Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
207s -
max time network
204s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28/02/2024, 20:00
General
-
Target
https://media.discordapp.net/attachments/1152058724123422741/1212485299599573084/Trimming_PUBES_And_TESTICLES_-_A_Visual_Guide.mp4?ex=65f201ee&is=65df8cee&hm=e46eef82df37ebbe9559103c0a996b2383e607cdc34cdf0de1f0c3b7adcf2004&
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 28 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://media.discordapp.net/attachments/1152058724123422741/1212485299599573084/Trimming_PUBES_And_TESTICLES_-_A_Visual_Guide.mp4?ex=65f201ee&is=65df8cee&hm=e46eef82df37ebbe9559103c0a996b2383e607cdc34cdf0de1f0c3b7adcf2004&1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3ba746f8,0x7ffd3ba74708,0x7ffd3ba747182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15678298169251374677,12006066191169913167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15678298169251374677,12006066191169913167,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15678298169251374677,12006066191169913167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15678298169251374677,12006066191169913167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15678298169251374677,12006066191169913167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15678298169251374677,12006066191169913167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15678298169251374677,12006066191169913167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15678298169251374677,12006066191169913167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,15678298169251374677,12006066191169913167,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5124 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,15678298169251374677,12006066191169913167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Trimming_PUBES_And_TESTICLES_-_A_Visual_Guide.mp4"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15678298169251374677,12006066191169913167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15678298169251374677,12006066191169913167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15678298169251374677,12006066191169913167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15678298169251374677,12006066191169913167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x38c 0x33c1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f35bb0615bb9816f562b83304e456294
SHA11049e2bd3e1bbb4cea572467d7c4a96648659cb4
SHA25605e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71
SHA512db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1
-
Filesize
152B
MD51eb86108cb8f5a956fdf48efbd5d06fe
SHA17b2b299f753798e4891df2d9cbf30f94b39ef924
SHA2561b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40
SHA512e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d
-
Filesize
188B
MD52ea2a137ab8c47d20337451e220ee9e2
SHA1be65afcbb079d07ad4431f833ddf3fc5dadbe77f
SHA256e56c5843fc2abc37cb8023a951b5b8151e973458d78b79d20ac02f7c98cd9718
SHA51290802d3473fe6ca799318e88e9a1a13838ab5b8fd4add7ef1e52b4e9fe9aca3886eeb0bd82d0dfc108a156178bec952b2e3dc924195ad1012a33eff5d9470b59
-
Filesize
6KB
MD5af380fffe933778e59c1169edcad1d4d
SHA12b1a074181415210e4074276ea1e872744825bd1
SHA2569b3fd0bf05240dd95ae9b32d79933df5f9c64bde9094b17b1ae2f571586cca55
SHA512455fd9439c6c15acac128488b7edd2ad0c71a00e1a0d1509a33efb2ae966bb2537e0fbedf323ea47ccaf5fe707758607b5da106452312ae7718d098e6db5965b
-
Filesize
6KB
MD56a1947cb62731fd5b8e85441832f6ccc
SHA162e48dfb4c2fa3a88bea492ed810e91835540c1f
SHA256dffa7ca4d521f45e0cbb0c8b5d8572efa34c93998c2a4fd30bed22c16ce6d7e2
SHA5122d707a8620fcb4af944ad6718a56e57798f0b941852e36acc3474976f05b5de212989dd30162a312c3f8e640c0517370ba95cd4e417c0fd805003812482fd9b1
-
Filesize
6KB
MD50755f6c59f491f29c5ffb12a3db43f46
SHA1bb48a8d318e4e79838efa7a7366d1b426e227fdd
SHA256c64ca3b5a405a5ad34534c502b5c0e074ea68d81383e98ca0d2425eb052f9d25
SHA5121aa91296c80ecfc6b0e2b47726c13d80b097821c5ea8d266bba7bf08f100bfee53c52860421dd4a04fd317f8f3b04decaa99389e6cd5990a1ba235a59347bc47
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD513291d9f1dd93f04f193df735c4a219f
SHA1e04164abbf365e304629a3ae2433badf89dabd57
SHA2568ee295e86247d2f4374a42178c5313ea58e45d1da2e345cc6360a5c06c099157
SHA512dafc35f402d54901ab39fe99a8e1489ecb8a473214e35c30deaecea4135deb6880c34904bf4299eb8925dbe6a69f02bfbcada2943063703bd2155f99ce35cc71
-
Filesize
11KB
MD537a0755a72cdaa642b32112b5a9c11d5
SHA146209bbcb4d4763eb725df3480284d0918ca1708
SHA25605643d5fc7a8c98df7d59e542e5a8b0fccefcdca075691ab0e00f215d2e992a2
SHA5128ca3cf6c12abc08e18f98fbe94e7a1822c1e5921cdd41009211bbba3e33db25d7cef791f9086c7cc80def0e03fdabe767ea67454cc01cd7d6d9cc5b09986f71e
-
Filesize
23.8MB
MD56d243d097ae4c9eed88d468cd16449f4
SHA16598cc164351beb7e6c51e50ec7612bec5aec546
SHA25619c1abef651f6e6cf0d6e78e76f286f3bd9032fd06e6d82728c4cd040a2958a7
SHA51211b9e184802d14e841ea306fbfa5018c9373ba9d6c8bad00ed036b8f3f8bb317b14b33f6945d17262f8da1d74cc6a0304c84b281c5d8f2fd05f1750b06f5f03f
-
Filesize
348KB
-
Filesize
96KB
-
Filesize
92KB
-
Filesize
68KB
-
Filesize
116KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
252KB
-
Filesize
2.0MB
-
Filesize
92KB
-
Filesize
96KB
-
Filesize
16.7MB
-
Filesize
132KB
-
Filesize
96KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
192KB
-
Filesize
412KB
-
Filesize
344KB
-
Filesize
1.5MB
-
Filesize
68KB
-
Filesize
1.4MB
-
Filesize
264KB
-
Filesize
1.4MB
-
Filesize
2.7MB
-
Filesize
304KB
-
Filesize
72KB
-
Filesize
2.3MB
-
Filesize
92KB
-
Filesize
444KB
-
Filesize
208KB
-
Filesize
108KB
-
Filesize
68KB
-
Filesize
23.7MB
-
Filesize
64KB
-
Filesize
188KB
-
Filesize
68KB
-
Filesize
88KB
-
Filesize
468KB
-
Filesize
392KB
-
Filesize
436KB
-
Filesize
788KB
-
Filesize
76KB
-
Filesize
80KB
-
Filesize
320KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
168KB
-
Filesize
108KB
-
Filesize
68KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
84KB
-
Filesize
72KB
-
Filesize
1.5MB
-
Filesize
72KB
-
Filesize
72KB
-
Filesize
80KB
-
Filesize
76KB
-
Filesize
140KB
-
Filesize
992KB
-
Filesize
976KB
-
Filesize
2.1MB