Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    137s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 16:25

General

  • Target

    Selenium.exe

  • Size

    13KB

  • MD5

    068c7a3563810d19a13f39ccc38772a3

  • SHA1

    08ebc997f069c8c0389a7388d682ef1f67b1ad73

  • SHA256

    272ca33f654384f60c3b85e10bbc42e28040b91f5afad104aac3f664f89224c1

  • SHA512

    ae9dfe621bd6cd014b0137a3613c2a49b083e5c56a7e01dd958d3e9642e6e5094c4ee41494111c7ac381e9fb939e79edef6727564743b3eb3fb53a32973d8fd9

  • SSDEEP

    384:s7/1TebgAciVU6c35z1R5Mq3/Vs8QbTf6Q:sT1TeR05xFCbTff

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Selenium.exe
    "C:\Users\Admin\AppData\Local\Temp\Selenium.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegAsm.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1604
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 552
        3⤵
        • Program crash
        PID:3632
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1604 -ip 1604
    1⤵
      PID:1016
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4612,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:8
      1⤵
        PID:4004

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1604-3-0x0000000000400000-0x000000000044F000-memory.dmp

        Filesize

        316KB

      • memory/1604-8-0x0000000000400000-0x000000000044F000-memory.dmp

        Filesize

        316KB

      • memory/1604-6-0x0000000000400000-0x000000000044F000-memory.dmp

        Filesize

        316KB

      • memory/2948-0-0x00000000745EE000-0x00000000745EF000-memory.dmp

        Filesize

        4KB

      • memory/2948-1-0x0000000000340000-0x000000000034A000-memory.dmp

        Filesize

        40KB

      • memory/2948-2-0x00000000745E0000-0x0000000074D90000-memory.dmp

        Filesize

        7.7MB

      • memory/2948-9-0x00000000745E0000-0x0000000074D90000-memory.dmp

        Filesize

        7.7MB