Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
15s -
max time network
15s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-fr -
resource tags
-
submitted
09/08/2024, 18:09
General
-
Target
http://86.193.6.117
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://86.193.6.117"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://86.193.6.1172⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94d0d93c-b8f4-4271-99c9-819c77c5d265} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2432 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2412 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd09de70-329c-4cff-b164-2640147f8604} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3060 -childID 1 -isForBrowser -prefsHandle 3100 -prefMapHandle 3184 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e34ad6a2-e19d-47bc-8502-7d207e7ca4dd} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2808 -childID 2 -isForBrowser -prefsHandle 3836 -prefMapHandle 3832 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d09659f9-2bd9-4d0f-998e-25c9c59db5b9} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4284 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4372 -prefMapHandle 4356 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef68392c-32e1-4bdf-8be4-1a41912ef19a} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5160 -childID 3 -isForBrowser -prefsHandle 5144 -prefMapHandle 5140 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11c55856-d261-4bc3-8003-b8008f727d91} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 4 -isForBrowser -prefsHandle 5396 -prefMapHandle 5392 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8584128-de5f-4088-9417-4ca4d2be078d} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5308 -childID 5 -isForBrowser -prefsHandle 5304 -prefMapHandle 5404 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb40aaeb-ba88-498e-b955-8f777c55f3d1} 4568 "\\.\pipe\gecko-crash-server-pipe.4568" tab3⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=fr --service-sandbox-type=asset_store_service --field-trial-handle=4136,i,8457343488571993338,13289450751020348124,262144 --variations-seed-version --mojo-platform-channel-handle=4084 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD5c460716b62456449360b23cf5663f275
SHA106573a83d88286153066bae7062cc9300e567d92
SHA2560ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30
-
Filesize
5KB
MD5ac78ee3df52c5c098813fb1c49853fa9
SHA186267719183719db334f1c30cf61d3625f198d91
SHA2565fe0a2260bbade4b1a56fa2c43e809635dfe995e4dd78fb79d7108496b04a90a
SHA5122913f7dd8c2e3bb71b6b8f71c1bde3771faca3af5a5a0b38b565300de43887dc52850a84be1f5f600ad4a79bfe4650efdedab315d79b38df8afe5f4d2dfdc649
-
Filesize
6KB
MD5ed22d6bc17dbc93b40649f9f27d2dfae
SHA114e65f54b7092809e0eda1adbb95fc522dc1a8ea
SHA2563551a1c88c5f5c8a389691b3c48a42b3c298defd403df83f931e709f8d0aca9b
SHA512ef5f302f63108d551a4302b4fcb74fa3dd4615915cac300793353b39013278fd98032009b7498926dded79f8c5d738c3b791b344cfa5c1e8e69ec25f951613ff
-
Filesize
6KB
MD55dc610af2a02e78d96cefdbc5ab80271
SHA1f00b6d3272ce8dbce31c079b1a6867be6b0af4b9
SHA2562fd12f845a73faac1d2fab47610a567406834ad26693a3c655d02e22fee6a6e7
SHA51238c5ad41d4ed8252c28c0f89a7a7bddea77d05d0f6304aca6aeb110d25fd7235781fbdfa3e49006267d48f81ef79027dc76ac2791d330bed136a28ddc7d0d903
-
Filesize
26KB
MD5b2a6b31a7ad50f331d400d1c0a5067a9
SHA1740c7fb566a4fc2b8890386c5c0a44a7ebd74fed
SHA2566561ac6f3de7be6da40c2e4ce17aed312125ed686d9352aff2100c71d3385e76
SHA512cf2611619e3622b8dbc92217452c11837f53d527e60f44d5103c007fa6bca9c5903e233ff6f9d5897689b3cc77b4fa6ca6125308408198b7f8f48f27caa1481b
-
Filesize
671B
MD5c7c3adf6e1f48d541ad0e2781dee2d07
SHA18a2cb8c8600efaaf75d2b89602a179835f5ea7c7
SHA25655096f169664f4bf7cf7cedfceb3e5ef21d33f63985b8891ed7cab9370b9a922
SHA5125f0aaa69e094040a9c8d7476452412c690c8a9f3e15757200c3efd7d0707cb2eea7e2a4865724532cc80be2dc4be59b4e964887f0919f0ca8a66b5fcc23d901f
-
Filesize
982B
MD5b3363c9b30b82916f7b8e493bcaa704c
SHA11c37e6fcaa544b22def143abcb2b3423e36e19e0
SHA256a5439a2df2adbe85b0e3c6cdb3d472279e7a3416cf8cc9ae360add9d2a29878f
SHA51201a29ac294178faa750ff5548356619d963483b15bfcf3297b1f10868ecb8d12e09a02df24eb50eca08b74ec3a6b23fdca6223321ba1c49c1d167860f4f9965c
-
Filesize
11KB
MD543155c3deed2674da642a147a829d486
SHA16298406aabd470f210da6288fc3ca3f4cb4f747f
SHA256233cef7ec1cfb1fdfc1995f979e9c244ea7131bd6e642861491ea47ba87e534b
SHA51269fe770983fcd56f24165e9ed80f4267e86083bcf80e78570489c52aa6433517e46930e008b0a23a2322cd816745bcb97b6a16b4e6b115a75a0e6283ed4b40b4
-
Filesize
11KB
MD55875fcd132b732be64c5ef2cd7d5e4e5
SHA1587ee4e3ccf94ea022e5b30924e058aca4fa8e6a
SHA25637163eb07c11e4138d9018d716c062896c061fada4281333861f436ced68967c
SHA512b9e16af208d88575ebe111709dd56b605a8a7ca6a5288a3d39bda7bb6594e9ddaf3491b603567cae78950d755c661ea497a8e639fa19fcfe3cef4c8d17582d7f