Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
53s -
max time network
65s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28/06/2024, 22:28
General
-
Target
https://splicecheats.com/
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://splicecheats.com/"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://splicecheats.com/2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.0.1626038924\1884561537" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c070b00f-c3ef-4207-8f76-216b43742ab4} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 1980 1a6b4fc3e58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.1.1686585797\310651807" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3ea6ac8-0833-46ac-a8fe-7f2937f18121} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 2404 1a6b4cfa258 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.2.147609743\424832042" -childID 1 -isForBrowser -prefsHandle 3208 -prefMapHandle 3204 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a3718ca-c98a-4084-845e-d56de3e4eef1} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 3220 1a6b8be8558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.3.1149865548\1990883772" -childID 2 -isForBrowser -prefsHandle 4068 -prefMapHandle 4064 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {152f468c-10ee-4ebb-9726-15dcbced2c05} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 4076 1a6ba527a58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.4.1815877098\504483129" -childID 3 -isForBrowser -prefsHandle 4508 -prefMapHandle 4540 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1b95b95-7ff8-4ee8-b958-068b3db1e4f6} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 4544 1a6ba529258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.5.1503166656\1110731447" -childID 4 -isForBrowser -prefsHandle 4636 -prefMapHandle 4632 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6c29d80-34b6-4103-91de-e40be9b35fef} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 4644 1a6bb048258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.6.317917701\1539465294" -childID 5 -isForBrowser -prefsHandle 5100 -prefMapHandle 5096 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3443e5a-a81e-4abf-801e-80f320a1bdd1} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 4928 1a6bb21a658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.7.189712051\2068733801" -childID 6 -isForBrowser -prefsHandle 2984 -prefMapHandle 2996 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24282ab2-05ba-4f69-959d-228614b05340} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 2896 1a6b8107558 tab3⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD51c058ab5ee583db84c407f5ae42d0a95
SHA1011ab74e4278967f15127ddea7c84a6fe6e90317
SHA2569504ff8ce0431a07e1eaf9ebb0468b7a7c55690e542be9cebe21a3a1178b6420
SHA512cf07d23ef0398b78607e0c387c0f355012a994716b5a771f81f0cbd35407208631a6090421cf5a10389183cfe020557a67e3805152306e522c506700c9d437cc
-
Filesize
746B
MD56defb71102b8e4529a8187fb396a6ad2
SHA15728881803ca32f4a1c1bfc72ab5862aa845f46d
SHA2563fcf3706d1896a2b78d747e94ca0182ced7c9e8c03e136a0c390177a4a6f78c9
SHA51296dc34cc82140df156be79b15f235769097d25b527d5b06890ed62e237a678260720038733b6ca6ad127e026ecfb46e4a124eb9c82570507b3591a7ceb400c4f
-
Filesize
10KB
MD5e03a463ab411583a6ed3baf319cf49e5
SHA1cef5f7c5ab4544ba36fdf0453226190940bb1a5c
SHA256f21603e2598da8f97ce242fa283303f942b5ce8e75c8123d53bcf324fafd32c9
SHA51214957df10081096d5ca6ffb135a45e156cf451b30d8db80d587704cd52a1a9d59fd315a5db2b74fb2f45886cb9abd06ac9907b8e709f7449be41eedc90ff84b8
-
Filesize
6KB
MD5cd85774b86186f49a90847e68ad74aa1
SHA1ac5e5f0e077cfacbccfdde5dd72e2f042665471e
SHA256e52a2f0931e5fa715f17a38df1eb5be948024c25e5de43229d6835c5225a68da
SHA51235e2e64d90f3b0f9e839a533bd0aa6e17e9b0c6509cee6c46ef67db01ec805cd0c62b9e7ba874a438be6a3ac435b2d21cebd3ee6a51728d157bd49941c8d1a29
-
Filesize
6KB
MD5393959d3e95540a23cdf2afbecf9e50e
SHA1b76b890c24e9ebfcc6f208092af47b0414e10ef9
SHA25644fb000b26f0f9b8e09c69aff9fda4bd0a3a10b3aa6f2bc3dad165add249ddee
SHA5126c52ccc27832d54159c588e16218247b3e3f5cfbe881e3f2d28a5b11e1bde7ed3f455be9c0d0701b8de699d8d1b786ecd0901af141fa519fbf7f22157c6b9d1d
-
Filesize
1KB
MD583a99058963e84496c4c5cc52965953c
SHA17fcf862a2053cb85277cd7dce7f9d7b461f3d1ee
SHA256e7175e8f191b330e332e34a010d33d725f71b0d0f5f370e8edccbda17a480fe6
SHA512a1a0cde3ffb05541e28df631998fb2e96d0e388f2650f98681ffe029ddbe01637515a98b941f735ca838217efcc7bafa93708231a86402276521b4eaba51b62e
-
Filesize
3KB
MD5cdd46513a1de347d532f23a88bac117a
SHA149669616bbf06b3fef175a3a594e93d9cb105fb9
SHA2567eb5cb5e0c49ecb5009eec3e23768475778a9f7cd5634bae92941061368a9ff9
SHA5121df746e145a821cd2a1651b37b70edb56181a6565aead6f4bca45bad4a3c72c61c3553d55c3972fbf62e5259c6c4d0ee9728c3602c1e7feba239dd635b6306f1