Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
47s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
03/08/2023, 15:53
General
-
Target
http://lonestarnationalback.com
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://lonestarnationalback.com1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2cd446f8,0x7ffe2cd44708,0x7ffe2cd447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15887468245722788425,16537019995224525714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5d876938ebc6a46551668899f7680f546
SHA191c0a237f1da5c4253956b0ff1c8fbfa39628735
SHA256b5fb45e1097feea10c814082f93cae54e00ae652b3c4deefc4cbc163b3d3b4eb
SHA512e4d85d812db2b539729f31c57b9a583ad9871f2fe37646958ff4050f589b2e41b7ccf884a49af8e38b06bf2e80180e4632841d2a4b50fd6209884ad0ec854781
-
Filesize
152B
MD5a7ad9bb1054aa03e39b3554833d0c3ec
SHA1cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9
SHA2560c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189
SHA512d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276
-
Filesize
192B
MD5df89da6f48a6edf0991ffe2b794c1b98
SHA1e30ca3d95b041e04306044c0442dc6bb2806f431
SHA2566bc97cb397c7a3dcab3456b3e5aeb83ce6717358f7dd62b479bac1e9a455f81b
SHA51210fcf3702df38af529056fceaeee63d8500eb8d6a6c624542c65891dd03e3efba35b96153900d5fd420afeeed9b6714e8b80c41d01157325cb8655a956981dee
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD523a556fd155ebc27f2c015f4418414cc
SHA156d3db5136f424e44ba6ac55a3c70869c1efa93e
SHA256cdf20e18c0666f1ab42f9b5404f45d170fc70d5a9e4ad9c5f772bf6ccaf852f8
SHA512859dfa098b4931290a6eb5e3c2ea7d2b52bc1c75b3aecfe42a8cae5c3cd367eb8fe8170daf70524036e4f5cf4be64fc834cf7006639a120cf927a0d2b089167f
-
Filesize
5KB
MD5859a163894c0c1e82b44cc7a71fff95a
SHA1484313c5aa5a8232c2588fc5f14adfba324408b7
SHA2560d431b46ef24c4e654296384328970bbe0ea51f9df4d51a2a2c3adbe320bf64e
SHA5120124a10636eec41df9093c3d5f95478fe9b07539f47472bf62064d6c32879994f38a440d49c174c0850972fbfccd051c5a6eb2af48b9a014580ae454b6666ad2
-
Filesize
7KB
MD5cc6d877c493208f30bcdaa1b407b333e
SHA182d3e1fb0fe585ec2da25866391a38b763940982
SHA256ec936e1b2b9450762b707508c90860ec6c36d10433f37b4c40ded4d9295c632a
SHA512ef586140754b157bd4f39f3db52472fb66ed3bc6275cdcee5a80e944b6d3f1d2f9c54cea09c582be0eae9b790a1d30ea9c978060e85f4f129332367dc2813a3a
-
Filesize
24KB
MD5e62cc4051e1f8eaa0abda5d730a2496b
SHA1d15346e40b196bc313cbfe5ac96b3c90b83345be
SHA256ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb
SHA5123e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22
-
Filesize
1KB
MD5e41159573d53c0542e8796e6b20ca110
SHA14a1e0c33aa7fc1e4e28df893cbe9a0d52ff16068
SHA2561909f8de89570e45dd12dc3bc354de26da47a4eb674d2c146f3c6833171acecc
SHA51299202577fb1e1c7b72c29e703c6d88fcfe2dce1b63b0039780323ef31d5aa4f2673e21f4ed20b2fc962884377e71d8c19ebeba5aad1e2b9ba324f3f673672442
-
Filesize
371B
MD57c182550efceb878fc4a10cb02bedb92
SHA1bef8c1d94f04a8d0628552f009a22e8597a4e9fe
SHA25611bbea6e9a892c67b14bcabe41a06a8d2a09f8d7b21f44fd29399d557cd464e5
SHA512d469af097bdd2bf5d665c410bf11e11528caa37a7e5459b8facb11e472fde69642a2e62d24f6506b69638c6ad199d632fa2c941eb946f0381d605c2154e51c14
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD513e2187494db73915f9d079521990b75
SHA1b3cae74a2c832a3c3a78a6bde698b0df798e41bf
SHA2560353ecabf11b9a14ace64e24e93fc0b3ebc39c59c9a80bea873c049fdb12fb60
SHA5123d943f3f6e4fd6d4c6d84698917c5e76f71f7bb07873d1ff4814a9536765dd9fb11e1fa3e89ff26fa51f5c3383cc3c6e21f396127c1ce3947f63923e422618fe