Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
24/08/2024, 18:38
General
-
Target
6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe
-
Size
896KB
-
MD5
139774364e144d5dd749464d5ca7b793
-
SHA1
a1625e8b41d10c2613f4915fbdec79c882715a2b
-
SHA256
6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741
-
SHA512
043b31a7513e625c26237049548dfcfe95eae6fe499edd4c1dcc46e2142392da794c1a1a553f6c9b4d72720247df50852a280c3daf8e9c1e7e91b82655fb2dd4
-
SSDEEP
12288:9qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTT:9qDEvCTbMWu7rQYlBQcBiT6rprG8avT
Malware Config
Signatures
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 24 IoCs
-
Suspicious use of SendNotifyMessage 23 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe"C:\Users\Admin\AppData\Local\Temp\6132a1db15215012276962d1ff4686a374ea79601f43669a2a371b405cc79741.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd2⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {507df1fd-c928-450c-b243-ece86d8a3a9d} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" gpu4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2396 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aab11500-c83b-42e8-9a1c-995d4119365c} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" socket4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3132 -childID 1 -isForBrowser -prefsHandle 3048 -prefMapHandle 3044 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f6bb9ee-acc5-472b-8305-308b75649891} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3920 -childID 2 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {283ea5bd-1e90-498f-8942-1132a5606d73} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4444 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4436 -prefMapHandle 4432 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d90ab450-7174-48a2-b6d6-32250f944b04} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" utility4⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 3 -isForBrowser -prefsHandle 5372 -prefMapHandle 4560 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fffc2d0e-5370-4af1-a537-26bb62239273} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 4 -isForBrowser -prefsHandle 5568 -prefMapHandle 5572 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c8165ec-50a2-4950-b032-9edf1bf5998c} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5728 -childID 5 -isForBrowser -prefsHandle 5648 -prefMapHandle 5656 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70ede67a-419c-46ff-a1c3-4f2563e4a20c} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6188 -childID 6 -isForBrowser -prefsHandle 6172 -prefMapHandle 6148 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db07a713-545c-4c5e-9263-dd323ecbadb0} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" tab4⤵
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4376,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4088,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=4004 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5372,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5564,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5444,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6340,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=6368 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=5736,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=6512 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=6084,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:81⤵
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5876,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=6872,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=6868 /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD5c5c09205fad06ec13ab0c92d68897000
SHA12c5594b23ca2c6ba79d9f743d8a4fba0275da64c
SHA256b313fb9f7a63e98db3a90092d818027174693edfe9fc4cbb44560659888126b9
SHA5128c4dd297a80883099002e93945ffcf0a24cf8fde1386922af43d56184949633b11a6a01e7034c98699b577e689d43788a5bd6c90180f39b9f622a2da344971ac
-
Filesize
7KB
MD5c460716b62456449360b23cf5663f275
SHA106573a83d88286153066bae7062cc9300e567d92
SHA2560ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
7KB
MD5d05244bfd57f83ffb8c7e3d7fb98df46
SHA1a8ac8442519c772edb41c1429b6f79bb97dc04bc
SHA2566a30f8e1d9e9470dc4279eadd59bc1d1c9cd0048de0d407896bec8db15a5fa82
SHA512f4f39280e4a91dea31a8302858ceaf21ecb4883dab15022ad84cb9ace7fe5d3fe23de5e4104b33c455de46b1a0c8729d6aa4d5a572054e094ae9bacd44967979
-
Filesize
10KB
MD5d870197fb93c2c3e8004202e75972f6f
SHA10496729e34d864eee6473dead2a9e920bdad3e92
SHA25696ee9b4d66df4aed1522be58141c2bf62630b3fc627e23557a8fe6489f13b138
SHA512acfdba0387ffe2ec056ccd1bd1a6759e23107b8a2647e62d7d9273474f611cbf34224ef7a38943efaec21ec42153f11be2ed0990cc5ae6d58dac3385b9174200
-
Filesize
15KB
MD565c5b681063f51c6a8566a2b438e0234
SHA1cdb81f69f599eb3171677f5f29169526728556b6
SHA25673e19946cdec6caa63d7c5457ca1bba01bea4bebba9e7f14dbdd9f709e5225d1
SHA512d23e2195e5d7d57f6414861e7105454619a67e7a69265acc88cceb1e9ec8f0c9177d32989958c9502aa31876d07a61e42100b558d54d2e1868b253ff324c4bde
-
Filesize
5KB
MD54efa3d16a94360d2741a972a6f4d65ca
SHA19c38498c457cea998da1fa358d21f4ebbe151469
SHA256a053dfc9665c5d2bc7d9976aaedbf398a8fbe20fb489567b2a4531e2df06d594
SHA5128fea2d2e359ad430d024f1ef8a8bda025d98ab72eca1b6fb8a606e2013420fe97d964878bc9689888b1fee5e76518c3f41ad3ad9c0f8bc976a69fe92f36fd085
-
Filesize
26KB
MD57614de29ca5dd8794562fbf697b212c2
SHA1efd23a5f95ef03bf31fe9a91761bd1282be4572c
SHA256d41f2eea87c6f9717b15886ba916fc55df96f00466ef5ec94e8df95b6e690d72
SHA51261a4c4ee0db71a2f7441cb57ea81bda01e25af0373f95edf82bb6477ca38a90452cf6a7e8081e78525f2302b70df14981ae0fb4ad3cb5020ee6bcea57feb54a9
-
Filesize
671B
MD5d21d53113bd70409cbf53d562bf28197
SHA10c90f2d4543cb827bcffbe254443221dc3002946
SHA256668020659c71519e1dc8f69eb7fb710b8761f09885cb0877df34535bb76ac90e
SHA51235681254e796f245ae7cd99cb05a7b943a1f8fda75e9fa806004d96cafb7147c912e7284396b96bfc19ab8d7641d0ed43b50b537774b2e9a2adaca44713705f8
-
Filesize
982B
MD5773c9227d05363abe7297355e8ff8d52
SHA16151ec212fea0612b8bfa880ba5e11747d4674f5
SHA2563ddd57ee83a2abbf52d56c5fc515e117de15f39611fe51b07b0d367881052cd3
SHA5123d2e32c5d8d116cd0d1f20020b45916944fbc5b518aad29567320b75d917093471ef928c98773a7613efd243f4987fbf1216f68f676aef3f93beeb4ea5279da1
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
12KB
MD584dce04c89ed6eb751ada77d506fa7f7
SHA17ab5a111eea4eb16e38be7f8f6fa0580d19d7cc2
SHA256abb2e4e260da3896f61197f657ba4f9036acb1ed33dc3965522b62abc227c2b5
SHA5126e8c19dbc139ea0df9df1fcd890d162bba8a4e1cb094e6918d614375f21aedc799d9142eecddbe51cc527de4481737102bfa5e5a997a70984f0116a1cb3f8d34
-
Filesize
16KB
MD5eeb999480265743a67ef6ed8c78dc4be
SHA1af080ba4cffe3405dfcd660be15f3350d2d34ece
SHA256ba60fb3567ea0af82e95fd0474b0d63725338484464486576c339ab05df29450
SHA5129559889bbff9656f68afdab8e84cbdb3a7e77a6843ffeb4a57c84cf1747e0e0842b7cabdeb44affd5b7dbeba5c49c0d114c132496968f61e6e0f658b947f9688
-
Filesize
11KB
MD598b6c832020d31ffe891be8837a2822c
SHA159eb0e36a45dfb3eb8ce6507ab129bb8cc809cb8
SHA256bdedb389eedb6f33a465733e7c41c05da4af6586f116301394f9af8eb9ae261f
SHA512680884ab007ab21710a1757abd591dd8bf466dac22b68ea13f7386130610979483dbc3892b080e0ce442fd46e853b43899aa1d525b958e0b678c7b8855dd12e9
-
Filesize
11KB
MD5774c79e40bb735653595f89e66b6878d
SHA136c5da139e23a519e17c91a92e61df72fbdea2e5
SHA2568e6fd167529b378b09371ccdf4bb3dc2a7b1aab87a1b77f5a5da3c5098f7e48e
SHA51291fe0e333c6a3145dffaafde7b163d45585eb666bd7506258bc2ac3aafe8290c3ac06fd8f9f246db074cb8c66046f533ade0ff5b4ae6a2ad6391feb99e952f3d
-
Filesize
5KB
MD50dc4860d9b404b4e4d298267878dad25
SHA1f758cfbb9ca8c4ffa87296e9ef7cb9a6d22937fc
SHA2564a750fbbe9e88d73b95bcf486859fa3ddd6d0375f8343254a934109199ca1d8e
SHA5126d28d59e20a1d88010cd8553f0ba00229952aa9f958f340a7dba9d0e334821d2a95c1226032abdb03a006b0810e953a715df52ea24e46aabaa99083c735dbd76