Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
23/01/2024, 16:21
240123-ttwr6scfg2 623/01/2024, 15:37
240123-s2w78sbfdr 623/01/2024, 14:53
240123-r9g8lsbcgp 123/01/2024, 14:45
240123-r4wh2sbceq 123/01/2024, 14:42
240123-r3fffabcdl 1Analysis
-
max time kernel
151s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
23/01/2024, 14:53
General
-
Target
Claim_3456.html
-
Size
458KB
-
MD5
9e310a76299c0c8cba40a0bba76bd934
-
SHA1
7b1507b134ae06ca9182d23cbbd41cffe044473f
-
SHA256
0d7c8f449cb7261716940fd57bbe6d583aa210cb08440c66038ee83207f9c34e
-
SHA512
8eaffba06ed0aec2127dd47af3b5e1cc2467b4790f395b1ebf86779a46317dbb9a331d4dc7500cb8b8a50b7ba63ec79ff7aa2c68f8c5b18ff610c82cb1bb1c04
-
SSDEEP
12288:9UYf1Nq4RLGZtQ9g4fRqAx1GVU8Nk1XEU:JGELSQ955q8j8LU
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 41 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Claim_3456.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4144 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Claim_3456.html1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbe5d446f8,0x7ffbe5d44708,0x7ffbe5d447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5464 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,4831285411900371194,6657406795474395691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5b0e04da50e22c31e5a1bcd823b31bc0a
SHA1834ed42ea8cc071f41030231dfd38dbdd3a92c33
SHA256b97307b15450163273d276f2918012e7afbcb2dfe9359886402fc7acbc198031
SHA51237f70063bf02ed58b18dba6b1986fae9d57a6b54cded5d929098dab98fe450e81a8461c59e3f19a7e45c2b59295494264322747427cd1a30cdb3cbdd12238df5
-
Filesize
471B
MD5f3990afbcdf64f1f806d1b926cf35b3d
SHA1da1297f9ac1e9e9e7e78b567006e9248bfc212f7
SHA25648c214dd545cc2718f7e844d699efae28f80d683340959e000bb41ad75dd6386
SHA5129b5bc750b2e1038c82a93d51efe0d7dcf951ca594a62a90bac0ca1019d232afd07f9630e1ba1b609e128a9ba9c23c1ea8f1badd9e6b25f3eb591a936c89ee939
-
Filesize
472B
MD540bd5c9d420c5ef86c805b027b3db1ee
SHA1f6b7bc9c0bafbda8accabe90624dbaedbd136222
SHA256367b655565ca3a0bc7ab21dad4d011b596516f1b699a9b3005fe6564325935ce
SHA512cf593a845d1d06bf6ba998c781d747c30a8236956eeabcebe6da93fbe67c3575559ea49de3fd0e8a9b02df91a853cd59c6ef1a2f237cabb406bb9cb01a1877c0
-
Filesize
472B
MD5b2e9e0f12115ac46c386681bcfae0cfa
SHA1baf4250748034e5b94084152b14921380a35abb4
SHA256e596790ba61903df01f7e6849c06c9b80352ae113384c1776e6f8f13f9c022ec
SHA5120a39aeda67c3f86dafcee9c54ddf49dde181bca94630ff9d6b3618d7841c6f59c3e017d1e6653d0e243a6ee70fc69afae10e24307bfc5d38e29fc6ecc6aa4dde
-
Filesize
724B
MD5ac89a852c2aaa3d389b2d2dd312ad367
SHA18f421dd6493c61dbda6b839e2debb7b50a20c930
SHA2560b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36
-
Filesize
410B
MD5dda05f817aa34eae29d968f57bdb063d
SHA1183ee01fa35ffa8b44af60845f4bc3e3e3f8a5c4
SHA25653ce6f65f82267ea6532da21bc69dd451e47edf6f6bfed73293e3b75e0f83894
SHA51272c443600e0ccbb6f346437156049da7ea101aaebd175982648940c332686e960cfa902d989165fc5a9c30ea9cc58a86c685909c84ee04038fc05435a8170f59
-
Filesize
404B
MD5ec400d3491ae14ed2c2c2d91cea11e56
SHA1a78ac7035d8f1876dbe4099d68c8c5ed8b1824e3
SHA256a66871661e9fc6e91e3810893c9e7841c303a949aa3f47c818b5f18b1af49a83
SHA5128e5d120be1dc16426bf272c97311689cb4d9a7c66f5f27a8a769cbb154b1df196819bbeb2600bd9ceafea95ab681463fce199604d07a77861ae2b88a968efa8b
-
Filesize
402B
MD5e4a11632d95f4947e2756f0f5ac7c7f6
SHA13fdb0994ccb832ffb695427616713441f1171b86
