Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

TALKIT.exe

windows10-2004-x64

3

Resubmissions

02/08/2024, 15:17

240802-spa48syhnr 3

02/08/2024, 15:16

240802-snzffatgjh 3

02/08/2024, 15:12

240802-slc5esygmr 8

02/08/2024, 15:09

240802-sjqbzayfpq 8

02/08/2024, 15:06

240802-sg2bfsteka 3

02/08/2024, 14:51

240802-r8gkpatame 7

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TALKIT.exe

  • Size

    534KB

  • MD5

    bbc3687e84989e3f70f2179ba9a458b3

  • SHA1

    7059147afcd22233c1180fa386414b8e9f8bc10c

  • SHA256

    49534e847f24fdd727ada248666c5ebbbf7cefff54443df1dd56240cccb50a97

  • SHA512

    e66f6881fb5e3f4a7911fd8edfae82f88d4c4089eab2efb180fbc5c0860edd298c85d838426e0ba4cec0d392ae76c470fcb442b9699c841d5919e008e5a5fac5

  • SSDEEP

    12288:Hjv3p0iAiC7vbJPnZRJ49YwnX4P5g2OVs/wZfdjWPb/h9BiyLtNd:HdsNd

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\TALKIT.exe
    "C:\Users\Admin\AppData\Local\Temp\TALKIT.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4356
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:404
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4480
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d8dc7db-4bb3-4ef1-969e-7adb48c80722} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" gpu
        3⤵
          PID:4940
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2404 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80e5c841-1c77-4917-91c7-37a9818d0abe} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" socket
          3⤵
            PID:60
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2984 -childID 1 -isForBrowser -prefsHandle 2868 -prefMapHandle 2964 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c5f4aed-3f8e-43fd-9e58-c0722fd445e6} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" tab
            3⤵
              PID:3372
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4152 -childID 2 -isForBrowser -prefsHandle 4144 -prefMapHandle 4136 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52eb2124-35e0-414f-8685-62c92e77a4af} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" tab
              3⤵
                PID:3500
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4804 -prefMapHandle 4684 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8022ed08-3246-42f6-910d-8fef98ccde5b} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" utility
                3⤵
                • Checks processor information in registry
                PID:1520
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 3 -isForBrowser -prefsHandle 5220 -prefMapHandle 5236 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03409561-6ccc-41b8-a8d0-f21c99cf26fa} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" tab
                3⤵
                  PID:4652
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -childID 4 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b78022f5-9916-4311-bf00-46436fe481db} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" tab
                  3⤵
                    PID:4444
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5668 -childID 5 -isForBrowser -prefsHandle 5588 -prefMapHandle 5592 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe5e92a9-0ab1-471e-8bae-86073d53dfed} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" tab
                    3⤵
                      PID:1016
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6060 -childID 6 -isForBrowser -prefsHandle 6024 -prefMapHandle 6052 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b9b2cee-7caa-4e89-b705-b6f4e30f0c6f} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" tab
                      3⤵
                        PID:1300
                  • C:\Windows\System32\rundll32.exe
                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    1⤵
                      PID:5068
                    • C:\Users\Admin\AppData\Local\Temp\TALKIT.exe
                      "C:\Users\Admin\AppData\Local\Temp\TALKIT.exe"
                      1⤵
                      • System Location Discovery: System Language Discovery
                      PID:3612
                    • C:\Users\Admin\AppData\Local\Temp\TALKIT.exe
                      "C:\Users\Admin\AppData\Local\Temp\TALKIT.exe"
                      1⤵
                        PID:1836

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        18KB

                        MD5

                        57dc96c169cfa48af184da639dd45e08

                        SHA1

                        b272cb125bc9cd245f80ab3c921fb5e60759c03b

                        SHA256

                        2685995fca9a46a068d2c94bcb525bdf46fc3b07ea0e4a03f695d01fba9d4889

                        SHA512

                        4817d19e50c7809d6034f4817bced8a907e7d88ead880d9ead16b7b63e12ae27c6c1ea4d9eda1ffc1ec974ea21ac26c24f6ca92c03542d44597a5790a0c62a04

