Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
09/09/2024, 20:17
General
-
Target
https://www.tiktok.com/////link/v2?aid=1988&lang=enFSmPWg&scene=bio_url&target=google.com.////amp/s/%E2%80%8Bc%C2%ADt%C2%ADh%E2%80%8B.%C2%ADv%C2%ADn/.dev/SRyxY6xL/anN0cmlsY292QGZpcnN0YW0uY29t=$%E3%80%82
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.tiktok.com/////link/v2?aid=1988&lang=enFSmPWg&scene=bio_url&target=google.com.////amp/s/%E2%80%8Bc%C2%ADt%C2%ADh%E2%80%8B.%C2%ADv%C2%ADn/.dev/SRyxY6xL/anN0cmlsY292QGZpcnN0YW0uY29t=$%E3%80%82"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.tiktok.com/////link/v2?aid=1988&lang=enFSmPWg&scene=bio_url&target=google.com.////amp/s/%E2%80%8Bc%C2%ADt%C2%ADh%E2%80%8B.%C2%ADv%C2%ADn/.dev/SRyxY6xL/anN0cmlsY292QGZpcnN0YW0uY29t=$%E3%80%822⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e8455c0-a741-4ec6-908f-c6c5f76feeb1} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {578f88ec-5590-41e8-ac32-c63b67c90f83} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2804 -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 3196 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddd81925-31e5-45c0-8d85-d7e84e1ee11c} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3964 -childID 2 -isForBrowser -prefsHandle 3956 -prefMapHandle 3952 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {189d6de9-f149-46ee-9d81-da5fbc6926df} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4492 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4452 -prefMapHandle 2792 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c01fd6a-78c9-4b4b-a82f-f132ca9a8aea} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 3 -isForBrowser -prefsHandle 5356 -prefMapHandle 5352 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d169c82a-23fd-447e-a254-2b332469e752} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 4 -isForBrowser -prefsHandle 5496 -prefMapHandle 5504 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b858e39b-cbfc-4566-98ef-52096fffe081} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 5 -isForBrowser -prefsHandle 5672 -prefMapHandle 5676 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b173085-9e2a-4392-9167-6c9b5fe9cc5b} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3100 -childID 6 -isForBrowser -prefsHandle 3636 -prefMapHandle 3096 -prefsLen 27487 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c550ae3-52d4-4545-9cdc-0391be3dcd4f} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD597344418b7475cdf3258a60aed7bef6d
SHA167954388b6ac627297fa68256b6adb4ac2427a49
SHA2563a081957b563a4278d545724072d6ec428ebd5a983a993eccbb21233a352084a
SHA5127b1a28ac41b1f513f6356a91aaebcdb0c0d42404f37f9239497ab5f01f9d0b5ba835a8881b6d6bf506b2649f1ded300edc5579fa39425a2cfc7c7107f8fcd0de
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
8KB
MD57487707397f7ae2fb179cfb96e4ee0fd
SHA121244ad5271c631dfa167d82dc3c0df75f6be7e0
