Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
18/08/2024, 00:02
240818-abtejsthne 718/08/2024, 00:00
240818-aarvbsthlh 117/08/2024, 23:49
240817-3vedystgka 817/08/2024, 23:44
240817-3rmwxswhjk 7Analysis
-
max time kernel
27s -
max time network
30s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
18/08/2024, 00:00
General
-
Target
http://files.msg.cx/Nighty2.2.zip
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://files.msg.cx/Nighty2.2.zip"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://files.msg.cx/Nighty2.2.zip2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1892 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41c489a3-ed56-4943-ba81-e21682a0696c} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2308 -prefMapHandle 2304 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49cb27fe-32ea-44da-8080-f435af9197c1} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2976 -childID 1 -isForBrowser -prefsHandle 3264 -prefMapHandle 3128 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1000 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1b5f9e7-98ca-48cd-82d0-da0cb46c5d91} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3552 -childID 2 -isForBrowser -prefsHandle 3692 -prefMapHandle 3572 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1000 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {deb87775-3777-40fb-bd6c-780000a839f0} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4688 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4680 -prefMapHandle 4676 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df971271-070d-4363-8be3-e1e1c1aa63f8} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 3 -isForBrowser -prefsHandle 5464 -prefMapHandle 5460 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1000 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {490ffea7-bb0d-43ae-ba58-6ba632dc7728} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5440 -childID 4 -isForBrowser -prefsHandle 5604 -prefMapHandle 5608 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1000 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42a00d1d-f8d6-42df-8499-64c610478ea1} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5804 -childID 5 -isForBrowser -prefsHandle 5816 -prefMapHandle 5760 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1000 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ed2234a-787d-4062-8249-49e9b204b17b} 5024 "\\.\pipe\gecko-crash-server-pipe.5024" tab3⤵
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
30KB
MD52867aafcbb007be043107177f2b6e226
SHA1cd5860b891ef7822d7d92de16673d3df05b85222
SHA256fce3e563ff75f032b7a3cb97ba6603baa3e12792dbd8442250a41e8db28e41c7
SHA5120f06383e85b7212c7dbb102ca34fddf66136b95f0ddd43f2ebc0210271e60af7e52de72efd7ad17be29c6fc375ac2bc0b8afb4ed798b0c99aaa306295f660177
-
Filesize
7KB
MD5421c0d86a4a22c536ab6f66dbfc062ed
SHA17ea2c4b7777367efde411b36fd73f6f12bd9b5b5
SHA25694dee17e0fbedd788fe2a52ba3cd61d84271c09bc76a3e88581dc6fd4b4a346e
SHA51237802faa01acb5cf5e1ebd2019cde032a2c639d164fb16ed05eb88e0a9962f8016c72e23566fffae4eed9d767288945f64958268a735186a8616d667f52af123
-
Filesize
22KB
MD5d723f9d587dec9413cad70fcc54c5195
SHA1df86d266fecdc99c0f5eae0594c765c57de99724
SHA256bd1cd6b25b1f3d72a9f3bcf51d15ff6043fdd8f2862cebd59fbcf7054b893133
SHA512a59f7e5df24f26ccf9cd59c69ca42a6a428a99fd6f040832b0a440e9a6717a37440bffbd3c149ac4ad1679fdc66e9cfe6f315a9b168de4924a267d9c91b84ef7
-
Filesize
22KB
MD540b62cfe426338fb3b72faeaf9c83219
SHA17d9547255f8aec809f351abdeaf47f55d354438d
SHA256b15c4e8223541a0852192b2ae10ecc224e7b13b7ea68767aa8810dd07977c9d6
SHA512654b3874a824c45b4c63106e3be42fe6479c0ae5206d4599bf11bc6b037018514be6a5115eab9070fb26ccbbdf633bdfd672f99a19f4c1df2b6abe00392a5602
-
Filesize
982B
MD5210857eda354f90104af053910e5af68
SHA16973570d02f4632cb3a3b207af3c4d6648025904
SHA256fa9a744721db6b02dee054e0ece766feefd2fb04b1ea7edf4e994c46d4584e44
SHA512ab27e9907884a2f42780d30b83dea7f831ff865e216116b10ca66c5372d6425bbf6451d0882f9045cbadcec01560d926f114921dc57e9f3b4549fcbde13fa72b
-
Filesize
659B
MD5f2586db33bd1935cbd42081fb9362ff9
SHA1ede547972efe219bae07952feef004ab10e7c3e6
SHA256b1b8912eb7085e665e877022b4699912615233dfdd16335a05974ea947400cc3
SHA5122575159213448b6348f605aca6768b1ab8d55c885e40ac6142c6e37b124a8006ddfc88749f514735cb33a7677c10267cc919c5393daf059a646df91e96488f8f
-
Filesize
11KB
MD542879555f6acf9cefc40640a1eadd447
SHA185338ad73bfaaced71986e7e56bd231f992742d8
SHA256c717e224913d3823ebf3826cf24769fa17ac28ac7c215eb71a9be65a76dda206
SHA51237d65f5536be55a65e2a14e12ee3e795785bf8f3ac2d0030cf1d66016c9197f9da1955baa9cb62d4878368876c541c294b33bf9ae491991a4cd7de72b29d2790