f709142b4e9d13b84178

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\GlobalProtect64\jre\Welcome.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1564
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\GlobalProtect64\jre\Welcome.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2408
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.0.223100816\173894140" -parentBuildID 20221007134813 -prefsHandle 1244 -prefMapHandle 1128 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc8205ad-4173-4ab1-89f4-13aeaac68b0a} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 1336 107dae58 gpu
        3⤵
          PID:2732
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.1.1526880536\1296653352" -parentBuildID 20221007134813 -prefsHandle 1552 -prefMapHandle 1548 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4435852-da87-4fad-98d5-c78fd5273fd0} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 1564 ebeb858 socket
          3⤵
            PID:2800
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.2.1913708930\1508435143" -childID 1 -isForBrowser -prefsHandle 2148 -prefMapHandle 2144 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebe996fb-348d-4b5f-b192-b4655e55765c} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 2160 19b7c558 tab
            3⤵
              PID:2972
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.3.487438361\347553378" -childID 2 -isForBrowser -prefsHandle 1936 -prefMapHandle 1960 -prefsLen 26151 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e725a60-210b-4a09-9863-1fc8f941af6e} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 1720 1bd60c58 tab
              3⤵
                PID:2160
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.4.384040129\1332402728" -childID 3 -isForBrowser -prefsHandle 3420 -prefMapHandle 3596 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4268e36-680a-4abe-9455-af0e18d141dc} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 3644 1d870a58 tab
                3⤵
                  PID:1772
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.5.1537736407\1124235528" -childID 4 -isForBrowser -prefsHandle 3760 -prefMapHandle 3644 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4ca557a-4d23-4898-9201-ab02ae90a875} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 3748 1e82d258 tab
                  3⤵
                    PID:1984
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2408.6.2116065133\1042873707" -childID 5 -isForBrowser -prefsHandle 3868 -prefMapHandle 3872 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 668 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29445937-5bbb-4a2f-b618-59a3fb711bf2} 2408 "\\.\pipe\gecko-crash-server-pipe.2408" 3856 1e82db58 tab
                    3⤵
                      PID:1628

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  23KB

                  MD5

                  ba1983ced140bb935b24bdd131bd42bc

                  SHA1

                  3562856d15d8041297a5b39e41a7c726fc173341

                  SHA256

                  796d3b26c81197d1b19aaff9bbdfd37e92d7e103bec556c624a63d1eb42e01d3

                  SHA512

                  7cfff5bd4e8604dd671bbd96533a4c9529de52a2c385da24c5b535c0f1ceae462aa35daca83b02ff515138b743c581ad2fae9297be65676e321926a6067a24eb

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2
                  Filesize

                  16KB

                  MD5

                  2560f63c34a19b93270e3c0c88a3464e

                  SHA1

                  456d49a249d05bf01c69cc42d17b367d23414609

                  SHA256

                  7150b4724543da77a19076bef9dc873f31e4a96ae056d551e47a80cd2932a7fc

                  SHA512

                  3ec3057c40ce70a470c8c96c2e35b2de720c4a09e5a7871800b6840aedc69639f56477eca500eb364cc10d067db080522c506555a1dbe94573b7f50e5189b9eb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\E79JT9PUWZY296GUJMS3.temp
                  Filesize

                  7KB

                  MD5

                  c71f231a5068b6af25e1def72ea85033

                  SHA1

                  9e2372028be61787d78c14b9ba6f7cabbda4cde5

                  SHA256

                  ef4a029459e9652627ab000cbdccb63910dfbe42fc03a07b93d58d476bcff4d9

                  SHA512

                  ae00248ffa53fe43397d5a15f479a6902ce01dae78cceff26c6d987201c4a190433f2c4e047533263c52d85c4378c6de650d3c4ed9d5721068af6ab3817bb666

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\bookmarkbackups\bookmarks-2024-06-20_11_LA65YGRSQ8shaPTk8btqhw==.jsonlz4
                  Filesize

                  949B

                  MD5

                  6438d0ec1382db02c4b0379acbd28c06

                  SHA1

                  c5d5ab0327e01893c128f145c8f60eba6238fcbe

                  SHA256

                  ffecf2ae5ab92caf16c126e08f2d2e816099058dc952d36df5c25b10adfcbd81

                  SHA512

                  82533154ede1f43b96589074dcacb6152a8f336a5465f279ff6f8342e3b648f470ab7c5dc710f6029b025f36b57c45c6968bb93450ec05dd70a69d6b7d19cdc2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\broadcast-listeners.json
                  Filesize

