Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

RobloxScre...18.png

windows10-1703-x64

3

Resubmissions

11/07/2024, 20:18

240711-y3emgavcrd 10

11/07/2024, 20:09

240711-yw6sdavare 10

11/07/2024, 20:08

240711-ywq2xssaqp 3

11/07/2024, 20:05

240711-yt46rssakr 3

11/07/2024, 20:04

240711-ytdntathpf 3

11/07/2024, 20:03

240711-ys5e5s1hpn 1

Analysis

  • max time kernel
    145s
  • max time network
    142s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11/07/2024, 20:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RobloxScreenShot20231231_160103318.png

  • Size

    979KB

  • MD5

    ab50ef9b41f1046bad8a91aef89e76e4

  • SHA1

    511f01a41f8470fb3ee2b45b4dac2edbe2af54f9

  • SHA256

    91d3faef143362ad384934ce71905437c78db2a9e0e6307245771034e0abd59c

  • SHA512

    e7a2a075b7a0c5e268424fd309d2f6613444ce95e76334adde82615096343541a60bac82f25858edd2ddb2aa568efcd2fbed608484c11c56dbad0707ae00b803

  • SSDEEP

    24576:bOINuEEQDf2l3cL7F/AE5A0sxnuONOmsLW4dgNSk5J:HDfJfF/rAZuOr0zdKSkP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\RobloxScreenShot20231231_160103318.png
    1⤵
      PID:164
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1596
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:360
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="360.0.484264012\711668997" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7eadac76-694a-4177-9099-1a3cdb5c5db5} 360 "\\.\pipe\gecko-crash-server-pipe.360" 1780 19f110eaf58 gpu
          3⤵
            PID:1588
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="360.1.1190887820\312004572" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92e57c34-15c0-46fe-9886-0c5956ec6bba} 360 "\\.\pipe\gecko-crash-server-pipe.360" 2136 19f10ffad58 socket
            3⤵
              PID:1744
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="360.2.1840141361\681214538" -childID 1 -isForBrowser -prefsHandle 2904 -prefMapHandle 2920 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a92ba828-c936-45c3-8db7-9f2e8535f04c} 360 "\\.\pipe\gecko-crash-server-pipe.360" 2636 19f1105d658 tab
              3⤵
                PID:2304
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="360.3.255527895\2006336391" -childID 2 -isForBrowser -prefsHandle 3400 -prefMapHandle 2884 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {093c2d02-99a5-4095-b95f-3c419f9cc2b8} 360 "\\.\pipe\gecko-crash-server-pipe.360" 3468 19f7b962858 tab
                3⤵
                  PID:4896
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="360.4.1431150387\1715819201" -childID 3 -isForBrowser -prefsHandle 4156 -prefMapHandle 4128 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2052d621-ca21-4930-9d72-6017f9680e21} 360 "\\.\pipe\gecko-crash-server-pipe.360" 4172 19f169a9e58 tab
                  3⤵
                    PID:376
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="360.5.579067011\691853639" -childID 4 -isForBrowser -prefsHandle 4780 -prefMapHandle 1544 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {adde3d27-ea16-490e-981d-6e99da37c2af} 360 "\\.\pipe\gecko-crash-server-pipe.360" 4952 19f16770058 tab
                    3⤵
                      PID:1516
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="360.6.892752120\611211575" -childID 5 -isForBrowser -prefsHandle 5096 -prefMapHandle 5100 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0986437d-c669-4529-b6da-bd14d6055c27} 360 "\\.\pipe\gecko-crash-server-pipe.360" 4996 19f17de3958 tab
                      3⤵
                        PID:2388
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="360.7.1079648600\613075037" -childID 6 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97f86ca8-984e-4e00-81e8-cf6da79d00fe} 360 "\\.\pipe\gecko-crash-server-pipe.360" 4952 19f17de2d58 tab
                        3⤵
                          PID:2560
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="360.8.655086009\1751120691" -childID 7 -isForBrowser -prefsHandle 5644 -prefMapHandle 5672 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {675b1cee-77bf-4b45-beed-8f716a5cd419} 360 "\\.\pipe\gecko-crash-server-pipe.360" 5692 19f19408d58 tab
                          3⤵
                            PID:4380

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\3A2B2193D77E8A6B57159718D3BFDD47D5DCC5BA
                        Filesize

                        60KB

                        MD5

                        353df21d6ea556fa2b3b2ac2ae442208

                        SHA1

                        4fec5d70424eac6a3dd338646add57247a27dded

                        SHA256

                        7c86f9957435bc11573ee934378a3637f27eba246631a488bc70959dc5569d9b

                        SHA512

                        3bb321884046f1943c1199378ce45a94082a5cc915d71d6a5104688e9e45b7f4e03f3122ab86e49dcbeb5081fa158a9f1a81349284143b3be5e94f003ce0dc7a