SHA25660de3623ef8b7b3fcd0249fae9a2913ff20e907f214b2bbf15406515a0794877
SHA5120fa9aec2504fa64109d0f036a57ab745fffb3ad272f4e2d09ee2b018d5fd152b1a84b4fc6fd8c8b6e3e1a626165b54af29dc3c9e9d0e343a32c9731dc1405dff
-
Filesize
15KB
MD559b1577ebf0c82b02871bb0262aed5bf
SHA12c78b60ddc0291313876cb35ce7f05173db29052
SHA256a243cece36605e6e15759210a0fc0c669506d839f658df32ebec3f13cab59d96
SHA512553ab4be120e628840a95eff53208c650c2c88f3361a4f153829b23598b87c378a4f72193a20cc3438049b536c047ee5670699a75f862e037dfc7cda6b7cfa52
-
Filesize
5KB
MD54de2a6a0fc693c91905d2029494ae4db
SHA14c0f7858ab274381187dcb2dbeed469de7744c77
SHA256d2e2f23056686769c670e7196a46594b5f6803f48fa05ccd4b8722353d54c719
SHA51271d5664983c9b51dcd34347fc8dfb2d0b45ee066d8bf4b67f555bb651c853e38ef648ec73959d159297d4b4dd0d2643975c90058ba133c2cd6660cd4367cd135
-
Filesize
671B
MD5ebe43fed70134971b2d2a984df2611fe
SHA1188116538465ec26b17bf0d8e93a0dc717048281
SHA256ded7baaa6c27686a6dee9f01bdd470debac8183069fa341b0921859c8baa3a28
SHA51217afb898e930c851620382953e9fda529aa55980fc5363a7371912195a540251675dc2b22bf157685731742a205a4dcc1b71fcfe8ec9a6bf85d8c6628bdcb0cb
-
Filesize
982B
MD564f0ae47d4e78c6ed72e090ab30000f7
SHA11fe62ef697bf8a7fe4fc813116b5b22267f1d454
SHA256b46a5b7c0886f730d9a44033972283bb4988d0f90c2f4d7bfa1fa468235f7aa8
SHA512b84e4db1e066e80add6680aad6c98a620c17f9a424ee987c5ed7d3f230a88939a3b843c61538ce50f6f4ec7fa1d09d34e7457316f264d3f118de30556b8070ea
-
Filesize
25KB
MD54d52cbb50bdb0a69b694e3610a8e62b0
SHA1f8bedd0f9d9244413e4d0f060efdfd5683f42f7f
SHA256a8638a7ee54a8df8a97d25774237648dcdb716d75df93398939eebfadb0df23a
SHA512cced403e643b37d46a4520c6a9f7bc2660b4b078e183597c7ebaf855b05f188d92df5e3a5a51bd29874d74ab9a2666d6c82697c30aecf5c68824dcfdeac10637
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD57ab10e39a137d40a771673f3ae6bf1cd
SHA149a258e65df0069a6bab9cf9779074b7ad72eb54
SHA2563b5c957a6457c0eb9ad2c6082f636c89c09f5209c39acc78c2e944f6dbf5e9ab
SHA512da3183c8062684fd5f165aa04c8745d1629c93cefc745f4fab4a7e59e8db374f029c09bba935abda6c9890683e68b8bed2df2da706bf45e9a4aaeae20b042be1
-
Filesize
11KB
MD50241a07f508cccffafe24b13cb8ced3a
SHA115ad1bede149d2bfdb430f66852c1aeed8fb8879
SHA25616562216cfe65f5dcac79a14c69aef6e381158d9f74fdd5b3cb37daaf80bdfc6
SHA512c29820f1431e48da43e81f6995e6c00a33f734a2acd2d6773ba2f533d0385bcd995e141f229293b5c2e88294b27ccc78d7e96dd4860f506576d05f1be3303f9e
-
Filesize
11KB
MD50dccd3a1d0eac02663de9beaeec6cfca
SHA13d02f761bcb5156da7cf0467df187fcf1505b920
SHA25602dcaa21152b0933a8ec12f10dfc968f39be8e02e781a1f64dba9170fdd6341a
SHA512e266936a3eec7b6a4f8d11b00139410525007d11bcde9970f47292ddc41acbeeb27dbb64144dd10fc589dd199ee5d1941087bde4b9021cc6063125389e369d31
-
Filesize
1KB
MD5be6be503086afa5d97fa198b96ce3be4
SHA19ea7c82d9a8da6af9acbadd540b405a155fdc778
SHA256e785dcd88eae02d014fd6ff577d01292837f39b0f711d7452500f1d62dc1efea
SHA51231f73c01d8fd04a3c59e01af4ad70ff87bee582b16fa250a97c8efd1be9ccd4009c35ec2174d51acc623707b1ff7c08f33a7aaca13ac4083deb054bceec57fa7