Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1795s -
max time network
1800s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
17/08/2024, 23:54
General
-
Target
watch.html
-
Size
746KB
-
MD5
c4b7564f403d813e32d3e50bbcd0a249
-
SHA1
32ea053becd4fed3eee89014bc1c544a14ebe311
-
SHA256
6a2a635b29935e9b7a1630d20c36816ba93903c6527022959a86ff3c2345f685
-
SHA512
42f2b8cfa4e7b6bddf721a71d2437c7929442ed6ca2bd96f0ac1da92edca8a8f69dfb45358996969b4437ea4d962d52818125506163e8f9c5a55af927a0f8c22
-
SSDEEP
6144:451YkTYkjYkAYkzYkeYk2Yk6YkXYk1YkoPDP8F4E+jx2v6DsPCUNfLKAYf0t3MD/:4DY4YuYFY0YTYXY9YEYcY9PJG5+
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 37 IoCs
-
Suspicious use of SendNotifyMessage 36 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\watch.html"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\watch.html2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0422906-824a-434f-83d6-14763a38baea} 4808 "\\.\pipe\gecko-crash-server-pipe.4808" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2456 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6a7141c-239b-4478-b2c2-37fe457cbe4b} 4808 "\\.\pipe\gecko-crash-server-pipe.4808" socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3184 -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 2820 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0649192b-1a86-4287-a62c-bd0212dbe0b7} 4808 "\\.\pipe\gecko-crash-server-pipe.4808" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3624 -childID 2 -isForBrowser -prefsHandle 3540 -prefMapHandle 3536 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7de3d28c-0239-4266-a42d-3e7d92e86131} 4808 "\\.\pipe\gecko-crash-server-pipe.4808" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4924 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4948 -prefMapHandle 4944 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abf1b60b-87f0-407a-a412-0f72013a854f} 4808 "\\.\pipe\gecko-crash-server-pipe.4808" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5448 -childID 3 -isForBrowser -prefsHandle 5464 -prefMapHandle 5460 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26dfd184-3616-4734-9f3a-79dcc168026e} 4808 "\\.\pipe\gecko-crash-server-pipe.4808" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5712 -childID 4 -isForBrowser -prefsHandle 5628 -prefMapHandle 5632 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8535916-e681-4980-ae5b-ed70752ea13a} 4808 "\\.\pipe\gecko-crash-server-pipe.4808" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5916 -childID 5 -isForBrowser -prefsHandle 5836 -prefMapHandle 5840 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73ca507e-6289-4d35-9091-3c83b76ccd15} 4808 "\\.\pipe\gecko-crash-server-pipe.4808" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6120 -childID 6 -isForBrowser -prefsHandle 6112 -prefMapHandle 6108 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {220ba2a0-b14f-4cf7-8907-eee388637f5e} 4808 "\\.\pipe\gecko-crash-server-pipe.4808" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6084 -childID 7 -isForBrowser -prefsHandle 6088 -prefMapHandle 6092 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ae8750f-5567-44bc-b5dc-13d798607d94} 4808 "\\.