Overview

overview

6

Static

static

3

TrinityLoader.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    142s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2024, 17:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TrinityLoader.exe

  • Size

    140.0MB

  • MD5

    9bf707fcb6d5984c318c3f05e9cd4f62

  • SHA1

    b8c4871143f91209662e32dca2bdb7a05da897c2

  • SHA256

    e2acab4245aea5a6261f6cee3c511685374db994b6c61eea207432cb6333aae8

  • SHA512

    65fff5ed1fc159f48c4203713c58d690dce0658db1cdfcede6ed18d87e23b398ed1708f6e240fb8aced896bfd248d323aa2decdb122f40524e0a39c5c6c59f32

  • SSDEEP

    786432:whpX4LpgapMr7WN3KPqiVtAnnFWZEjdmXNDGY6zZyBdTtLwSTRpf4P1wT1M9t0p:whx4LpgF3TVGnBJm9pkcEtY

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 50 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TrinityLoader.exe
    "C:\Users\Admin\AppData\Local\Temp\TrinityLoader.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4940
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault420e957bh2bb9h40e7h981fhacb558d6795c
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3336
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffcf1d246f8,0x7ffcf1d24708,0x7ffcf1d24718
      2⤵
        PID:5056
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,4708532002642946880,7916311194857647873,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
        2⤵
          PID:2620
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,4708532002642946880,7916311194857647873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3004
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1804,4708532002642946880,7916311194857647873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
          2⤵
            PID:3300
        • C:\Windows\System32\CompPkgSrv.exe
          C:\Windows\System32\CompPkgSrv.exe -Embedding
          1⤵
            PID:4640
          • C:\Windows\System32\CompPkgSrv.exe
            C:\Windows\System32\CompPkgSrv.exe -Embedding
            1⤵
              PID:3416
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
              1⤵
              • Drops desktop.ini file(s)
              • Checks processor information in registry
              • Modifies registry class
              PID:1428
            • C:\Windows\SysWOW64\DllHost.exe
              C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
              1⤵
                PID:1312
              • C:\Windows\explorer.exe
                C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
                1⤵
                • Modifies Internet Explorer settings
                • Modifies registry class
                • Suspicious behavior: AddClipboardFormatListener
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of FindShellTrayWindow
                PID:3916
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault3740c4f4h9509h44ddh9fb3h05a732b3ffde
                1⤵
                  PID:3292
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf1d246f8,0x7ffcf1d24708,0x7ffcf1d24718
                    2⤵
                      PID:2312
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1388,7918924187992356030,17334929706595528936,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
                      2⤵
                        PID:4932
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1388,7918924187992356030,17334929706595528936,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
                        2⤵
                          PID:952
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1388,7918924187992356030,17334929706595528936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3092

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        91746379e314b064719e43e3422d0388

                        SHA1

                        65f1a2b5a93922d589142a6edf99b5b35d986dba

                        SHA256

                        0b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7

                        SHA512

                        a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        ccf8b7b618672b2da2775b890d06c7af

                        SHA1

                        83717bc0ff28b8775a1360ef02882be22e4a5263

                        SHA256

                        ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420

                        SHA512

                        eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
                        Filesize

                        334B

                        MD5

                        cd9c235808c5225b4c64806983ef7ebb

                        SHA1

                        47763deb8e3924a78aaa855780bb4211e604842c

                        SHA256

                        4a3422fc2d377a884e3dedaf05c0a930a424b14ba4dc954028e6b571b729f832

                        SHA512

                        5e49c25ade13aca845f8ec8e789a8e9054e2dc023098c86ee5edd7b2901432076e10975c50ce66544a175be41dd6623bfa7955d3bd20ebc19b939d2b8a5ed327

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        6KB

                        MD5

                        8b14228e7255b5b7518a3d56acaa4737

                        SHA1

                        80079feb57b2ba1b872097d837c41034607811af

                        SHA256

                        eefde92996d23af3ab6aee7e617f0ff8d4b4babef3770b3b290418a18abc2325

                        SHA512

                        d9259873d638d5bb1ba34637bf6ad6b74576d6a1867b9c610b7332d50b1600fcbd6d641fedb433d1da4cc61b19e8fc50baae263964cbe2042f8e68a4c59ae9a5

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                        Filesize

                        350B

                        MD5

                        6b2698b0849e38357a8e73acac0cd225

                        SHA1

                        d8fdcde7d76b02374e4a341aea997300034652e2

                        SHA256

                        bbbcb93ade96f121b2031ea7c485bf2cc8aa22e871439f672bc96041f45e75db

                        SHA512

                        461a417ae4e3aa4ca2b191390cdf54871d094c078f36bf7400915475a1808e9e0e806a4008b306ed30d21803b0529779944c2202428cfbfb2b4300c3091228b8

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                        Filesize

                        323B

                        MD5

                        35202a0d71a69f7eebeee591f0a9cb1e

                        SHA1

                        cf5f80a81d71e77775527368f0de4095254945bf

                        SHA256

                        aed69b2f7ec2b57e795a5d0622212bff7f64f26709940f152dd15a225ac7e20c

                        SHA512

                        d2890cf9fe66f4419b1f8bdbd003f4b00a2698a71786ad52259e16921f2ded66e04b3dcd32f96e8360f2af0af524669726808bcf042d577857c5fb05340e60f2

