Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

GlobalProt...n.html

windows7-x64

1

GlobalProt...n.html

windows10-2004-x64

1

GlobalProt...n.html

windows7-x64

1

GlobalProt...n.html

windows10-2004-x64

1

GlobalProt...n.html

windows7-x64

1

GlobalProt...n.html

windows10-2004-x64

1

GlobalProt...el.exe

windows7-x64

1

GlobalProt...el.exe

windows10-2004-x64

1

GlobalProt...st.dll

windows7-x64

1

GlobalProt...st.dll

windows10-2004-x64

1

GlobalProt...me.jar

windows7-x64

1

GlobalProt...me.jar

windows10-2004-x64

7

GlobalProt...af.jar

windows7-x64

1

GlobalProt...af.jar

windows10-2004-x64

7

GlobalProt...64.exe

windows7-x64

1

GlobalProt...64.exe

windows10-2004-x64

10

GlobalProt...e.html

windows7-x64

1

GlobalProt...e.html

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

GlobalProt...-0.dll

windows10-2004-x64

1

Resubmissions

26/07/2024, 09:06

240726-k2ts4ssbnb 10

20/06/2024, 20:05

240620-yts4havhph 10

Analysis

  • max time kernel
    1767s
  • max time network
    1779s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 20:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GlobalProtect64/.install4j/i4j_extf_7_7caten.html

  • Size

    403B

  • MD5

    b44a3b3bff9b6112fd91d0044d714766

  • SHA1

    cfe32d1a1183407caa77ab5d93f2783eb746b0d7

  • SHA256

    72f47e9a733674019af0539aba9869adbb48ee0482afbd92cba05be78173d766

  • SHA512

    db63df5bbaf485fc8ec8775fe674eebd3c98c5acedd4ddad2f8ce3244edd1bf44b174826e0cbe96b557ba480ce496ff3add5b95f3e008b053d7782b422ea45ea

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\GlobalProtect64\.install4j\i4j_extf_7_7caten.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1428
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\GlobalProtect64\.install4j\i4j_extf_7_7caten.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4048
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4048.0.1932828122\1940898794" -parentBuildID 20230214051806 -prefsHandle 1680 -prefMapHandle 1672 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6388b7e1-b886-4d04-a9a2-64ba151f2d6a} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" 1792 1759ca10558 gpu
        3⤵
          PID:792
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4048.1.130068920\1294680778" -parentBuildID 20230214051806 -prefsHandle 2412 -prefMapHandle 2400 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba51eb61-e597-44b9-bcad-31603a70a2b0} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" 2440 1758fc85c58 socket
          3⤵
            PID:4964
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4048.2.670398465\969975493" -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 2984 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1052 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {750f5216-f1f4-4c12-bb70-68d5307aef29} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" 3000 1759fb56858 tab
            3⤵
              PID:3644
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4048.3.81771288\66964708" -childID 2 -isForBrowser -prefsHandle 4152 -prefMapHandle 4148 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1052 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e925b022-f4a6-4667-a3bf-e238d5b4efeb} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" 4164 1758fc76e58 tab
              3⤵
                PID:884
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4048.4.44117546\1131583973" -childID 3 -isForBrowser -prefsHandle 5000 -prefMapHandle 4896 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1052 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8705d3c9-b6b9-4b1d-9f4e-8e6faea6d949} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" 4828 175a2b3cf58 tab
                3⤵
                  PID:2876
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4048.5.996076455\1534570086" -childID 4 -isForBrowser -prefsHandle 4804 -prefMapHandle 4836 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1052 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a08a713c-d72b-4462-80c8-7914789011d3} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" 5112 175a2b3de58 tab
                  3⤵
                    PID:4244
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4048.6.750672138\1403700518" -childID 5 -isForBrowser -prefsHandle 5316 -prefMapHandle 5324 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1052 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c328611e-a6c5-40a8-81c9-78d63eaeb768} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" 5400 175a2bee558 tab
                    3⤵
                      PID:2892

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  23KB

                  MD5

                  a78968b2ee63664806a08389bd9a617d

                  SHA1

                  5954f25c0909327f7cf7f8cd007fd48be20e6d46

                  SHA256

                  500ccf9cf1d37d63b0c024a4ea0ea2d5fd2be643399158e478426209bf48251f

                  SHA512

                  75d51a5b10678768a91a7016757ba72cf048e9ec26b04f297afdd7e833d3e4754e07c9adc51efccd468f9f063163aa9da92ff5a8ea01de4c9b07b39bfafd5fd1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2
                  Filesize

