Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
50s -
max time network
52s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
14/09/2024, 00:46
General
-
Target
https://bit.ly/4glCDwi
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://bit.ly/4glCDwi"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://bit.ly/4glCDwi2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1932 -parentBuildID 20240401114208 -prefsHandle 1848 -prefMapHandle 1840 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0470f6ce-45f4-4dd8-b386-04a992d6f5f3} 2436 "\\.\pipe\gecko-crash-server-pipe.2436" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd42dc75-655a-4194-a723-5d580a8dc64f} 2436 "\\.\pipe\gecko-crash-server-pipe.2436" socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2816 -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 2784 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43061980-2568-4b92-ad5e-f4262ea4ef21} 2436 "\\.\pipe\gecko-crash-server-pipe.2436" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3588 -childID 2 -isForBrowser -prefsHandle 2964 -prefMapHandle 3556 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af8ec15d-0ff0-4d70-9e31-bc059c30461b} 2436 "\\.\pipe\gecko-crash-server-pipe.2436" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3600 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4736 -prefMapHandle 4568 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f2da29d-328c-46d4-9e52-ec72fe2192cc} 2436 "\\.\pipe\gecko-crash-server-pipe.2436" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 3 -isForBrowser -prefsHandle 5484 -prefMapHandle 5468 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af5619da-1ab6-4174-bf57-256e85709d0d} 2436 "\\.\pipe\gecko-crash-server-pipe.2436" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 4 -isForBrowser -prefsHandle 5648 -prefMapHandle 5652 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {101236d5-dc10-4c27-9d3e-2b24914800cd} 2436 "\\.\pipe\gecko-crash-server-pipe.2436" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5836 -childID 5 -isForBrowser -prefsHandle 5912 -prefMapHandle 5908 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1356 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4787dc4a-eb79-48bf-ada4-8208371c9e19} 2436 "\\.\pipe\gecko-crash-server-pipe.2436" tab3⤵
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\Solara_External\Solara.exe"C:\Users\Admin\Downloads\Solara_External\Solara.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 4283⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4872 -ip 48721⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35KB
MD5bb34fe74072c1c83b4a9ebc807d6f303
SHA171225a3942e86e34023dddae0f01a397cf81176f
SHA2568ae7eacb783fd8e08a6aa26fdb85fa94c9efa8b62944520651a0150e1a232b04
SHA5121941394a335bc9293df1ba3b24acaf4681c18c8aa318ab2956830f84385048876cd4d94b0a1eb00b85df78b012ea3504d3761053f45d108c1fcb752dc96a038e
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
10KB
MD5db2af8e24c1df125fe6e278b12e9006a
SHA13c274cbe4858bf3169c90d1766c247a425d5fc28
SHA256e4e69e5434294dbf502cd9c75cc56149a92b2c3544b1cc3d1d5810a9bca3b010
SHA5126a3fd9bac937fa76497ac3aba4eca5453ebdb0548cfda1d0e282efc597b82ece7645f07f88d3c9e707b0ccfc8ff047b98b5b4b1621d779ab61c374e31fb6f540
-
Filesize
22KB
MD5e38131ce76fc8b9d8ab9627626531616