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                        Filesize

                        11B

                        MD5

                        838a7b32aefb618130392bc7d006aa2e

                        SHA1

                        5159e0f18c9e68f0e75e2239875aa994847b8290

                        SHA256

                        ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                        SHA512

                        9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                        Filesize

                        8KB

                        MD5

                        7b164691ea00064baf8f63df7295b2b3

                        SHA1

                        5322624b62d1b783cda2362570aa5dbaaf439252

                        SHA256

                        04385d9a3c2a4573ee2bd42ee2c30f45a6309b5e426ecdc5a2163b2c4cd1dd0d

                        SHA512

                        bad65a47ad5d08a2a62303b8115c9e2ca87d7ab89cbe41f29ea5c09d4bc4e7d4dd0dd261646e788f7bcde98c930a30458310663731577973d125b52ed5f3caaf

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                        Filesize

                        264KB

                        MD5

                        f50f89a0a91564d0b8a211f8921aa7de

                        SHA1

                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                        SHA256

                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                        SHA512

                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                        Download Submit

                      • C:\Users\Admin\Videos\Captures\desktop.ini
                        Filesize

                        190B

                        MD5

                        b0d27eaec71f1cd73b015f5ceeb15f9d

                        SHA1

                        62264f8b5c2f5034a1e4143df6e8c787165fbc2f

                        SHA256

                        86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

                        SHA512

                        7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

                        Download Submit

                      • memory/4940-86-0x000001B728770000-0x000001B728777000-memory.dmp

                        Filesize

                        28KB

                        Download

                      • memory/4940-104-0x000001B72F4E0000-0x000001B72F595000-memory.dmp

                        Filesize

                        724KB

                        Download

                      • memory/4940-72-0x000001B728780000-0x000001B728798000-memory.dmp

                        Filesize

                        96KB

                        Download

                      • memory/4940-78-0x000001B7287D0000-0x000001B7287F1000-memory.dmp

                        Filesize

                        132KB

                        Download

                      • memory/4940-83-0x000001B728A10000-0x000001B728B0E000-memory.dmp

                        Filesize

                        1016KB

                        Download

                      • memory/4940-56-0x000001B7286F0000-0x000001B7286FD000-memory.dmp

                        Filesize

                        52KB

                        Download

                      • memory/4940-89-0x000001B728800000-0x000001B72880A000-memory.dmp

                        Filesize

                        40KB

                        Download

                      • memory/4940-92-0x000001B7289D0000-0x000001B7289FA000-memory.dmp

                        Filesize

                        168KB

                        Download

                      • memory/4940-95-0x000001B72C3F0000-0x000001B72C437000-memory.dmp

                        Filesize

                        284KB

                        Download

                      • memory/4940-98-0x000001B728990000-0x000001B7289B6000-memory.dmp

                        Filesize

                        152KB

                        Download

                      • memory/4940-101-0x000001B72C3B0000-0x000001B72C3C6000-memory.dmp

                        Filesize

                        88KB

                        Download

                      • memory/4940-69-0x000001B7286B0000-0x000001B7286D0000-memory.dmp

                        Filesize

                        128KB

                        Download

                      • memory/4940-107-0x000001B72C3D0000-0x000001B72C3E6000-memory.dmp

                        Filesize

                        88KB

                        Download

                      • memory/4940-110-0x000001B72F5A0000-0x000001B72F623000-memory.dmp

                        Filesize

                        524KB

                        Download

                      • memory/4940-113-0x000001B72F410000-0x000001B72F44E000-memory.dmp

                        Filesize

                        248KB

                        Download

                      • memory/4940-116-0x000001B72C390000-0x000001B72C3A9000-memory.dmp

                        Filesize

                        100KB

                        Download

                      • memory/4940-37-0x000001B728830000-0x000001B7288F1000-memory.dmp

                        Filesize

                        772KB

                        Download

                      • memory/4940-139-0x00007FF6FE110000-0x00007FF6FEA3B000-memory.dmp

                        Filesize

                        9.2MB

                        Download

                      • memory/4940-34-0x000001B7286D0000-0x000001B7286E2000-memory.dmp

                        Filesize

                        72KB

                        Download

                      • memory/4940-16-0x000001B729420000-0x000001B72A0D1000-memory.dmp

                        Filesize

                        12.7MB

                        Download

                      • memory/4940-13-0x000001B728700000-0x000001B728740000-memory.dmp

                        Filesize

                        256KB

                        Download

                      • memory/4940-10-0x00007FF6FE110000-0x00007FF6FEA3B000-memory.dmp

                        Filesize

                        9.2MB

                        Download

                      • memory/4940-9-0x000001B7081D0000-0x000001B7081E3000-memory.dmp

                        Filesize

                        76KB

                        Download

                      • memory/4940-6-0x0000000180000000-0x0000000180A25000-memory.dmp

                        Filesize

                        10.1MB

                        Download