                  16KB

                  MD5

                  6fa58010cd1e4f7e04ee4df33844ac21

                  SHA1

                  874874ca10626b8a7f060efd68296b07fe11cf2d

                  SHA256

                  2e04f93af4f75ab57c647d0d1c69da2d4e0e7f872595cc531ebbbd5088995ceb

                  SHA512

                  432aff4fa3af0bde7a71411a9f271b0c21bac1ed4e3290b6f4edaad4e9c021ea93924dfbeee6b4e475ffefbdcd9d4bbbfac38c4162708305380ab9e950c989b0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  7KB

                  MD5

                  665222f7b90f1adb247f03eb93789c64

                  SHA1

                  a08520d30851c046feb03547fe82f1909dce921f

                  SHA256

                  3c9d93addf1cdd7659f7f9807ecf4a4d239fb1f2c2250272f1ddd34f32963407

                  SHA512

                  de51573970bbd44247261f75a4c691dfdce39c2e64f883a303f658bd23e5863adad487500796e8b4efbbfb5e6948bbadeda66080462123494a428a805f013137

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\addonStartup.json.lz4
                  Filesize

                  5KB

                  MD5

                  fa39fc7d30ea43ed8983a8b5c284b12f

                  SHA1

                  161505decd9fff4e61099143dc7bd07e2725e369

                  SHA256

                  360de125a64a74c34de615dd5ad056bff5d0e3a24446cacdd480a5f0eafc9d04

                  SHA512

                  75205f654ab5b16f077ed0377b8cb8b475ecd0165ef2fa448b1e3477fecd1e082f4e1c078df13bcc44390c914fcdd26662340fcf553d20706838c25267536108

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\bookmarkbackups\bookmarks-2024-06-20_11_sEInrcbjNuQU78LVjPjgjw==.jsonlz4
                  Filesize

                  997B

                  MD5

                  438e9000da555630c15edc578fc888c3

                  SHA1

                  bd773d897b3740a635cc9b5769c53ea2b4bc8fd1

                  SHA256

                  bf7e59f07dcb198444cb7c15c5ebceab10b0153cd4878019df4b8196edc36909

                  SHA512

                  632de477ff13d808ccf79c194de42c47114fa4fd2dc0b695efaabccf2d4deb575e23bf20b04e94b7437d9538b8dcbd8b63b3e57503ed5e2e3c9a7f1c54088ce9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\broadcast-listeners.json
                  Filesize

                  204B

                  MD5

                  72c95709e1a3b27919e13d28bbe8e8a2

                  SHA1

                  00892decbee63d627057730bfc0c6a4f13099ee4

                  SHA256

                  9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                  SHA512

                  613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  54f6981e84060be196ed2efe1259ab31

                  SHA1

                  084ac416f99e29bab133674f41ad32791cc63406

                  SHA256

                  b5154d13b703da58ab3caab6d4b36e514494e2f070a391f9e95bed4184d1c61f

                  SHA512

                  07f3b9d242380d0544bd5ffbb2f2637c4e41a8e7a93f1ecbb58c2d61916605050bcd40de3c7eb62f3379b5146021ee700184e4817a92c2761e6cfd74e7d81379

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  f32d62379a650bc3eaa4f2417d250201

                  SHA1

                  e7f9b13ac724fc9c1c0ab1380d91c54fe51cd23a

                  SHA256

                  ff294f76253c2c818e77d607452c08751dbaaa3a02df171c3651964293516abb

                  SHA512

                  531661903769b8a78282caa0c146bc87b8ac5bba101848bd3f877e2ce9b2b9e9f9a636ef7d395383c9685abd372f7bb00e6cfbdd6d327a4706a3ae4ade0c7928

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionCheckpoints.json
                  Filesize

                  90B

                  MD5

                  c4ab2ee59ca41b6d6a6ea911f35bdc00

                  SHA1

                  5942cd6505fc8a9daba403b082067e1cdefdfbc4

                  SHA256

                  00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                  SHA512

                  71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  69e5504bf5762efb27f463c5eedd0d95

                  SHA1

                  1d1395d8384259d05fdb7907ed1fd50eecff2972

                  SHA256

                  d4b15ec5e78ca1353555332f7e8a42f4f01a62e2d529c47473ac997806f20da2

                  SHA512

                  6e31eff06d9354a0d4bd3f7060643a6a0509b23a94f4120c8f161ba16b1a755bde4847bf74a9201080e6c0aad0c0e6284446692389106c059da41a37086b8b1e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\targeting.snapshot.json
                  Filesize

                  4KB

                  MD5

                  0f49c53a0932215c18d8c1e985601c62

                  SHA1

                  d8246b0607b768d7a8074263bb886103c806a7f3

                  SHA256

                  13ae1c7e4ada3dc2cc560f7e8eac33cb2ca6ca5a33bc0f0172021b4f271bff79

                  SHA512

                  9feba397bf1b8fcbfb31dbe38f407c4224e43c1175a73d007a36d79fcecc127d7ab18752265cc74b5524f4f09e65535ed560006996eeddad9863fdab8db0e6f7

                  Download Submit