Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
01/05/2023, 21:44
230501-1ljk7sgg99 301/05/2023, 21:42
230501-1kfsxsgg93 301/05/2023, 21:32
230501-1dxg4agg78 601/05/2023, 21:27
230501-1a6llagg67 3Analysis
-
max time kernel
91s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
01/05/2023, 21:27
General
-
Target
motion-01_May_2023.shtml
-
Size
3.9MB
-
MD5
68c5e81c08d7ba916c3b48a7c2376785
-
SHA1
652599018f20db56aafc639ec1e594cb91af9af8
-
SHA256
c1026fee16442c790d8665f22c09ee882412389193855dbed5d267939af7909b
-
SHA512
9c2f1e47830366e0302084875b2b63f67496be7e708d376d4f86b4640e6d0fd260e27fa3260a4da5d6544467ef71cccdd4b17ddd22a6076313b2281a08398a8a
-
SSDEEP
49152:oJRtUZNAt8xnMmsh2pueiBQgbw0wBeblyF1xQ6SG84:N
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 22 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\motion-01_May_2023.shtml1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\motion-01_May_2023.shtml2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe9bc546f8,0x7ffe9bc54708,0x7ffe9bc547183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5614065511404108370,15445296736047522844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,5614065511404108370,15445296736047522844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,5614065511404108370,15445296736047522844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5614065511404108370,15445296736047522844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5614065511404108370,15445296736047522844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5614065511404108370,15445296736047522844,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5614065511404108370,15445296736047522844,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:13⤵
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5aaeb1f5e097ab38083674077b84b8ed6
SHA17d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2
SHA2561654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef
SHA512130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
4KB
MD5e4491ffed6e0ea8124e2726ec1c5c5ce
SHA18f5b703542778ed7bf9cdc582a0523880687be4d
SHA25683f57c88f95d6c015b900e9952040ac1f4869e7e9ab9e7ecf638af68e578d116
SHA5127e712119e0bf7a5ac97c5cd65e66856bec65696894d408ced55d00bbe722ca380d559bc5770c700ef57b17ba412b75437916a7f1fe9c7dbd9dd25846aa5ffc83
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
2KB
MD5690253b0ed42d3d7fd20190f1c8c7f17
SHA1df040e9214a799c44a43d77404b43fb980adf230
SHA256b1be64bfd68c35ae04ad501ec4eb8728bed8fc17fff3eb40e7569c881860fc9c
SHA512516d63594d3e64e4b0d9c0b3cafcbab661d7a91f012dc69229739a88df909b9d6ff97a5bd6071b9d64b20d5b49183a5d690c97a7303a40d5575253eafd95b396
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
4KB
MD57310d93df06973683df31d23e5eaf391
SHA18247d8fe30ad0cae884ea4f5fcc11a3607c0aa9a
SHA2564cf6b6d74de7ba62b9436975c10dc22003dd5ba6cf31e7cd03b9d658096f75ff
SHA512582dc823ce86dc44ab21aad8a70551db77e4ceaa48626af38ce6a05736cabbb3ff60a9359b55a946fcda124a6d5281b4f80f5bb6b6449fc6af89193b59cc5fa3
-
Filesize
5KB
MD5604eb72dffb6692ddfc3afe0f151e772
SHA1a5abcbb86161abd25b0105dffd4467dcd45b8aab
SHA256e96beefee02c30ab4f56129beb21f2063bab4261f6036a5000dd5ebb0074b260
SHA51258e5b1b5003f2b60469c47c8d889ce385e8ec4c1844442dc27057c39b061403c0eb1fb0d7a5366602dea3ce824e0ab8c0438db512bf1ecde2ebd8040a84deada
-
Filesize
5KB
MD51d527e8412c59807e017331ae0828240
SHA19811e7b9b6fb3f3076e687f4c402da901a178313
SHA2564189354e13d1a99d9375b2b5e5c82e086bea219aff15a0b292d51cc0ae05abad
SHA51234ec73cffb78f95381990ab9b8907cfbcd0b141839cbb43e916321e00dcb71508d6ad395227039170d33419a4ad8b133bc37d08479ebf505533b04617d45f12e
-
Filesize
4KB
MD5e407abb0d5bdbac941faaab298bc1401
SHA1658afb5b14e6a3344121a0e12d9eb454cc4b8ef8
SHA256308c21f4130d40671c95dd425f52d4a6f61cb287b81fefd2e901dc8d2f0ae162
SHA512add84320afd5a1242b490d42248e0f4b02ad2db1f2d1034c668a949251808941eb84d569d387083f4b9e54323210ef438577d6eb4e242d994cc9dbccb49b15c5
-
Filesize
24KB
MD53d874cbf2372e29aa7bde5be5e1db4b3
SHA1a9214d4e1ddfd7f4cbe8fc61f838f9f2a2f2f26f
SHA25684c9c0c31f068bcdc2258102ef25547073b785cfedc7345f510de21dd6096000
SHA5128f90c381382b2a95c3ba3fe941429cc70094c92e78668a54ac88ed3e030c14ee7c3ba8ee7f450533456fd1933663b4c300f265da972fc0493aa409cc17b9fe10
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
3KB
MD5a6b61295b08375d71ec7972e58c4f429
SHA166c593d9cc624935de7be47229f5c5e4daf3e119
SHA256f50e2cf72599dad4b85c976a38c9fe8e29650435abf670f12295cc2fc7369ec2
SHA512405cdfa3d5f2859e26284c3cb597bfc4e82b55cfc73f731a32db7a1327facd4112fd6439d1a11261737c1a4ee7e9834c3e6d961cf0d54b780206f7dc717229c2
-
Filesize
3KB
MD577cc45d083a01881cf80f011c19d2032
SHA1b604ac2f99fbdaf34d44f2730324c8f9abaae882
SHA256e115db358d1057325ee7342a366a2e11d0add340ea1eb8f52e34343ac11d3e5c
SHA5123c01fef5646fa5daeb60287a4a97e6c93b7b43ae5d43d25e053c06d5537ad0d460e2fb68717a1ca5de0881078044789e8784552f4cc10ce6fb8cc1f526a3c17e
-
Filesize
9KB
MD5adcafcd2846c352cd1063ab12231c099
SHA1238be81f36ebfb4aa6a292ec481a4e8dcab1d179
SHA256942077c1d8a902f3f0674ad570881c24a4e86e56ea5a801f5f90e8d877c9105f
SHA5121047866fb345f162bec8462226b7d32799b5f6413c899b75436d7177915792cf6bac320a401261423be8364d1eac3c5692ab7a6560210edab1a49c04a61b8566
-
Filesize
3KB
MD5f6356f94168f270dfa26176c66dcab54
SHA17bc73d915cbd269ae3e40b29388c7c6c300d65fa
SHA25612b3a01692504698f58dbde47e9e39d4f5b7e516fd6cc0b59f11c0e35b1db8ee
SHA512f43a254a34e7c31172dfba121ac2cb674b63f35553b55ccd803eb245e7bba3ed15bf9bc5d92c04a39108d5151a5eb7c223f121b9ca0eab3519a88931101774b9
-
Filesize
3KB
MD59d1cc8768e0175db025abc40d33639ba
SHA100d2cfdf4ec6e36337b35b12235e97448390c4f9
SHA256ac4d24ec2151d861236e0402262dcee7375e67d45fbc94135747faf711e542de
SHA5120c5ba74d2d9d9f0afad65aaed3ee35bd95e1761d46f1766f3d1b5a5d0f1ad82774f388cbdfc0d1110ffe24749b4c4bb9d7c7c1fa6d71e0ba6713584195a4bb1d
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB