Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

Petya

windows10-2004-x64

1

Analysis

  • max time kernel
    131s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2024, 11:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Petya

  • Size

    164KB

  • MD5

    cc8451fe81f9d34ad3fa29c32213e4e0

  • SHA1

    c3562a505e2264288d644169d7e13aae1526dd9a

  • SHA256

    dcb1fece583806a8647c7b06e6a6e71f2e16a074a3d2ce607023f09483ebbb0b

  • SHA512

    216bddef744b539beba613bafdae99a4298ba3822c62a7567af4ac292559c380f789c68c4926f3fbef15dd206f2a696e9c4a008f9c9ae0c026c85a93831c12f9

  • SSDEEP

    3072:3ZxwO1Sr9Tl1wCkeE86/X6OOeWjiWTKRwG/FDZAv3rXP0ks7e3i3HCk5wkLn165x:CMo/a3uokeOvHS1d1+CNs8wbiWQH9rvO

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Petya
    1⤵
      PID:4496
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1540
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {433f7583-ecd5-4bdd-9354-94724eab112b} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" gpu
          3⤵
            PID:2476
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2440 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57312f16-9dd5-4465-9b9d-2ad3ee4253c9} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" socket
            3⤵
              PID:5016
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3344 -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 3060 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2e282de-97fc-4329-8a06-3dc7f3e19a11} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" tab
              3⤵
                PID:4936
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2604 -childID 2 -isForBrowser -prefsHandle 2588 -prefMapHandle 4236 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff211768-3455-44b5-8f3e-8ca969445f39} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" tab
                3⤵
                  PID:2020
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4912 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4760 -prefMapHandle 4924 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b398dc19-fb6c-4bcb-90e4-867f5e0cbab3} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" utility
                  3⤵
                  • Checks processor information in registry
                  PID:4508
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5220 -childID 3 -isForBrowser -prefsHandle 5212 -prefMapHandle 5240 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01cab888-6c3d-45b1-8991-cd668c505886} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" tab
                  3⤵
                    PID:5700
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5484 -childID 4 -isForBrowser -prefsHandle 5404 -prefMapHandle 5408 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b081cd7-cf34-4616-8135-84db143716ee} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" tab
                    3⤵
                      PID:5712
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 5 -isForBrowser -prefsHandle 5680 -prefMapHandle 5676 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f83f4bb9-d0ce-4cf0-89c2-1f533d09d835} 1540 "\\.\pipe\gecko-crash-server-pipe.1540" tab
                      3⤵
                        PID:5724

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37
                    Filesize

                    13KB

                    MD5

                    c1aa60b8fc36fbb80abec080e40e4128

                    SHA1

                    7ce6f8ddd939c998eaf9f97a0cd879db1fbf4751

                    SHA256

                    4a19e644f0fb1ad522c85c1b215b06ff77ac21300c433535e02da44839c02735

                    SHA512

                    9e994b257da28747183f3ea2cd9a56dfeae68b80ebc510d9ef118cf07ad377f35ba38fc38117896102ebefe59107920c6a95bb164f2ccf2076f98c40f5da51da

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F
                    Filesize

                    13KB

                    MD5

                    22721a8142b093adfd8a466571aa304d

                    SHA1

                    c76edba5358d4778e0adf2164d49e81ed9e96042

                    SHA256

                    0c0ab4324d5ead49b858236c79e3300255c2c7beee9cf05e32b4de296ddf6367

                    SHA512

                    85436646b55352850c83c8183ae04452f3998ab188f4a65ce87e5190d06bfa8f9047cae49dfde1484ffed200243ef7a71581c1fca2afa62984ab21ee30f86067

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    479KB

                    MD5

                    09372174e83dbbf696ee732fd2e875bb

                    SHA1

                    ba360186ba650a769f9303f48b7200fb5eaccee1

                    SHA256

                    c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                    SHA512

                    b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    13.8MB

                    MD5

                    0a8747a2ac9ac08ae9508f36c6d75692

                    SHA1

                    b287a96fd6cc12433adb42193dfe06111c38eaf0

                    SHA256

                    32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                    SHA512

                    59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin
                    Filesize

                    6KB

                    MD5

                    229ed5a477b68775bd2cae255a3638f2

                    SHA1

                    31c39fd52936d406bd7bbba407503924c8333e19

                    SHA256

                    ba675c7b1c74dcb9261d2c9b24d5021d4816afc86e866fdd41e64413410c628a

                    SHA512

                    c6beee64e7d094063b4aa693c51a68dc920abaf877a9a0cc79f98876cf9ab5fb9e058aa99682fb2a30d56ba3c91becac0f480e09b750aa67ff403657b0fdac41

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    b199f7c1d8f413110f9afd0ae747cf70

                    SHA1

                    7b661438c0a6ad78ba3050ac61e4133d25414450

                    SHA256

                    403c768a450c93b209147eaa16b6eee745bf71353fcc267482b0065a0969ba09

                    SHA512

                    dfc61e8243276cf6bdda89e3ee8009f2e14947309fc314521f01deec2c7cdd2622c2bf1d93222b5bfa3670ec42537d70e4fdd4961e291d4a605494f445b38bb2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    13KB

