Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
407s -
max time network
408s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
06/07/2024, 16:36
Errors
General
-
Target
31581a6f5822cd65e3e22571292e3617b86fe76d87d301f8d9aa1d7f87495dc8.exe
-
Size
452KB
-
MD5
2498a8b0f3bb1595a145448f21ac5928
-
SHA1
b64707a9cbffe894359fd50af9502625fbe73c29
-
SHA256
31581a6f5822cd65e3e22571292e3617b86fe76d87d301f8d9aa1d7f87495dc8
-
SHA512
af35dfca7a1c87fa1a116e38f01f52ff4562c75abe358ef777ca6ec4f296a7ef6a2c1dc32c020bc7cabdce7997d4de751f1a5baeae91e46663f87876fbe82ff4
-
SSDEEP
6144:eSiZdIUHgezH20Dc9tjZY5vJ9hdePJmy8gwOiSTEbU9MCKmhDrjPJEO/YhbTzCwm:9IgezJU3qx9fefmfWErdmhzPJzY6
Malware Config
Signatures
-
Program crash 1 IoCs
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Gathers network information 2 TTPs 4 IoCs
Uses commandline utility to view network configuration.
-
Modifies registry class 1 IoCs
-
Suspicious behavior: LoadsDriver 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 8 IoCs
-
Suspicious use of SendNotifyMessage 7 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\31581a6f5822cd65e3e22571292e3617b86fe76d87d301f8d9aa1d7f87495dc8.exe"C:\Users\Admin\AppData\Local\Temp\31581a6f5822cd65e3e22571292e3617b86fe76d87d301f8d9aa1d7f87495dc8.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 4722⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 5064 -ip 50641⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.0.1609027391\1325306579" -parentBuildID 20230214051806 -prefsHandle 1812 -prefMapHandle 1792 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61fb8b58-d268-4e1c-b7ff-2ab78d8b4804} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 1892 1f19e32d758 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.1.324757536\1190217024" -parentBuildID 20230214051806 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddd239a8-c22c-44d3-b106-374740119009} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 2416 1f191589c58 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.2.1154343276\1282885342" -childID 1 -isForBrowser -prefsHandle 2920 -prefMapHandle 2916 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49789a46-b371-4551-a346-64301c5d5f94} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 2932 1f1a0f17658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.3.416458005\998262959" -childID 2 -isForBrowser -prefsHandle 3256 -prefMapHandle 3400 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db2ce94d-eab1-4cd5-ae2a-25c0d99edb26} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 3252 1f19157ab58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.4.1035176261\701019676" -childID 3 -isForBrowser -prefsHandle 5000 -prefMapHandle 5004 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0527ff6-dd22-421c-9be7-56852b488e3b} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 5036 1f191582e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.5.1061590764\1591918005" -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {332a3cc2-e0b3-45e2-b300-e21fa782632a} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 5152 1f1a5f8be58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.6.643207878\217466252" -childID 5 -isForBrowser -prefsHandle 5356 -prefMapHandle 5360 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b9a26d7-483a-497e-a42d-8a265dfdde95} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 5344 1f1a5f8b258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.7.964078353\263754486" -childID 6 -isForBrowser -prefsHandle 3684 -prefMapHandle 1316 -prefsLen 28012 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f718bc4-621e-49f4-85ed-5ac5923a08f9} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 3348 1f1a688a258 tab3⤵
