Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

modest-men...]_.zip

windows11-21h2-x64

1

modest-men...g.json

windows11-21h2-x64

3

modest-men...nu.exe

windows11-21h2-x64

9

modest-men...me.api

windows11-21h2-x64

3

modest-men...mo.lua

windows11-21h2-x64

3

modest-men...nu.lua

windows11-21h2-x64

3

modest-men...xample

windows11-21h2-x64

3

modest-men...le.lua

windows11-21h2-x64

3

modest-men...on.lua

windows11-21h2-x64

3

modest-men...s.json

windows11-21h2-x64

3

Analysis

  • max time kernel
    20s
  • max time network
    22s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05/09/2024, 12:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    modest-menu_v1.0.1_[unknowncheats.me]_/config.json

  • Size

    3KB

  • MD5

    3bea77ef233e2e32636ba889ceb489e3

  • SHA1

    6a0a6be2e24cd5497fbf0298e244234716f5419a

  • SHA256

    a8732f591cbed2b2ab923236d22948f10cb7c4011d6a1018be2fe3c8e8fbf5f2

  • SHA512

    c924567c6c683b90b6dd31af7e976a8222d164c99137b38149ef79d4a1222b35c8bdfef155ee071e66c38b1601f3868c22c30d477fbc5f2dcd7599cd7f4be707

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\modest-menu_v1.0.1_[unknowncheats.me]_\config.json
    1⤵
    • Modifies registry class
    PID:964
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\modest-menu_v1.0.1_[unknowncheats.me]_\config.json"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4640
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\modest-menu_v1.0.1_[unknowncheats.me]_\config.json
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4408
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {006913e0-2174-4edc-93ad-d9fe4adf8b82} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" gpu
          4⤵
            PID:244
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f613ff7-1990-4461-9854-6b0ceb48f42a} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" socket
            4⤵
            • Checks processor information in registry
            PID:3864
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2880 -childID 1 -isForBrowser -prefsHandle 2872 -prefMapHandle 2716 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {209688fd-9b8f-4819-b7a5-e36c0ffba5b3} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" tab
            4⤵
              PID:2272
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3584 -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3568 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d837b86-5547-41fb-bb9d-479b162f389f} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" tab
              4⤵
                PID:560
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4508 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4376 -prefMapHandle 4428 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e91f0c1-7ce4-4a8c-ba46-e15a5b97f177} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" utility
                4⤵
                • Checks processor information in registry
                PID:1932
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 3 -isForBrowser -prefsHandle 5332 -prefMapHandle 5328 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63d032e4-6d61-4b8f-ab35-26dac0e403c9} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" tab
                4⤵
                  PID:240
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5356 -childID 4 -isForBrowser -prefsHandle 5340 -prefMapHandle 5336 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {faca9a90-d4e4-4de7-aa18-eda417c01039} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" tab
                  4⤵
                    PID:2620
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 5 -isForBrowser -prefsHandle 5496 -prefMapHandle 5356 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34348817-8501-46ea-aec0-23d0cdaf4c0d} 4408 "\\.\pipe\gecko-crash-server-pipe.4408" tab
                    4⤵
                      PID:2740

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\activity-stream.discovery_stream.json
                Filesize

                30KB

                MD5

                18bb9bae5ee912db81a91666b65a35ab

                SHA1

                5af54231a41de0e657dba4a7e3852c47ca641942

                SHA256

                751f9ded04b7bd03d9c22d56002d8874ded61e0250e77713734412afe12108af

                SHA512

                854434b5ae9419af3d92fd70bb32481b24e3a99f836da3aa4370073a345f51fc3e48a3bdfb9ca7d3b54ae49534df69699a30f17e44e5637f7044b8139d919803

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\AlternateServices.bin
                Filesize

                6KB

                MD5

                529157c79337de7d1f1c250b8452d453

                SHA1

                9ad0e238479de7f21fa1be7b5c8c25f6e6085a10

                SHA256

                1e36f95427240fdd7ed618706575c5c19be1bfa70434c004c06dfe516b9f3812

                SHA512

                33d6da67b409ded07def33654ccc1243ed50553b0fc2ce2961d543da8d01a7457a41e7a2df194fc636a3174f9062b95cda6158e77c74569512f6d83c159058ef

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp
                Filesize

                5KB

                MD5

                99de39e5d32ab58865a10b030308098c

                SHA1

                a4fec4dc225358ea8d07c725dc428d83591c7e87

                SHA256

                5030edea4fcf70fa6d7e49e5a3553fc1980f8816208da97718bb46ed061f5ecd

                SHA512

                b783e2e5a6f512e7590e1aa6cfaecf6d89d11d52f97edc6ae2cc3d2622d0eb71eeb1580a7f2107da6d7027efdeb2693c078ff836d5b27f0188e87ea4e9c3ceaf