SHA2569cefe20bd9101434a498b2a78914bec1fd695990b5ac590cdd5b80f23bfd104d
SHA5121210fc4b09aec0dd1cfa4600f2ba0cacc149d4d10a209e5ea7c12618b2d1e11ab48589982c5034eed4823cab40096dc0fa3a637ae6fe5ae06ff61bb55d28edc8
-
Filesize
402B
MD5000a9764f77add36b875bff11c6c7899
SHA1a732f28587b755e6f6cfd46f4f4e93dd065c5260
SHA2568bcb273ae858a6c1d2c074f7071c8dc174413c7f73c442cd3edd61cbad613cea
SHA512dc8e2d2ef7d49dac023cb41af1bc7c40a5977ab8f89b5a28f61c103f75d706888a8ba4482867cee7af167c6963c9d45077565a84794be2b9326e556b3bce6cf9
-
Filesize
392B
MD5eaefbb93ff8230fb892e523713395fb6
SHA1a8f0ceacb3b204af3ca7b489be6e2f977c824050
SHA256b307d8ecb823d184c3c2d5f1295e54274acd4dc49b6c338a7f7540fcf65df28f
SHA512af5513758ded80409baca931ab4a43a306f8f1345bb2f66cf2b787ec8fa707536c1b03de57539c8a2a35839602b94cb307705c1b7b188cf1390717ce40b73a92
-
Filesize
152B
MD5efc9c7501d0a6db520763baad1e05ce8
SHA160b5e190124b54ff7234bb2e36071d9c8db8545f
SHA2567af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a
SHA512bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
505B
MD5c6c9310764ef1bf6cfc5dac0d308890d
SHA1c9667c6ae94973a2627ce0ae9e7bba53e70be1f1
SHA256a1b1b6b5b708f921b1b2087c448ac83c9c3915ae445b4c56b94ca918e4b9c191
SHA512d4a7d918d782b0d4c2034efbf12fcccfc795b684cec6d0428ede7edd5291c5c281eb02c7a0334fcbe04c6686735aba2c00b648228918a640c920335c6dc4ac5d
-
Filesize
5KB
MD52ddccf7b8c2fcb55b5cca6258d37b085
SHA16aefce096cc835412bb76e5f589ee70366539d61
SHA256d6808db977cda53a28b0030fb4f57dfdb141f4de516b9fb9c924b88e59dbb07c
SHA5123248f699f24723ebeda474042bf74d6e05183855e8732293c53bcd1ae27e59ebe43a8e8f49c60291956e2fe1e2d4416cbf11df04f2b627ae346aeb0f42440ec4
-
Filesize
5KB
MD56b2f0705a82db06307fbe9d55dc1390d
SHA1f5da94bfc57beded90736bae46fd094094b9afa1
SHA2568bb26d56b788a25ce1423c6848bbfbc873ce92d394ddee7d2a7fbaf7c5d8d764
SHA5122fe96ba139f381054a089fa12e5326fa9ea071b5d0059870f740e3c2746d1cfb753ab6e64b83bbc6983529555b1b8aa9c74974d190a92e8979e27d61e5c29332
-
Filesize
5KB
MD5e0bf2c78837713f9eab289d260bf8b43
SHA19b355833b338bf4f4b130f9ab0199d67dd5949a6
SHA25620373161c00069f421989d56484ccef9b9de46401c27b57fed320b1f6a618451
SHA51220d5029b150c6093e9f68744e3af22daea628b823361f69ca56f2dfe42520f94c1c3cfe83a06f280208e54eaccc15af0fe700e6bd7802c1cd9fbb248eb71abdc
-
Filesize
24KB
MD5121510c1483c9de9fdb590c20526ec0a
SHA196443a812fe4d3c522cfdbc9c95155e11939f4e2
SHA256cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c
SHA512b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD51e17d10b9f48b05c3c7f02c7a0cded6a
SHA1a607d698127b660818823717c97e87a3ba71b037
SHA2566380758ac02e83923a16fa70684ce9ee375c9dd1a704704a76b2dd3294e550fa
SHA51226bd7be0fa65e2d68bd9813d044e856b4a4e9c4edef2c4e4d56793bf7d0736ea7bf957bc7836c5ab337786e7a6cc6a0b79a5eebcdc7f5458630e1f925bc9e294
-
Filesize
10KB
MD53eb98e39fb1b2de7ea98ae90a2ccb3a0
SHA1524d2d20a365a8e3e3dda98e16648f21b862bda1
SHA2568e9596af717e0167faf6d660853e7e20f0cc5016cca1a1a2e646e0f3ca3c1b84
SHA51254e89ed09bf22645464dda034dd7205cfd66528e6d60a16d3dd728ea2e59e7cb4a907ca90b9a1ac7bd9ef31ffcd4f533150f7ac1b00595cf2262dc0625f27fd8
-
Filesize
12KB
MD5cdb372f712521390df1ec917477d0c0d
SHA1877a80823d8a5aa0dcbb0aea768ce353b868a420
SHA2562718a7b9ca0a9b2388c67df0ace795e349bcd1f351afae3ba78f6ca6c2620d00
SHA512dbeaf63873916d49701a8e8b2946f4da388d5c2aa3700de07ae95664d6e252d3370966cda18b1cfcd8f5f132d3c199b148b86e53cc2578e4a4ac443006e587ff
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee