Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

FizzyCheat.rar

windows10-2004-x64

3

FizzyCheat.rar

windows11-21h2-x64

10

Analysis

  • max time kernel
    1015s
  • max time network
    1028s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 02:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FizzyCheat.rar

  • Size

    68.1MB

  • MD5

    d63e96a26544d011a8395b5ed01f117c

  • SHA1

    5c482e3379267d47c7a6ebc45027baa04bcdf2f5

  • SHA256

    c1649ac36df3ff0d9dcf3111fc30d7e8d3bcb326c74da9411214416a749129ea

  • SHA512

    26befe007297f0502a76171f3edba49447996a529f1990bd31ce5db3297057cbcce9b22466af900fbf00196f039c9097661563d2d0dd5f3df3a6df3644ee80a5

  • SSDEEP

    1572864:YmMZM1p6+cYGGH+ldhDayMlS2u2cQVHsAodlznqycmktkpEB/1TE:IM1pUxuykS2u2csOlGywkmxpE

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\FizzyCheat.rar
    1⤵
    • Modifies registry class
    PID:2456
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:3760
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3356
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2924
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2924.0.2120045976\129759419" -parentBuildID 20230214051806 -prefsHandle 1780 -prefMapHandle 1772 -prefsLen 22244 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79536eb0-54f4-4594-9c10-662ad11a4359} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" 1872 23892223458 gpu
        3⤵
          PID:4972
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2924.1.968053918\1568431850" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22280 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5324f893-a38f-480d-96ad-15a13adb998d} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" 2420 2388548a258 socket
          3⤵
            PID:5068
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2924.2.1891003597\169538242" -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 2972 -prefsLen 22318 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa4c3a18-03f2-4b24-a9ed-0c9a4928e3cf} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" 2988 23895013258 tab
            3⤵
              PID:3496
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2924.3.149040352\811774322" -childID 2 -isForBrowser -prefsHandle 4224 -prefMapHandle 4220 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73110879-d9d1-4add-a4eb-7dbc14068f99} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" 4236 23897341458 tab
              3⤵
                PID:5080
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2924.4.243969544\2135289790" -childID 3 -isForBrowser -prefsHandle 4912 -prefMapHandle 4732 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6d32ca3-ecc9-451c-a3cc-bf4780250227} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" 4880 238999ba258 tab
                3⤵
                  PID:1044
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2924.5.1622215821\1015355296" -childID 4 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {722364df-cb9d-4dc0-a343-c9dce263de55} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" 5016 238999bcc58 tab
                  3⤵
                    PID:3408
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2924.6.10224627\1546838053" -childID 5 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1260 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82946fdb-6660-442f-9220-53b76a17e3bc} 2924 "\\.\pipe\gecko-crash-server-pipe.2924" 5316 238999ba858 tab
                    3⤵
                      PID:2172

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e6zhegwu.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  26KB

                  MD5

                  003473f5b1310023c548a6f38d1e2483

                  SHA1

                  c5c8bcbf9acc2629039b95aa5f076b7dcee2dca5

                  SHA256

                  7b5344691fa369a19fe21fad4755c11e09c8823f7deed6528f30597fecbc9b93

                  SHA512

                  a47a7dbd4670c5ba88d875c74e8ef2050c7cf0580bcbf80ae91fbb69a109312088d4fb8b12a616d48eaa6bef3a50245bc59c4de16fa51373c4ef7d25665d9963

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e6zhegwu.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2
                  Filesize

                  16KB

                  MD5

                  9e76c86f311603d1cb8cb99ae9b84098

                  SHA1

                  b3eda7e90b569594ccdb2bae1c253c694f525aec

                  SHA256

                  da9877fea957b37ddf9f8ad6a29aec4673cc52c53ab522d7cf308722b8c26d47

                  SHA512

                  e0d3acd2787694ceaba9ba805f446d35f034d77880606cdac8dc2fc34f8ce4e450023464b4fda859e7c58c2dbe1d0994a74646041935510ee01ac2482c3f98d7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  5KB

                  MD5

                  c9af7c66f369cebdd22b3788e9539a7d

                  SHA1

                  262d86fec9924ee663eab37a1df2217cfb979347

                  SHA256

                  fa6af9e0c7915f70bfcceb10463d69ce09143799a10e33adfbc529b41467cf0a

                  SHA512

                  d2fa0a0df0bff930b671f73a43278d26654e0937fb07b22baa2331fc06b06fc03269d574eb7f7137589b7aca8f8f5a7fba043f7277f4f707ea757a7f4ee9f4ff

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\bookmarkbackups\bookmarks-2024-07-08_11_6FbckyJm0QBdgL38IDXwrg==.jsonlz4
                  Filesize

                  1010B

                  MD5

                  9c8f179bffdf51883025521c6fa45420

                  SHA1

                  e5aa6965c48c6c07b2449dc9e883a4130773f1fd

                  SHA256

                  712d45cdbe4f40f8f927606700c290a2c2ae7b333b35938f77e2335117c1a2c0

                  SHA512

                  1a9e0d0e8ac038c3e0b2b85cfed5ab125c28d44d09d7848d8efafabf73d0dadf75d722fe8bf5717e82118ff6b4bf4496b45794e101177afcb367829f90f854e8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\broadcast-listeners.json
                  Filesize

                  204B

                  MD5

                  72c95709e1a3b27919e13d28bbe8e8a2

                  SHA1

                  00892decbee63d627057730bfc0c6a4f13099ee4

                  SHA256

                  9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                  SHA512

                  613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  cfbcd1e0cda494f2535ace98414add8b

                  SHA1

                  77dee5dfb4651b802b0c26eae07831e6322be54d

                  SHA256

                  4ada2f259577cb576954049e2e8ef4611620fecfbe4121f34692430d7385ac70

                  SHA512

                  0e77dd001569139b79392fd616561673e6ebc5737f9fa8d9f9406748aeb8f2b81dafa8050f0e13958c6464136dd96375e62f054de424bcdfb572ef88847e6cfa

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  e2020d223e89f1e2da6542b80675c45a

                  SHA1

                  f7ccaf26f7a0018d93e58bfb57873ef7bff5178b

                  SHA256

                  4360eec8426a16dce9ce5423ae4bb68f830017d6e9dd04b4c46e663d3621189a

                  SHA512

                  1bf719d6a42de08a39b108ba950bb725ffcb14e1398f065041f4e451da18208d40f47ba3e3f03dd77cce3d718407d03e4e91b219a550c9e97c1d6e01e84a1b34

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  4ff00cefaf27aa3ce35ddd1d58b79087

                  SHA1

                  d641a13661de135fcfc4ce65fa22439f40d90be4

                  SHA256

                  d0fa59ae15fa119504b8ea72738d1d616b232b85ab7fc7953a5b8f89d2d168b6

                  SHA512

                  99fd73799597bf2521bc9f96ec0334a707d06f228ac94676c529a9e2f23382d57ca832fd3b39a3e0fe58425a035c3336b5fbae72417e6cf76a7e8aa5e56540a7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\prefs.js
                  Filesize

                  7KB

                  MD5

                  f04e1ddbfff783aec200bda08536e9fb

                  SHA1

                  b040bdadadde23c295f4e2161c72e96b1d25ff10

                  SHA256

                  b831867951a3f3d351ac790ca3c0d8a71fa2d482ce3157ecb9edad786cb1897e

                  SHA512

                  4cefa5ac6aa92360a2f7266181145c3504443fb85b4d09eedf0ccda6b6c00feca0f9aba928e9cb21fba0691d193e8ebc74bff0b914ed9afedde94905d0316821

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\sessionCheckpoints.json
                  Filesize

                  90B

                  MD5

                  c4ab2ee59ca41b6d6a6ea911f35bdc00

                  SHA1

                  5942cd6505fc8a9daba403b082067e1cdefdfbc4

                  SHA256

                  00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                  SHA512

                  71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  351dffc18f9fbe35a7b3dff329d3bb4f

                  SHA1

                  e49ffe41103d225e6e2dd9762101a7b88d1d65ca

                  SHA256

                  59c8e412deb5ef8e3300d6764744aa5d7e2b156abeba9166f85000122eabf7ef

                  SHA512

                  61e8ece19a84b1b820c2c8d877522679d5ac0e2b731dc435d467c1a2df2dbd323bfc27f45b0f64829cac69c0c99d976dbb76189da5dcc22096fd4b30b33fdf5c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e6zhegwu.default-release\targeting.snapshot.json
                  Filesize

                  4KB

                  MD5

                  e253023a8eb1e29d27da6bcdee0fcd70

                  SHA1

                  f6f1ba19062057ea1c1c2945ce7366bd51df4042

                  SHA256

                  0317bb14150a0df7d6f82ed94d0efd85c79427865a1dd0f788331154ba6f7698

                  SHA512

                  7331d403f31bd87121700d9096baf6319c44c0b40c6b6e3293f8cacfd472a5921f91fb8108c5cb86c667caab2e98c375ab7373dc695ddb4990d672cd0bb2806e

                  Download Submit