Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
07/03/2024, 17:12
240307-vq9qasgd66 107/03/2024, 17:11
240307-vql91agd49 107/03/2024, 17:10
240307-vpztpshd2z 107/03/2024, 17:07
240307-vm6t8sgc75 607/03/2024, 16:58
240307-vgylnshb5t 807/03/2024, 16:58
240307-vgsqeshb4y 107/03/2024, 16:49
240307-vbnjhsfh89 807/03/2024, 16:45
240307-t9tyhsfh44 8Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
07/03/2024, 17:10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Da2dalus/The-MALWARE-Repo
Resource
win11-20240221-en
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4364 msedge.exe 4364 msedge.exe 3060 msedge.exe 3060 msedge.exe 4088 identity_helper.exe 4088 identity_helper.exe 2396 msedge.exe 2396 msedge.exe 2636 msedge.exe 2636 msedge.exe 2636 msedge.exe 2636 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3060 wrote to memory of 1008 3060 msedge.exe 80 PID 3060 wrote to memory of 1008 3060 msedge.exe 80 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 1328 3060 msedge.exe 81 PID 3060 wrote to memory of 4364 3060 msedge.exe 82 PID 3060 wrote to memory of 4364 3060 msedge.exe 82 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83 PID 3060 wrote to memory of 2296 3060 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3060 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0cf53cb8,0x7ffd0cf53cc8,0x7ffd0cf53cd82⤵PID:1008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,662312359459939329,4246762952138229481,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:22⤵PID:1328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1712,662312359459939329,4246762952138229481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1712,662312359459939329,4246762952138229481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:82⤵PID:2296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,662312359459939329,4246762952138229481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,662312359459939329,4246762952138229481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1712,662312359459939329,4246762952138229481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1712,662312359459939329,4246762952138229481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,662312359459939329,4246762952138229481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵PID:2292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,662312359459939329,4246762952138229481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,662312359459939329,4246762952138229481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,662312359459939329,4246762952138229481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,662312359459939329,4246762952138229481,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1728 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2636
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4956
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2432
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53b1e59e67b947d63336fe9c8a1a5cebc
SHA15dc7146555c05d8eb1c9680b1b5c98537dd19b91
SHA2567fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263
SHA5122d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0
-
Filesize
152B
MD50e10a8550dceecf34b33a98b85d5fa0b
SHA1357ed761cbff74e7f3f75cd15074b4f7f3bcdce0
SHA2565694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61
SHA512fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD521d7991564e01d9a515454dbfb842672
SHA126d142182de8a559c7b730850a93adadb299d95c
SHA256333ea6b18a3f0046e62cbc8c020645719c49b97c059df240ea25635a75bafdca
SHA512e0560fc951dcab9720ae8ab8295e069d2b6fe75903c10661d6102f11985904c967646d882b0f9720745d7cb87d0767b393eae156c334e7ccbe663766fb6884e7
-
Filesize
496B
MD530322550d9f9c54f345ea1c71f3b2e8f
SHA1b5a3cff2995147279c2bbed7c03b2280ecb286e5
SHA2564e7798d8476361378f8fbfb0442db63c7f6bf7e1830d50808bfdb8a58700d8f9
SHA512261d1f5bc9c8a369f815eb846c252f54681f70862153bd49959411450870207b3ee240cc9016533c27401922527d561cc1ea7bb23708e4a257f071d010cf55ef
-
Filesize
5KB
MD5dec81224247cbac678d1f304343d86c5
SHA133669e48e09edc82df33443d364b5ae4835f97a2
SHA2563492c35a857f0b4cd654b4885e9ca7068bedc6bd69b1bc437a8b16a3fe879541
SHA512d72c8c58aaf9d2747d1e60cdc9a952f30a161674bf7625689806ddf2ff202c59ec09bc796bd559839b300f531ea530c841003517b8d49b94f34b21aff59920b3
-
Filesize
6KB
MD5ab79eccefc2badac98a9c280b7ce4bde
SHA18fc3aed30274d5c2589f55e5885f90ee5512d506
SHA256b7b3bcf790e3e67922b3082d8c3e8a2d8ce80023616bc2a0281ee646c790acd2
SHA512443bf990b9678ef94fb4b9e9afcc6b3aa57b409d8a59f5312072b84b9c19a69026d38f2af432b54713d7837da923a380954c1082e898e3de3df7e7eb7990db09
-
Filesize
874B
MD5beca50aa8d825acea7c38cf6dea90b01
SHA1ceee60246ea51be802a2224de006f56dd6f2e44b
SHA2563376305e5a9c673acdd2108c9da8b3221fde4060b3fde1f0c7e91a350de30256
SHA51253316380b4b7cddad53b6ee3fd5412160f63a51aba39ec3355b9dff572e9f2a735c7a434c1a10d54a094e235b53cda5d485fd5d3290ebac985b631b28a519102
-
Filesize
874B
MD5aec4a907384ec4581c5979503f495c7a
SHA17476f36303e65c0427953fde76540f1257d07c5d
SHA256f607520c30002d70d59aa2abd0c6cbe63b42ece51237d281e4b8dd21f9f83ff0
SHA512b42caa06195d7f1e266dc092a1c06f199fc4a256be75a0ea4a3590ed88899a4f27cac2d9afa3bf32ae344ee68f8cbd66a8e99d1a16ba0f05ed0471ccd6a21372
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD516f690b57997eac990e6d8f963317a44
SHA1ce40eccb6f48d435805d943c1ab8e56972772502
SHA256814ab4d1c9e07afcf7c3ea25e627b811eb6c6faef3b5b67fa9f54ba4084b076b
SHA512df369a634e67b48e50e3d52f6b81d0a15547a99b52e946a8945e8b3fa4b131e54a2d592e0cea1b19d33ef1006aacc0aeeb02a6c91419a3348780790762d3de4c