SHA1caa4cc2ab779ffc4a789393b8e75ebae6bf3e292
SHA2566e4a202ba8d5ccbc29ad95a7ea23211033e78e4d8689cfdc6d3695d7133ad1d9
SHA512a863deeb1006f7b4aa97f39f82978a05a4f69b055516f34f3983f4dd3dd362593acbd8f25c537bafa9b70b30f7e5800c7c0ec12ef8eed7efad73beaa108fefc5
-
Filesize
21KB
MD5e7f9422c5b10bb338ecd730f6c38f921
SHA1eb19fe37d0f644f6555b9585f25e0220976e9b2b
SHA256df74796c24cca2d0059e0db13ed2b2d607b6615c0fd70a22f342518c84cbac04
SHA5125330c8ff18680b3c2d732b7e9485809b9ea29afa418d13cc7afd4c157d6a50b69af82660ccb5ecc4070e0b12f29b6921de1c81ac33b1c0f8449d23e8ed685892
-
Filesize
21KB
MD5c15043649086e15bb8ca67f6409f3369
SHA191a9d99bd173ab92b5f2d60e269e102677e5852c
SHA256831502c8a8684d7f64f2583e3702c4206732e77c397bdaa3ac803d949f60f75d
SHA512ddf34f18abcafd9c9dd820f294ee8c7488e9d7fa2818677775795f0db72c530d54b37517c9a5fedccd5576b8c2cb4985e147534640e0859c8318b549ff3a1b68
-
Filesize
23KB
MD58f44dc307c5b0e355dc99560548b2dd9
SHA1794fbfb89cc9d76061d3bad95852ca65dde4205c
SHA256e143748d2d00ea47c5285f51287c3e2884102cc7b06433cadef0a11111466a9d
SHA512d561eb4d40bda5d4190754a275ffc25df0816b998e4cc2fbe499a194bbced9eb3834ac8d60d58de6b4ab82f2b37f74942512ff752491a6c2e63d463458942a54
-
Filesize
22KB
MD5657f11bbfc3fe305f8d36baf5ffad751
SHA152700224a7e0498ed4d3c05c05f2fae6dbd7c8c0
SHA2560ad25190047f5266816ff46c25e1c81e4f980be5b9ef3fff8b77860b45d02c7d
SHA512b7cc0fbc73118b60ab322ac7ad9c57fef772f4dfa0157fc71ac302c9025d2f24afba80ad5279b38f84afc9730bf0afd7c2cf0361a7cf5d78fa6d9c66cf234a32
-
Filesize
982B
MD5bf862b46614f71b0222eae51f6fba15c
SHA151b1b76988aea6bc881c977142a935adcbb19d82
SHA256f82723af0650992e5bc6a0112db30b304793219bdd217353e6d92e0f427af57e
SHA512300a943bd973f28a388b3fec9a91ffb14758e64f6f7e4994570ece87d409baf8eef9d4d59967e57672612bc5382843f0759fe2bd3992a0b8155766b0825b7de2
-
Filesize
659B
MD51558ae66383bb3a1e29198cafe5c73b1
SHA1474aae7e721119414d990c4baf9b7d94a62cccc6
SHA256ad83a8fecfc903a394cec0664cec88db2b2a5b7ace02bf1a349d57e0fb9c7c45
SHA51209d1a727656599c015806450732de0bdf82769a269b7e90fbd0363f0b53fa278b48bd44a0f124add5102d23bb73646db98f2d957fbbed18dcd2e1543a4f43858
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD53bacaa483a73a124b849204a659b1a00
SHA16131ab72dea409e84ee9c95e7e78b8e169975e7e
SHA25663cc241f01e9c76e0a3c80e5b7b50447f127469916ea6b3ba3195878f445ce75
SHA5123d1ad2dbdd41dfb0f51a3312608c60cf1171651a76f02346557c06f0b8ee29fa003fe3ba9a1bb16a007644da59580e797581aa4ae11ca65cf1924dc4eddc0c38
-
Filesize
259B
MD5e6c20f53d6714067f2b49d0e9ba8030e
SHA1f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA25650a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf
-
Filesize
1KB
MD5982e06f1bf9ceb9fe0484d828e120c6f
SHA18db1b76383cb2934242cad162dd404404c725373
SHA2560cb5a23da9aa42ba5499e05cc7deb115d915f06a4eef024905e60c5a14d197b5
SHA512f8bef98c30ed7654e38f9afebb835e6cebe3624c7a31a23a072c5b572c86c83b0737b147c2776a93bb9387faec2ff582fdb4068171548d9753082e5a4896223f
-
Filesize
21.5MB
MD5d7e88ed838ae033a72edf8a8fb93ca21
SHA12c610b09a337ccda17067cb45c8bf243428d4a1c
SHA2564168839667c6837fe934e6b334953e211be0582ccf7bb10bbebff7244635ac96
SHA512866f513eaf8d672ae43b50fdbafa0d40329bd6f0b192f231c8ee181a155d05bed4df57cddb427c034069989c729b3f44bbc299275ceea5cde954353cdd7429b9
-
Filesize
7.7MB
-
Filesize
344KB
-
Filesize
7.7MB
-
Filesize
4KB
-
Filesize
356KB
-
Filesize
356KB
-
Filesize
356KB