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
-
C:\Windows\system32\ipconfig.exeipconfig2⤵
- Gathers network information
-
-
C:\Windows\system32\ipconfig.exeipconfig /refresh2⤵
- Gathers network information
-
-
C:\Windows\system32\ipconfig.exeipconfig /renew2⤵
- Gathers network information
-
-
C:\Windows\system32\ipconfig.exeipconfig /all2⤵
- Gathers network information
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s FDResPub1⤵
-
C:\Windows\system32\SystemSettingsAdminFlows.exe"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetInterfaceStaticIpConfig {857F7985-CC79-4DFB-903E-C97E807308EA}:"{\"ipFamily\":4}"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
26KB
MD5ec7f12f05f8c1344cdb344c32e48cfa4
SHA1da37a1da62feb108410401b3de644f8f40fd75aa
SHA2569e23c348b605e8e9ca46906bf9df5103bb165f2240f70c4a9230a98ff6cd1530
SHA5121e3474a97570c3001e3c3751378a50121d31b2f2d1d48b305ba6ca22c1271f915ea56b2e64a99bf3fcf4d1ffe2321cf44d5fd867a1accf75be7edf8b81ef721d
-
Filesize
5KB
MD57447551891559c423e65dbfb1c16d649
SHA185f9e80807a92a4f93b605e16e7e506417a45235
SHA256f3b95da9a2f2e07e30a07481eb755008531edc8ee066275cd617ba95df5a7923
SHA512b4f23630d9c0c73b77d412a9abd8f207b1dd070c00a8cb72884317a5914599769f98561c8d05e69048587647d0d8039ef913891e2650be8c44dcd90014b055e7
-
Filesize
7KB
MD5ef15836268a7191e9ae7b6ce9de616ba
SHA146f17b1eb8a8da615d5ff1b5a8f2bb08b7a28ffa
SHA2564b43085b04a1aa13e7639f85c16974289d1c842495abe2a4d0902243d86aee82
SHA51228ef94d2112354ad928b029ac8dda83ac52cfd075b6e6dadfe3badfd216bfbe22b71d53ba36af1ffc6e5de8f6dbe8a88a7c7a1e5bc7c80c9a5c101e5f1bbc34a
-
Filesize
8KB
MD5f7bed1bfa7337b326a83722dfd60b79d
SHA1d0c39e99786f6154782ebfe7484dae46399856c6
SHA256798ad168e82384ae19735e176ff2e8af9b247476032e8dd3a4b1b2e0924bc33b
SHA5125b8379bdeab7e25092fe9a8caa7113eb66f6afc71d5aa2f66287330cf9abe0f8bb442678c62185a9d73efb02363b87d54d284652dcfd8718d2568e18f053e053
-
Filesize
8KB
MD5abc5b9108f5f0a78664f5e8822bb9913
SHA172f6b81acb47f297c0591551900922412a8319a7
SHA256f72d14e61ab033cdd19d3ad881f6569d8743858384cc352b18bac1bfe8af8525
SHA512ca93ee025c866bd64d8664116e5b0606dc2ef35c9d48e201f43963c3a02fdd22b8fc7e38262d8faa72ef372c2d3ba60586e8234799eff5261232ee6e25227096
-
Filesize
7KB
MD52c9de1fdadcdaa8b02516d93609d7f57
SHA15173039631f6e544534526f2e522e8bda3a83327
SHA256be9fcaf63328a771a7d2dea944c56887c9c438ac58dcb9cf400e086d242c1e9e
SHA512dcdb1a8226c7187d45a989fec39b2d707f78d6c0996b181bd2c4a80fc3092e959b7d1b079587fb91b5a89ff9ddaf9ba741d783b152726c72763a80114f5de565
-
Filesize
259B
MD5e6c20f53d6714067f2b49d0e9ba8030e
SHA1f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA25650a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf
-
Filesize
1KB
MD5eb893eb5a957c4fa8d7ae2f77358955b
SHA1340a8b8fb42abc38d45724ba0441dcc2cc933e1d
SHA2567ca9d10adb2b146ef6a892ec5c83b683bf0584e1a60ab792b1fc3237f6e5e201
SHA512c690a3ffde372176add52af70a8738fbd2292f3d34a77e4d9ea0e0be189ab55fbdd556b40948e10e48dc45ffa30e3fc386a23103f45fd38668e56afbb123a336
-