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                        Filesize

                        479KB

                        MD5

                        09372174e83dbbf696ee732fd2e875bb

                        SHA1

                        ba360186ba650a769f9303f48b7200fb5eaccee1

                        SHA256

                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                        SHA512

                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                        Filesize

                        13.8MB

                        MD5

                        0a8747a2ac9ac08ae9508f36c6d75692

                        SHA1

                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                        SHA256

                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                        SHA512

                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin
                        Filesize

                        8KB

                        MD5

                        0cc6c5342a22623cd9c6b81d6c3779d3

                        SHA1

                        35f232ff0a2cf1b41db21f4777bd7cdf6e7dd8ec

                        SHA256

                        3c78cd08c4620b61be533686413e4ae05508e9e46e8845b9ba8b4e44a35a4b4f

                        SHA512

                        8e499f7797d162a2d8dada95d550ed29394e0e383361fe92e371c7b1fe8d77181de8ed76ffbfe996194c6d95c9d0f9c8f8ef29665c6a2eab09cfdb83fbf62666

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        22KB

                        MD5

                        e451f53d70c062a062601faa54287b1e

                        SHA1

                        178f51852f9f077758dcc563b30590eaf90d91f6

                        SHA256

                        cb2cd45c96700608c73644c60eff5589aa5d435b1ffa3c0aac65ada2dc98dd78

                        SHA512

                        f07dabeefa31656038194dee27bc78eae420f579119070d24745f65f21b7885e1952229f60842906982aad57455f221b4484e1ccba084a6997aef85d12d0508f

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        21KB

                        MD5

                        4d1a4fa7930b12a278e55e9e11f030dd

                        SHA1

                        46317f478363ee9168f0af66a85e8bc05b83704f

                        SHA256

                        af2226095bb5244a936609ccc61da2464b6f70245cbc8a063c53be9d49109408

                        SHA512

                        628e615392c5496539e9a9be3b7e3ca0e94326b4817e1d2b592b41ecd049165f0fe9ad5e4eef487ff8ca884861d0d404d7d2b81418521e8b5efcad9cdd631b84

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        22KB

                        MD5

                        972b656e9f0b5c5e1cb9c51c6b224ea9

                        SHA1

                        04fc4f2c969752c61ca53961134a2286c5584160

                        SHA256

                        ab0cfe1352b7b37d39320a8863820ce532233c2440058571f3f96d9f12f60f9b

                        SHA512

                        560c603d8ac1e516119bb796b7b820c1dff64869284c34e25038fcba10f22643a615eba07c5dd273eb3af17acb98c1cee8901926c13e7d104e27a508646b9b7f

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\ec3f41c0-6218-4cce-b7df-70f8654cafa6
                        Filesize

                        659B

                        MD5

                        c36bf669b7bc1b89b638c0ffbbcf7f46

                        SHA1

                        ac6497d0682e8af206060f295d5626bdd198e9b7

                        SHA256

                        fa3967d7399cb51bf0c3524a66194ae486fe3e72c25160aae04e259b61cb7490

                        SHA512

                        0a9374992806bd222221b2a2f4b04e5c2204aa78c95846fa52352f75111aaa149bac86a6be50a2c2c894a3aef20e47acab0f9e28ae9f7bf32aa813eca8294ba3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\f107edfc-4c7b-4eb2-abd7-0dba51b2f80e
                        Filesize

                        982B

                        MD5

                        01396d900486d3677ab7f9aba3a0c898

                        SHA1

                        6869377550e2aacdff8f2afe31e85808a11c6315

                        SHA256

                        959323faf3b7ca9a0fb8822dfc98e82c7b94c5cbf6122643c4e8a41ed96e0be8

                        SHA512

                        89e247517a0cee8ee5135f625b343554528ff36a463b3512e61047d57b3342f1e865bf7e81912564fec5a4ae2a40fc6dc434c41a43609acab17ba11527cd37bb

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                        Filesize

                        1.1MB

                        MD5

                        842039753bf41fa5e11b3a1383061a87

                        SHA1

                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                        SHA256

                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                        SHA512

                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                        Filesize

                        116B

                        MD5

                        2a461e9eb87fd1955cea740a3444ee7a

                        SHA1

                        b10755914c713f5a4677494dbe8a686ed458c3c5

                        SHA256

                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                        SHA512

                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                        Filesize

                        372B

                        MD5

                        bf957ad58b55f64219ab3f793e374316

                        SHA1

                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                        SHA256

                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                        SHA512

                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                        Filesize

                        17.8MB

                        MD5

                        daf7ef3acccab478aaa7d6dc1c60f865

                        SHA1

                        f8246162b97ce4a945feced27b6ea114366ff2ad

                        SHA256

                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                        SHA512

                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js
                        Filesize

                        11KB

                        MD5

                        1d752ee59389ff702ef49903fe930b57

                        SHA1

                        9feb89b651276afe69b437ce7ce87d4ad6bbdaea

                        SHA256

                        b7dced4f21054950493af2c8e28751a02041215f777121c618ddac161cb46a5b

                        SHA512

                        a86e780ce8558a3226927ef6a68c49971a369dfd28fdfe9175f649dfebf65dcac2a4e773e0c622a95e5f2fea564535a9c8bcaa7ced3e8431e67157083d7018d5

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js
                        Filesize

                        12KB

                        MD5

                        7e26047d938aef0775669dd7ff843ef4

                        SHA1

                        3039dc4edb8fdee6468b48408005ef3c07dd2584

                        SHA256

                        a65de550af15d2c3b121948eb89582c9b39f62d133543ec9ce80724b469ba33a

                        SHA512

                        f0d03696fbe0010ac00a35eb59488366305653a6dcae1b831260c2250fe0ffc129d1319781c3ee81edc21018a7e5c2fd68ea30b22c67cbf09b8b232274f40e29

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs.js
                        Filesize

                        11KB

                        MD5

                        a2eae467ed9759db84eee4f45f887753

                        SHA1

                        50971ee1fc19979ebee1af6bb360355f33255f39

                        SHA256

                        dc1a297a2c56fd0a28a52abff555f99c13dd104e53fcc452b401b62e358c0df5

                        SHA512

                        d1789c4f03a87640e8222bcaa6dcfab61bcb34a7a4ee70f510110d735460a0a2c0faf63db1f06ea2631d657a6447a0c0275d3a58e4814897cf7fbe6b291b7a88

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs.js
                        Filesize

                        11KB

                        MD5

                        e7f74ba28f98e1f4a212429307ff4422

                        SHA1

                        58af10f1652a07827eae5e5c0b0f3170324d36f7

                        SHA256

                        71660c5d640903a0ccc69ba9c78c8273135449e0274ac34ac6f5007b68a151a9

                        SHA512

                        748259536aa9a30db1d4d12bfefe59b0cd6566628bbabaef50a8037803e72f5e212bdc532971bcd119d3a045ae273a61e977e6561d5f98ce035e00fea5c510c4

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        4KB

                        MD5

                        10784f7a0f8e302ad3dd44a0db9a87cf

                        SHA1

                        c5155642a9200d0d51febbf168e032001ceabaa4

                        SHA256

                        2a2e00b87f20eec2727dc77e97eabf222f5790e2a3afac48b6f7e302bc858a8c

                        SHA512

                        2225894ec91e0ba609a02ad09db3f8d12cf66427af40471b373ed99efd5a847fa39e699017be81ea8112c9a953c9266d75a3a213bc8f5a42a7e3a2eeb1ed9454

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        7KB

                        MD5

                        b029f2c3c6b936de422b989eef8d815a

                        SHA1

                        a5931937c0b43ed1249fd1d486cd2430a475018b

                        SHA256

                        0393f8f09aa0a76a67b42256aa67f99df97af7ea3a21408307ae7c38e1169e0a

                        SHA512

                        2b38011340fc43697ca6d20dc9cf4876aa1bfed2dd339c878195c1cea08dc59976b220dbe84ec060e21fc62be889d72822330d2241ef95fbe3eaf9ed471ca502

                        Download Submit