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp
                Filesize

                6KB

                MD5

                969a1f696d726a9fe7e7e3433235b38b

                SHA1

                9dcdd9345276a486c36351a4cb263c09124ecb20

                SHA256

                55a349ac8074e2d38e68be20ad2041585c656678a870cef9e9ec682f0a58ae1c

                SHA512

                b5ad9218609a17f019a522ddd028e8df87da14b4fe1d2e28b8974e28c454ebaf6c56c9b1b109d7d52cbe5372a974c702a97d77fd8a5163a6ee10e86da7e40f3d

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp
                Filesize

                5KB

                MD5

                64587a1eec13545b44a6e961fc2bf8f6

                SHA1

                efad7a65ab07da605d84c3ab6b05d6d87b90d41d

                SHA256

                f4d152cbf3b120fe619a6f993b43148768efb1129a0bce273c60613aaee69f9a

                SHA512

                c4db19fb384a2ea73b96a94f1e01fb255c94abe3fa7725c4096c1e1b1ecc71651ff452e5e60dc3d92255c2204dae088342c577cf3c4e18a5c9414f56a45424cc

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\5b6bdd31-7e35-414f-9214-3210790e54d5
                Filesize

                982B

                MD5

                e319874d31575b55513e63f4af7e73ec

                SHA1

                1e86508b95e158c25fbaad2bd887249b75454df3

                SHA256

                3a7e166f8ba5851523124e2075aa3e832fda6643908abb95daf9c608169d6a8c

                SHA512

                cba0415ac38278bace31380fdc1be4d4d9e4c16c62dfa96edc83d54e294b7b909981cba966fbc143092a1cddbdba28dbcff13eabfa0123450fc92af09dfd277d

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\7cbbd1de-1cf9-43ab-88d7-c10b8ccf0437
                Filesize

                671B

                MD5

                53456c55854f8b7dc016bd9ccf1b20bd

                SHA1

                ab1f6304f1821969ff87fb0701a395726ed05684

                SHA256

                a5c688c67298a67a6b5d91848d483c7ada66c396b5ff1cc0b120f84ee8653ce2

                SHA512

                d9b5f46b7657ef1a17f8684f485f168b53984d2e17d4960f1d29747271c42b9c5e6672896479f6a65aa45c7706a0b5d368b0d2180dab8358628d2a4b89dd28f4

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\aafec0fb-974d-4233-bb06-5392cf3364fe
                Filesize

                27KB

                MD5

                417b5e3ab2aeb00a0ec4b6e760406f35

                SHA1

                1b331ec10b27389e003d055fd8a80c7f4f5d48ea

                SHA256

                c83a957b89230262533c0a484cccf15c8a2b51da3a0b4dc2e71e2fc9c6e27c7c

                SHA512

                42b861d63fde9959a0ee4e7f6cfd21c95001d58221747e26f369080cdc46a455b2c0b3973f766778bffbc0f459113a0fbf72eedfdfe3c74d5cca5c206ee8fa94

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs-1.js
                Filesize

                10KB

                MD5

                fb89549b5353f0da8743abbb7ec0875d

                SHA1

                e7eb7901a639acd6bd37afa47e51798c0c15ee7a

                SHA256

                1bb13f745aa9a8e2d2779f30216a67719d2500bc08bf62c87df34f80814846fe

                SHA512

                9f1043a6f361f40c93d67dc9cc5a2e4d9f812444176de3db2cfb05194e212e857786283877010bde11f0f5b5f021a140c4c1bf542f051793c0a11b32b34dda15

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs.js
                Filesize

                10KB

                MD5

                b7bf3b99b95c576b09987aae8fa03571

                SHA1

                d6e2cb48c1ee2bf338de059b32d04ca685e2e33b

                SHA256

                9b172588c13468ac477a5f909e0ee4425d7bef9ed604ebd765118257c45cf93b

                SHA512

                eab952ce72bbe9dd907b1548596eabb9f8fc0521e89a5cab854e09dbdb233484b53cabc838dc77556051cf57f9aa9093f50d828097ae001f81790c9d67d0c62e

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionCheckpoints.json.tmp
                Filesize

                288B

                MD5

                6b77a9f779399e95d1cee931a2c8f8ff

                SHA1

                826efd4feb0d50fcce5696111af7c811b81adcd9

                SHA256

                3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3

                SHA512

                ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

                Download Submit