Filesize
1KB
MD53a1030cc680c37151c84843191c6981f
SHA1018f4600541ae62f25bdecd52a6e3a5651596bf8
SHA256a58887e89fe4703a5417f07a63232adeff41f99eff73053123282b0d33ca0bb2
SHA512ea0d6e3c2795691289172ea5eb2a26761d7f2c21070657632a53ee6fc58011a1e8761d295884a4820db77ad11914d2d08b8d3430eb2760cbf83643d418f9d13e
-
Filesize
1KB
MD53bbffaec13224b5472057249227044a2
SHA19b63368c06252b0ad8c378da0db723c891d4c8e6
SHA256fd764ed2e267bc9b1cf64e43e590b7f0bd0bd499e8b4697ac4a8138974c0a37d
SHA512fe799612430df70935a4ba73209c101f86228c5c19d5392777d51a5c8ec026e70a5f00270757a45894a57875ffa2e77a56d39bc1844ec302129b6fdd5f021985
-
Filesize
1KB
MD53fefb26f37364b83f6d15e048271d803
SHA1255c96cb9481fd6a937c006ffb3964eb7ca5c478
SHA256e873066f37f6dcfbad6c747ac5ff2fd7e82b1fa33ed66d63bbd037b19ed39284
SHA5124940afc676e93c431fddd8994a44f34a894e2f4fc7c2bed065c3188ac87a9afcd309f84289c412a1ed569d7409be0788d4185b41f7fbe475e3c4349adaba26f6
-
Filesize
1KB
MD5394216c27eb42755bf07dea2f63e5146
SHA138ac59ab4cb17acd03ee94c5a43e4c7394d52f83
SHA256edf75fb474e2b168b51aa2b1fc0625059c34b05815e52ed94b002f77cee11b0c
SHA5121fedc08cf214c2a9093d30c77b821dce4504f102e629bbd2b611123c232ab2ff797cbc044661e608c581ad75ae17e56039e02181fe45309da8ebb02275743edc
-
Filesize
1KB
MD58f4f8fbc447ee1fd663b3a69123f06b2
SHA1fed6d3f503507cd6cccc4718d8336fa5617e6f62
SHA25681fad15eb76c42f79a9420718c5f3e7c51240b1cd61afc347cf0cc0145464f04
SHA512d6bb71d182c9e8c59320db57a601de16f9c5d158b36a9c71a12cbabf33071bc5812c294d55a51cbb9858f46ea0a8aaad3ef8ad80ee99ef95ffd9e99177e6948e
-
Filesize
1KB
MD536bc31d712207f9ca295386686dc79d2
SHA126ac68b536fc929341582e8b5182ea760b076bb7
SHA2568e4cbe6705ad42216d81cd0252f057a542ca3177740664680b17989eddd86162
SHA512586f4c87737247d5832e1fb2560bafeaa3ad9f7df2faa484213b11c5b3cd5a523b02b730e6bd5b5d15b4172e271c385d69d376612f8da3872ec0735da0e19d5a
-
Filesize
1KB
MD5ddfad8d099fdde60047113c2a6077d31
SHA105dd38774e5d1617cfefb08d91df810f91b2a6be
SHA256293e2a00fc188097e867109025a860106e6768b3095729a2b6aa4a231933e1f8
SHA51207aec1bfba067404e9c5fafabf6fc5748e447567ba6d0597c814baf31af7d0e34b9717681bdf6fefb718ed8ac99af274ff3ac1d0b0341169d799ebff854ff384
-
Filesize
1KB
MD59108abf30d021a6d42d0d09a251ec4b5
SHA1b283f02082a1afc232ebb47b1930c4d49a82088f
SHA256e6104f7ce6d66e23ccfcf25bef349ca29979ec452691cea50390e861853fa846
SHA51267282e8855b971fb9e51524d1fa4893c77c244b8ac60a230ec3fb2dcc3f5a0086e87ff3247cdd728bca53473673667c156ff7c97971740f67d39650b4c82f329
-
Filesize
1KB
MD50f327098b33172abc32ac0473b7d3714
SHA1f0d152d326a488f8118dfa29db972a601e248f82
SHA256ba429d58367e85f54ffa4d0ced756981f1184a22e8e5ddd888decc9815ad52cb
SHA512319ded620e3604919314b79035ec577fb7cc5f9bb220d92a395a8e384f79b934e8d8e8bc3c13547bac442da5259c30258c792b936eddc1e64a1732ceb327a896
-
Filesize
1KB
MD5738f441f68fbf685a7ca8244639d64e1
SHA1b12f201b59cc55a0a67a7cd5825cf1c4fec779f6
SHA25698b606e180a0347f5bbd57a0367479c0527f14eee4d4720a9bd1c8c33114095e
SHA512d7f1e2ad2da83220d09ba706455000a719bafa7c492867330c8aa77e56b0294fea91f85f27f16b90fcbcaca8f0f02f14d5c236ceb418e88cfd1297e4265c7d7e
-
Filesize
1KB
MD5f9b8354c45b901b684326a19814c1f5d
SHA1334552ee9ffd42e8238606a6f11a8cbfbf513de4
SHA25682e9c5307dbd24b7b49260342439700032b5503daf9f1cb95c2c2c9e59e1afdc
SHA51286b2482b4cdea6ffafd03f6d723c32638974fe6b6e629b871869ecbd34bd20f5eb60b7b35f29b087b7a06bfd7b5cf4e2d273c8ca1047982b8b55d6e4bb16077a
-
Filesize
4KB
-
Filesize
368KB