                  204B

                  MD5

                  72c95709e1a3b27919e13d28bbe8e8a2

                  SHA1

                  00892decbee63d627057730bfc0c6a4f13099ee4

                  SHA256

                  9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                  SHA512

                  613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  586af5b0839b02e7f2caa082329b6356

                  SHA1

                  04eb5195f6dc00a7b05b50164cef08f76d9435a3

                  SHA256

                  d1a3bd2cea6d014c7a92b4cd49afcb86b385090ee2e62570a766d5df1c11379e

                  SHA512

                  5c7acb845e97cb4207226e9a3d58bec67319628337210b98cc41e7b1d2bca72fdc551cff230dd7d9f3ee32a05c405db842522c1b8ecfe6cc0ac7a03eae20c970

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\datareporting\glean\pending_pings\54f81126-e9cf-4b6d-ae2c-e1068de283af
                  Filesize

                  745B

                  MD5

                  f94ce745437c78e40dbe7a0ebd96b5ae

                  SHA1

                  c323a221fd9157251df0250e9a05c380b920bf87

                  SHA256

                  8cabee84b613d59b84b755cb707adab0485dbbe2e01e01e75b47528a206cc8ec

                  SHA512

                  47f831cc9fd589ae9e4b7face79a189820610c90376ed4d619b0eedf54e892a7d8ac6787134a5750b586197bb21b012a914de5555d69efdca8574886c5d06d0f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\datareporting\glean\pending_pings\5bded26b-0ee7-4a37-aeed-b589eaeb47e4
                  Filesize

                  11KB

                  MD5

                  20cb10ceec6ce399565e8fc331b0b604

                  SHA1

                  903de1c995da9849b9c015d2ebc5c4e42c44c5d3

                  SHA256

                  f73f27ccedb759c66e08bd58c3657f738fe74f3a9a60ccbce213444b460d2048

                  SHA512

                  d5cc4bb9d22fe5bf7256ec03b8570886df4fd25e8d748faf914e1aa438d95fdea043a37fa701e4db596a5f25b043d064c18124ab35834672092010becd891ee4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  8b6c1a1fda851d95445dd5ec71ca7cef

                  SHA1

                  f24e27e8160a355f6e1a7efd52e2feb1c7e97c36

                  SHA256

                  b09ca2dba48d0124e6450c56f9a2ffeaf55a500217feba2760a5cba06b8d9f41

                  SHA512

                  e7dd4a59627663251a9510936602e33b30e3a3e32c4870ba81ead2d51031258eeb2ebcb0c0eb195f943292923ed0c84fb6e23e0b441c87ec09069ab1171c4e50

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  0777f79d176b70c010eedb374d7407df

                  SHA1

                  c1d935875bc84b9de77af5a5d1116aedb19eff37

                  SHA256

                  b8c74033b4edd9705a849aba2b50e288aa6a0f615aee87e17a34f6c451c4bbc9

                  SHA512

                  09209d0d8b0c6821cf6868c36e83f1817ef30fb56167259f97eb180ad405257af75893407155cae65b327dbe5cf7806699a954a8d093f7a3e541e8f96667a922

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\sessionCheckpoints.json
                  Filesize

                  90B

                  MD5

                  c4ab2ee59ca41b6d6a6ea911f35bdc00

                  SHA1

                  5942cd6505fc8a9daba403b082067e1cdefdfbc4

                  SHA256

                  00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                  SHA512

                  71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  8bd0cc0d04c493cb810829e90cfddea9

                  SHA1

                  c8faeaa081d57e4f6922702d529dc3c17c4a714c

                  SHA256

                  023e02f2f42d6988e12c1864405c610ca00281ad96e75194b36eab9b28113bb5

                  SHA512

                  938f5c8642e10b9cb741db38ec4d67d776f1178cdb6850ceb449d898f444646fcc57f0887c7a45df7f0bb88a74433a7f2515e84a37d15a4bb466826e46a4f536

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\targeting.snapshot.json
                  Filesize

                  4KB

                  MD5

                  e5142d56cdb5036773be1dad61fb1301

                  SHA1

                  7ed3c56d8ad40bee9e48089fc0aac24299d030e5

                  SHA256

                  48c3e033c570b4997504472a105d08e8bb354e943313d261447b424829f8cd5f

                  SHA512

                  fbc3f51bd4a22a92982b60f706986678509cfa6cfec7a1dc3a76562ac3bbd8d093ded3499f9d3d37d5bc4c835cb7b269d73966a226572273759f19092a08f0e8

                  Download Submit