\pipe\gecko-crash-server-pipe.4808" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3132 -childID 8 -isForBrowser -prefsHandle 1696 -prefMapHandle 5820 -prefsLen 30495 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d7fc094-21ed-497a-a380-e408a85024d3} 4808 "\\.\pipe\gecko-crash-server-pipe.4808" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6720 -childID 9 -isForBrowser -prefsHandle 6744 -prefMapHandle 6296 -prefsLen 28040 -prefMapSize 244658 -jsInitHandle 1032 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73991f3c-67a1-48fc-ac8e-5f3693cd0ead} 4808 "\\.\pipe\gecko-crash-server-pipe.4808" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3608 -parentBuildID 20240401114208 -prefsHandle 1548 -prefMapHandle 1860 -prefsLen 30574 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f89edd38-c5b5-4909-a0b7-da4bc0e7d348} 4808 "\\.\pipe\gecko-crash-server-pipe.4808" rdd3⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1292,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault755cccc5h1699h4033h9445he169165665091⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4272,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD5c460716b62456449360b23cf5663f275
SHA106573a83d88286153066bae7062cc9300e567d92
SHA2560ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
8KB
MD59a275d1b98a7cded0860da1bbebe1080
SHA18a6343d5ba77cef999754be4b25d812314a867e0
SHA256bb0f3a294454be8a8e8e382bc7235b6063b2e87be9f04ef67f3f96d10364165c
SHA51265473a92efe1ddf5acc684d6daeb3f61f9b6ef9beac1f4cfeafd027e63d0100f46446447d022735749f9abe3d744c51fcd76bec83e777db4b91065a603085186
-
Filesize
12KB
MD5833c503d0aaa87fc0ad5d723e5f18751
SHA1a1fef47acdd5fbaa2c0ea1f6fa0b31145f6cf885
SHA256cbeff2d88bf1335c0e8023b2e1d33bba288ac2a791782798a9500692fb3c0f83
SHA512ff6311ddd4dde515e98391237511dafbcb1ec4e44319f596928b39bb2fd3e8b17d04b02715529dd3ccbad529a9fc551d5cefcf630220e2b7a4770fe5f927422b
-
Filesize
21KB
MD5f6c0e0a92e16801d3dde45135236be44
SHA120eb41dc9e0b3cc0cb9d6452a360f42303d1d931
SHA2562311a2dbf72ea67618e0b94c822e58c83e1910a96105d7e98c88ff1c955214b4
SHA512457b41629e9381b66e239da907aa5cc2abd95465ba75277070ef60a70f0bbc3b4d78cdf54d4859b6d049a4fdaa454fd123148406e30a8bffb7172d36a5752ee3
-
Filesize
5KB
MD5f13586775500ad900e2889947d38556d
SHA10eecddc0f60f70c72cbe55a09a57c50a9d09a7bb
SHA2563a67a981ee4777d3102cea503de979407ef7ebb84ddac8b97d3879aa57e49ca1
SHA512ed0a8a2e21b8d7f90806ca1dd7184c7948ae6c356d6326741606acc07cdce6dee40027a561716e222e82d879608e23f1a407eda94b098b7dbcc4f2b635770711
-
Filesize
6KB
MD5456b3843d5139ec0011a98dcb9195450
SHA1be7fa9f086f5bb93d842568e73f5ee1ab6212e06
SHA256f57df2d6952b39a592e9e1c8896fdb055c4136536abf8b97c960b9f50fe03c28
SHA5123624f67dd03932531b5e6021f6ae4077f2f527e64bf4fe82226a00349e1e0910827fa996d4e65a66e8d926b6d7e9bd806cbfc61bbd2bb172eff83a29f84c6300
-
Filesize
7KB
MD54dd6f83a26daa546b829e307073c2a03
SHA1512fe3c31191b61791a70b8384f55c6d4766bc3c
SHA256ddbf58cb09a5c2014f30c7dd2306a14d8ce1d5402f243c1e786d279a0341c3b7
SHA51237735e2fbc9b961549e2addc5bdb781cb3e10b13c201ce823f41fbb216b946ab0ba2c70377c77be45dbccaf2c7c4ec2de287367dec1f442ccdd0df5e0d37b9a4
-
Filesize
6KB
MD5b08acc1685bbf31f9cec48dcd987b99b
SHA1af2fd0a95ef4408f271229074be1f864218cd31f
SHA25607c6198c18805136079cca9c23d16f7ecb068bdad65b8600f8960c0aeada47c9
SHA512bdf1dbdbd34a5f4b35b5ed49fdb595ae38c4b09e760c0b2fb0fcd63717f5d1c8e32b2d6082ff8c91df2db930347c859ea1f2a5a22c6bfefd5b8d9fe3114ccd91
-
Filesize
982B
MD54f6702d38a145ebc530cd55af1eb2c61
