Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
161s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09/03/2024, 17:50
General
-
Target
OpenAL.exe
-
Size
468KB
-
MD5
2a64a52ee5850a6710968ce44f25fb97
-
SHA1
8abd31cc5de9a4f573c4f178fa6d9dff2ba1aec0
-
SHA256
0cef1720e338870cfd693376e15831c49b0b747bac01587c030263892135bc9d
-
SHA512
e4c0346d6b967c9fc3ec38e05765f6e45ea3de78f04cbb92d4a083dadc831b45563272b5ca7583e06c6033f72fe559f1bf20cda8dbcdd1e4a19840284344ec09
-
SSDEEP
6144:zJj49VfrMbrSdycu8eWLQstXzg+uG1QdIEeoUaYf8wNH:zJj49VQbkeWL/+2oUaYkw5
Malware Config
Signatures
-
Phemedrone
An information and wallet stealer written in C#.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\OpenAL.exe"C:\Users\Admin\AppData\Local\Temp\OpenAL.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=OpenAL.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=OpenAL.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x2a8,0x394,0x398,0x2a0,0x3c4,0x7ffe8ba52e98,0x7ffe8ba52ea4,0x7ffe8ba52eb03⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2372 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2864 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:33⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2984 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3428 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3768 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5052 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4944 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5312 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4972 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5848 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5848 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5912 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5904 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4584 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6140 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5744 --field-trial-handle=2376,i,11364626976354357048,3659222910759090434,262144 --variations-seed-version /prefetch:83⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3652 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=2804 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=4440 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4220 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:11⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5619fe77f795457e41c2994834593e629
SHA1d9c70854fdbcb203130e42965e93e8c89df226d7
SHA256c7576c8894c9ab0e3ba5a19f480da3d245532b906aef51b0c8d636afd51bd2e6
SHA5124dc513215c6e3fe1d4ec339fe442cfcaeb1a4248f86edc8de8d8cb1009e8f9f485c4cd30e9631ce2719909f0982c5b442a1cbfc6c307117289b4c8c9474d78f4
-
Filesize
280B
MD5eeaef5ad4b2f5662e3738f7daf32285e
SHA10c02fc32a4cbc91f632f863d216c0f4e45b8ba28
SHA2563feb18c06c1cc54d8519975aebccf00c748ccd4f8089506a1bb7bc9a76fec117
SHA512da03ffaf78f2daf4721b10ace38bee08f39a1a2b25017f0d4aa3c95bebf2ec22b8bb11dc577df73f6848300e1f46c6cd59f97aad9b2e4f9352709091291335a0
-
Filesize
168B
MD5b3ba90621f3e59591488ce33a524fda9
SHA19661941df3ccf2c1a1d511de2eaecf9f814cb21d
SHA2560f290b4bad0f36be0af9a2889060952fcd722fe7311860b45e4a62c2323f41de