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        2KB

                        MD5

                        ed87b36ddeaafe4c37da4a2cb6fd57f8

                        SHA1

                        3bba4faa7bf626264001d547c62cb501bae42a35

                        SHA256

                        7c0a67a71e2d84ea37bfebffc4ee467264048f3452889704c2311843f8a3f3e0

                        SHA512

                        7a392ab699cfd2062dc2adf1e1f56535579f6a9520c967dd122ae82034d93c5403e21bb6a15261b33d3a43790136cf1a53e6360c5b37f36e9d01c75ccaf79c76

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a8f6bfad-f405-4c75-8e55-770a3dd713b6
                        Filesize

                        746B

                        MD5

                        b79d343e423e6cae0e0797764e23cd81

                        SHA1

                        8a077684e49148eb2abe95490a921a935ab4c4af

                        SHA256

                        eab2267b8e54b779a97ec3711c0ac81408dc557ea1dd51d3def6a52f9a648074

                        SHA512

                        6dcff009e6dbfb37c5183bc44e8bac7cd35953aa5c463af7a4a60e1b5e4264d9f4ed0735a46dfeb835113520dde0c36934e289345aa21aceb24350e46e58a8fa

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\b24c8b5f-48f0-457a-aab9-2edb0c57a051
                        Filesize

                        11KB

                        MD5

                        23122b79d94c248609e8bbbabfdd474f

                        SHA1

                        96960c820f9c4fc54f27a89dc36a5edb16388eeb

                        SHA256

                        be6947660c06cff8250e2e99264a60c0a3000db8455920b8108dec526455727f

                        SHA512

                        024d1753be780f935dad3fea090f8a6674f3811afaea2e5aab45adb04cbec534528f798949b3b0a217498cbfe991e02eec13b3ed5efff08a6710fb8bf3a8777f

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        3444026d589f4763e4db4fef8372507d

                        SHA1

                        8723c2ef51bf85d5f1c35f70128e297feccc2d12

                        SHA256

                        eb3f2a29c7a29218dda0bc54384d3147bad0c733eaacd99571c294c9c812de30

                        SHA512

                        a2cdb5db3cf8fc4906fdc06c1b415ba5531532bd968060ed247ad95d67b1fc9469058a5155e92c75ce26674aa74dc17bec26d8bf511003ff25635fc74437212f

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        3KB

                        MD5

                        442d69fa47affa821585f6668c555cf4

                        SHA1

                        e82b66063d31d4d070b47392ad278983dd624731

                        SHA256

                        5078cf488621055da314f4b57b8899577bb4944970512d7f398628e2ad0990d2

                        SHA512

                        fae338f4b2ebb54d72238f387a9670bf1516c56a7309a66cc47160308500f1896f3a7b85f72ca31389ef38cff162ebef0bf73b9867f956a4ec631ec73dbd82f7

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        4KB

                        MD5

                        32075813240c6b10114ffe2a42a06a47

                        SHA1

                        54032cced03eb94cbcd15c58bb1116a91d2f7a90

                        SHA256

                        733ba5046624f0a3aae833a9473e772c8fb52381be05b39c9b8f2c480dcd57e6

                        SHA512

                        825fb68ce19373be6b47dc9bb96e707a4419f13d8ca3fd40e50c70d69c9f64b80eb10a3d2de77ac28d2a218cce33737ca6abc336d0adffd57494f0005019b2d2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        4KB

                        MD5

                        c0499e2c0139d2594393ad7e53be1983

                        SHA1

                        eda292c313ce8af6334b45e6a373acc1064885c1

                        SHA256

                        182c4b2135fd5d9b5ff087518abc0e7440962e23a75b9ee81b933bf4c8f3d6bd

                        SHA512

                        5819a3abbe2f391694a982de2dac12ee3794f2b2fb792e0561913ef71106fc514d0cf654b227d38f2bf4eff98d1bdaa44568a7451fab78fa09e877e21d8a155d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        4KB

                        MD5

                        c622b93dc9230b63316d1c14d4539103

                        SHA1

                        15cbbc86a8eda45599c5e5706330a79412b1089e

                        SHA256

                        ab9b26f51b5d9477f1210cba7c2bc076b22321b58725f8876309c84cb10992dc

                        SHA512

                        e079bafa3c27b5c36111b0c9b2e2fc659389d35cfb1948dd5d434b863570f8e97a9b5963d2ac689c39f2040edd75b0eb477b1bef2d6b08c3894b6be54072379f

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        184KB

                        MD5

                        e7d901ad03d22078f4c42ecc83c3bd45

                        SHA1

                        13ffe2ced2026e6b99c39a96d006c7832a72ba17

                        SHA256

                        fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

                        SHA512

                        8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

                        Download Submit