SHA129161e56f3e333ebacfc82a0145ddf52554a980e
SHA256b7212f8a83b3931330de771cb27002b5864c998135eb533b768b61669f6f5263
SHA512771d96f31cfe91f0323425aef74f40a35d2b25184de0dcd0aca65c4e829165b5c337efa871901f4f1b3335b9c25853c7cdec636abefb8b4b749f828b5aa23aeb
-
Filesize
26KB
MD5668f103500665830d72b296be9b1ae60
SHA1ee697b1a3562ba70047b62a30489ac9348cc7a42
SHA256c24a1f0c86e98d6ed29a62832528d5ebeb823bedcfcc0ff117ef098e44968eaf
SHA512b0597d704d992d4d73e29782d4f4d0d9683fcc5cb38d89c5c389c3548feb28b934c8677cbb208f31499d2ac77a2a346ceee2c718e0e8db634472187425351eff
-
Filesize
671B
MD5846cea1c113484b5bbd3d8febb7519d2
SHA1589e57b9d3de114cb31d3f70067065aa138eef07
SHA256aef21c4094f018ee11bf32886a1765d1283b382dbee45250083832b3cb76deed
SHA5125e5f9585dc97e365d65c13a62adc6a046b8f272a98f18fd006c90d20fe05191aa8cf85987d36872dbdcbb10509547823e1a5bcdd32de1c82d24bc04470b26b9d
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD5a6a265ef02229a69f36134d4df451218
SHA11a7ea0745ccb9fea297947e176652dbdcd7fe151
SHA256d5557e4cb98875fdf4b96825c698a786235f01a772b9b31161df1d8364aa1a59
SHA512cf3e39c11328aa951027b7af23b542f56c68194d3211aad371ea79b38dd7513b2966b2ccb5e1c0a16cdb08bd6a91f4d47fa5b3be807a36a1c19dddf114e9e154
-
Filesize
11KB
MD535892ffc79d80cd15ffdf25b15a99f19
SHA1154d2f6d97f0855e7530c06c26aaed1dd84e6069
SHA256a58bb4768a9de3e10b47c1504aa171eba5058381bde200d39bf345137b31e5d7
SHA51280360f1212fa83d1fa7b347bd78ecc161bc69b4dc25ca07c664acd0705ce24035f2e692adff80fa7f469e0f933168d7608877033732fe5654a054b314976df1a
-
Filesize
11KB
MD5057593c0a5c73def7e8416ddcc8b0700
SHA13b5e38ea85ea189b80892aade308175a8e1919df
SHA25695e9f283fe3c677bdb18fd2b4ba02f5dd0b8b1aad6668bd77e99cd75c47d5557
SHA512143a248acfc0b19ed63078de7316f7d204d897cb7b0a4c790d94893947ea63ec5734ab5bcaa8897fb5099df4d4994f43dea125830f264883e898f4fa0d12b36b
-
Filesize
2KB
MD55368e624670f41a560f7b7eb334a6df0
SHA1b3c25c63cc727f8df22a65c6a54f1f460bb24374
SHA2566fbdda4a69eaf93542c48eaf06d1408d3f1b87adfca97033029dc7ac8fba3305
SHA5124b1f532f3c0b3667f61a99d37ac45510af57d708ab663ca04bc407b1e0eb20b1a6f1ed139b4e3e425c69e4794b6f86c07ca56289ba1d0cd72e119eea05626a42
-
Filesize
3KB
MD5afe25f4515c26f15e88a121ae1b2d06d
SHA1c50567e50f8644995a768ba34355b7c81c94cac6
SHA25607aa57ba82311645a594137ae4b223b0959f81e9cefa0a8e4ea5ae209ef05f40
SHA5129d6fb6e7f92b5618742c8dcb1973c5fcaec3a489792a23e209db89208d32df1a0b36bd606cc3745fdd4b3e88cf9326522a0016f585157bd1ce4daaa757d0a5e2
-
Filesize
3KB
MD59d4681d0bf87f76342a409c850deb31c
SHA11ab8c3dab5fb5bfc2af8c0a7d58081db590ddb0d
SHA2561e4eee00231fe9469e5fd13d996b40f20062f8329720b7a79b5aafd34aa7723b
SHA512b335d43a381ce7ed250751ed47047c16de901886cfd8b93b57295b2c4e25ccfc1e6e4f7100c935d94af288acbe880612c0f13bd84e5c036cbbe65378fe4070d4
-
Filesize
48KB
MD5991028e287a705c3da71ec1e0ad5fb4b
SHA1bba621290a0a047e0c58283ebb470fe7248565bf
SHA25697fbf59e197440f917ff63c74a4bfb2ce50fd6d1d85fa41aca85bfd431dd5545
SHA512214d77f44aee8ccac05e6bb1bbd4f1d2e96cf74451fc94361624c3c17c037e4197a29afc83aba5db463ae529a7a991f26d3010f6a26028296da8946a00449c23
-
Filesize
576KB
MD5919ddc1c4ef41bbed6f46cc5c9d64467
SHA190b39f49acb28329ecc6e4459f3b5ccf557b5f97
SHA256e9a607906a49bb5c43365d5bfcf1e9813ecce2bba71aa1fd4035e947144ae2ab
SHA51220ab1112abc4d59f390e8a5dfb4d7a7416ac23aad9ed84b036e3797aed372ad2c9e59dba67d842040c8c6b6946a5bb002778a4e4344a601757d4063b6da492d0