                    MD5

                    9e926881472854aa39651efe9e16fdb0

                    SHA1

                    0ea00371b5646ffcab88958c19472c90a4785f03

                    SHA256

                    147dbd15f929ae943ea06c19ce14ff5426b314e9fc05435de792ccbc8450d5e2

                    SHA512

                    736bee88d6dc1c7d5853461cd2ad178fa67dc8c153ec19f35e631168645d1da8ae037e09e0d9b240481df578645ea24cfe92166c30bd18697bdd5a22b4cae77b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\30ecd59b-66d2-4aef-b813-50366122e08f
                    Filesize

                    27KB

                    MD5

                    1901ac46f09a01ba191e4e4fc28b7388

                    SHA1

                    160923d8e439ab8febf956034811751ff323afcb

                    SHA256

                    3cf5367a71dfbb2b7d4b14faa92bce70f5ce3026f71ec1156ab0346d7b3fccc7

                    SHA512

                    a20c21d052d92798e532105df576906b83222b243620e9d514d7fb6ea1306d82df3f4ce529e85f1382e8b46de8b60181e858be03e93b859bbe4845c8a1c8daa7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\3d23bc6d-fc73-4b4d-bb24-068e58640419
                    Filesize

                    982B

                    MD5

                    f8162f6e85fbdee9c0cfbfd7cf8da663

                    SHA1

                    d580a5a3155ef61c6744244b63df5b8a1f103397

                    SHA256

                    4e561790474ad90a38503b4c8d9b7f71dd9cab35124a1d5821cc548b9a1d093c

                    SHA512

                    aa28c0632b464cf2103558d41bb978d497addb8bd326e6fc653076ab4f7f588f5ab6202f5a0dec8a4173d065b08450767a1148bfbff13fbe5dc26d9b6b41fd84

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\8f2c2841-7eb0-4d2b-bdb0-e0c07c58c5fd
                    Filesize

                    671B

                    MD5

                    54d8f39fe03541b1b391f5a6e560d570

                    SHA1

                    26b68b4abea40ef0c6d58287607c526076e5b252

                    SHA256

                    ed4ae74f0451bb042ffa6ca2f18374b4559bef837a58c0781ed9e35ec9f8bf95

                    SHA512

                    f2c2db574c374e009b29d360a7a2943431f9fab6de9b9ade2a4784f7dc62d59fcb58a81dd85d0f749ec7e2164a322b91da11d7ffb099e40a27cb4acff45151fc

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                    Filesize

                    1.1MB

                    MD5

                    842039753bf41fa5e11b3a1383061a87

                    SHA1

                    3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                    SHA256

                    d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                    SHA512

                    d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    2a461e9eb87fd1955cea740a3444ee7a

                    SHA1

                    b10755914c713f5a4677494dbe8a686ed458c3c5

                    SHA256

                    4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                    SHA512

                    34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                    Filesize

                    372B

                    MD5

                    bf957ad58b55f64219ab3f793e374316

                    SHA1

                    a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                    SHA256

                    bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                    SHA512

                    79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                    Filesize

                    17.8MB

                    MD5

                    daf7ef3acccab478aaa7d6dc1c60f865

                    SHA1

                    f8246162b97ce4a945feced27b6ea114366ff2ad

                    SHA256

                    bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                    SHA512

                    5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js
                    Filesize

                    12KB

                    MD5

                    c3979e4ffcb6ab6ab63f8a6f5d4ab9be

                    SHA1

                    66227649d66a51e9e93953eea4fd32a1d0337e6b

                    SHA256

                    0aa855b69de05591c1579349d5bfdd6b203c622d2a5cf9e8e33af99d5b1acb40

                    SHA512

                    f4f41575eb43e906326973ae94d450012a3478e6211375b933847f7accd235536b5df40bf23e591e910e84bf7d650bab8a760f8222957d525c3d144cc477a79c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js
                    Filesize

                    16KB

                    MD5

                    9bb175ffe322c97f15847f7989a50cea

                    SHA1

                    71e912549a4ceafd2c2b0ff166f752b5ffef06bc

                    SHA256

                    2828a6fee97b6ad54a2312df957f725ebfbe155bd71fb42e6360015c68976c35

                    SHA512

                    2b7e9220f3c9415fef6b2368fd97719f3b41ac0e4dfeb3bb207c69edf9488d8033c6c5c15eda6b30c7f042fb7af1d1990fb10905b2391ee07e37c3dc8aa4e63f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    2.3MB

                    MD5

                    dd6c2c78812f79e10b5d494b632ef6f0

                    SHA1

                    041706bca81efdc1024b477609db9ac1e9007f51

                    SHA256

                    584ebc01bef3a7c81b342ab826d37f95e9f9ffbe164dc22c02fe3010e826a7c8

                    SHA512

                    3ee8a2b64f3d2dc60c13cc43185f7b1be194cdc24288c39d77d035eabf6142d45ae740a9a97081264ea8d8e818a303ceade47e857109d223b51e63370dde1b22

                    Download Submit