Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
07/01/2025, 16:34
250107-t3cewsyqa1 318/12/2024, 21:12
241218-z16hva1ray 818/12/2024, 21:04
241218-zwqa3asmeq 10Analysis
-
max time kernel
7s -
max time network
7s -
platform
windows11-21h2_x64 -
resource
win11-20241023-en -
resource tags
-
submitted
07/01/2025, 16:34
General
-
Target
https://gofile.io/d/KRUCik
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://gofile.io/d/KRUCik"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://gofile.io/d/KRUCik2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {671c1a88-ad5a-48d2-b1f3-9ba92cd2fcd9} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2336 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {263e0383-b5b6-45a6-8a7a-6e5bdc82b4f9} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 1 -isForBrowser -prefsHandle 1544 -prefMapHandle 3212 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f557c3a3-cef5-49c5-8762-eed43aab359d} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3836 -childID 2 -isForBrowser -prefsHandle 3848 -prefMapHandle 3792 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65e952f9-5680-4b42-a1df-187dc47c0c16} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4784 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4792 -prefMapHandle 4788 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b5d138e-1622-47d0-ba58-a0c4397f04d8} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 3 -isForBrowser -prefsHandle 5728 -prefMapHandle 5732 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34d32c34-752b-4d8b-a962-4ed68d9e9ef8} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 4 -isForBrowser -prefsHandle 5880 -prefMapHandle 5884 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {711c3164-0767-46f8-b39a-f0beb0e00e35} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6080 -childID 5 -isForBrowser -prefsHandle 5676 -prefMapHandle 5680 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44175e6a-f3aa-48d7-84d6-e4a94209192f} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD5063208028a9c8ed45b79983fe790862a
SHA144e40f9dca809914794df5ef857347853a1687ba
SHA2560e03b743df7394ff92bf63ba40da269fc21ebd52cef2477b45e095300f75405c
SHA512cb6ee8794c96e65a6fe52638ee0084019a99e1d049ff318805e500c2ed5ed9ffb72ba5040816e6c3b472da646c533f778c06db2d02076d08871dfc4854fe1e9d
-
Filesize
15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
Filesize
6KB
MD5de82d0b42234e15c26e4a318fee99f8d
SHA128c4493f0927de566cc50538151422cfa9b89765
SHA25683079f5a12d5eeb0e5fad0f231ae29ce8700dedea6ece61fcf43b84768d1da0f
SHA512f5223041fc264ffe5ccdaddb307d57d2fcb2d119079d82367e56b4320e9dc5f9ba6d8196241f0b83ba1149fc3609b1ed414abc7edf2001b81be55a904487419c
-
Filesize
6KB
MD5ec96fb502e82204760b6bf83eb935ad2
SHA1df38ff22c40739d6a8f38cb476c2bc8aae071566
SHA2564e7e5ca05ad9de483ec90e2bf9ef4f0e1a4e0330c2b69a966b2de9a743882281
SHA512988b5bc8771ef442fa9e4c383d370f58918ad5746adbd015e8492d14acabf2b3bb9e36e927c1e53ac91f694df9f86d70b137e7f81a6426472f5520eecbb4f15e
-
Filesize
5KB
MD5fb507e119b57821742105f07c6fc9d68
SHA16e91d4d65f8000a07eee789fdab952db70655de9
SHA256f436629130ea6e42b580e144300ecaedaf2557ea8900b644c7f8102c999c9678
SHA512e2ed0f5a3060e79bf4dc56ad18aaec6c5139383153340a990b2c974695cda2a9829febf553cfe9382b677a00eea4a5d859a0da4eff2dfb7f34fa60576885a0bc
-
Filesize
5KB
MD53d3aaf8cfc1c7e612a2579100cfbbfdc
SHA1c6b08e6ee63a06d26332cfb8c16a157150637564
SHA25642349886d38b0bc03ffb9b9bd879391a39beb87a5a09c8103fa6617aae823957
SHA512e749f163bb149c604d8eb7e18d03788f285d827a29ad049a800189d7ee8c52c672fda382e84a3f02d54056a529f08db5029e180c3d9b89477ced8702e0f43645
-
Filesize
671B
MD527eb1b3af2805b11492800f909e65b33
SHA17294d7bb4c2acb09021269d715627f02e0315252
SHA256c46a88b02644c7e7068b44b5b23bc8f0719e664218187805f8c5c6eb03b7d136
SHA512ca754b336ab58437b61df5f03817296c29c77d8d89ec7526497f06dc60ebe141759b306609e8e652979fe109fa2a9c4595fad004a8b686e5ab16399c730e0e3f
-
Filesize
982B
MD5b1b4bea05d3b6012c707e9dfb4de9237
SHA1302d1b27adb54c78d238828b306e2989bfa6aa1e
SHA256cdfb20c934d86c5cf59951c00c93ed2c71a0f772a0ec5d47b59042d5e68b0497
SHA512c6eaf16c08982519c7755f00bdeae9354d60cd2754a52da4e49754cce1f15f1f285fb5db822fafa7954cd7cd02cc69eadcd06de624d9b3bc4bafb4c801259f99
-
Filesize
26KB
MD5e9e5e86398c1424d511699d71a40b1c8
SHA1484bc5c0030c3b5e8b0fd136efe8b69ecd23f153
SHA256f10266377934257bc341896e40cb73866aa306532c09cbb7f2680d57b2cca542
SHA51294d01dcdb41aababf9af96fb288d066762247487cce2054ff152a3625a94d4393889a8cac20d3cc044541b979d28d34d71d20bafebf7d7ffad2f543eb861079a
-
Filesize
10KB
MD56601d6f0e05ddc2eacd4e21ddf4a7617
SHA144807d8bb5600548a145ba69ac396fd570152b8d
SHA256462ade2e91adb01b0ebe879336061bc31dea77cd7325b79a8c45b8c7f860c915
SHA5121a2f54badbf335f7a772c6a04f6852ac6360eea9809ddd556d445993f497844e037e7655f43b1257d8d8dab4e53400abcbc6e53edf15a993512ebfc723c0a7d8