SHA51207fb9555e30eb75689c0f61f5360b8d460dd5b332d147898c2059144019822ca65a1326c500aaa7e6cb6bb61e2cab6fcfea51461713420a4262d4010d43d08e7
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2KB
MD5b58ad96b998d2851ceb17f203cf30271
SHA17d0cf63aba3a60eaafca4c8e6dfa009ae3e128dd
SHA2562becdf99ce2d95757ec956fd14236a5628422dd45a4b43588aafe69cc53b472f
SHA512d6168cdea2fc8b738e9b4fbceba083981094b60b7d03d8b92f7c1e77ee9f6bccd19cf5d0d64ae2ca44c469dce898a1b701aa537d3240b51ede09dd962a068e6c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
858B
MD54435487e3dfe865badff59e2aa776aa9
SHA1d3eb2c34bd7129284c65c8d4adc955ff7ea5c38b
SHA2569bb6d2005ea1e29fa0d12dd59d974fee2bd5b86e23f104b4e37ab1a4f0084521
SHA51289698dca1b678284a51ca7fd81d41b09c14a30ce31725ede3672f2376936983aacaa7d5a11c80b90c8017a28a6c860c89ee437ca0de410b0b26eafba9236fba9
-
Filesize
690B
MD5b7dbd45026a8876c2ff0cc2993cd388c
SHA1144042b2d5d1565ba2d74ecac8fcc3bc93496020
SHA256cd50c5198bcf6b408aaffb7bcb879b33ceef11ce3841bd027f844226f5ef5cec
SHA51273655302658c9f67b757920e7c2941431dbcd3cbac254cf1411f619592544ac7106e9e69aef8b0d1dced38cbc5e6c5e6c58ccb09c2f02075f8f5bcc94c02ed36
-
Filesize
10KB
MD5da56c257d3fa99452bb45cdcfb6e9bed
SHA19adf61343989ee011b43ca3e28ca1c0de8f047ad
SHA2564ca617605ab9e4da39e1c5bc55851673d6a19dde459a5265ba768cd7832750c1
SHA51252ecc62d30ad34f3edfa969cf620d445cc081fd68417c38feaa9416ae40efbfc1aa96e7345675f229b231c39caefa7772dbe013525a93e64d88528c569d7689d
-
Filesize
10KB
MD53139c50a662eadae0828a7a727336f1a
SHA10e3bea26636b2a249541d944bfc08508e5c1df53
SHA256df34ba669dd9a7edb5fda1b05af311b0af3272d48c30243045fdf4c14cdeb969
SHA51217986336e380772053a4bfff2dbb22d952da18e3b8200d3f2792dfe1d3166cfc2d56af79add3d3d1254608c908e14acbd59a9295ea5016179c61bb7a53a22215
-
Filesize
30KB
MD50db5ae14fabce7187d36fa4f014694f8
SHA1ba9889356d4e2a0bfd67db8499cd77ea8e5c65a2
SHA25698bd31bb34ca10c6edbd8ea3e117f51f155b76b8003f86dac02c3dff5d8b3a39
SHA5121a37b582f54350722f42efabf6212667c060fa81ca83724e9dbde02ab344eff908fb900a9930c51230bbb518d1774c3477ab05aa5ce40477d84031a4e09485ce
-
Filesize
36KB
MD5defe49fd0424c2f3498edf23cefb5dcb
SHA111fc738db26188972ce5675b524f2d0dc8a205bf
SHA256441e58fca40a7fd37a185cf42f31e2c4ecdd95c5c685ecf0383a11cceaf88b98
SHA512602ecbd0c11165386fdb6ca84724ef2fbe1f1c1bb6d49d9592510531e401625748f62b54bfd72eed1d388758e52d185844586bdc086a743846627e8fe36c0f09
-
Filesize
36KB
MD58c4253e96666344a19b65e1a14c6aad7
SHA1ae912146e2f8dc9d6c50469fc40ae61a4e9cd2c1
SHA256650134f24add95e6d1dbb0363d2756039e5eb953a9506b9434ad67452f0e0ae0
SHA512f0ebe29df9262c4a39686104fbe4d0aa205f029e3f86c2a7f7d12d50b050138ff7e9b42b7feb4767b677f3e940a1d5fdc26573bfae22d71dd6719a813b9c302a
-
Filesize
46KB
MD5c3f5bead6fc5f7e63f95474a9789646f
SHA14d5ef43d37c90c16369cadfc0d4fc7f08b25c540
SHA256f81ed68f5e2c16c9e773a51569505bcbad59123a2b07cd2b7a078b492ee19d34
SHA5121ce52aaddb60f2a667881a763fa20ab4f52a88b1be0b177b921f03bea4434e47fa1a83ede56a17f1c2f642e06ef25cc1b4c674e8174ff1b81d029723b52b88ed
-
Filesize
2KB
MD50ea092bc8c805d782e240fc0c62ffc93
SHA1e4b58daa962713cba68fc9267f1139bea45b0fd7
SHA256e04156815f1e622b6841e322df73cf48257a8f3a892f3af0711145e0bb47d4dc
SHA512760bcb470078f5a967d2660bab6aa58b46b08f0d4ef7eee026b1d09b29bd37b0a5794c3b4737daf2cefb7e1e42e7af3a7a213652a1e41585b281621a37c87845
-
Filesize
112KB
-
Filesize
484KB
-
Filesize
484KB