Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
12/03/2024, 21:40
General
-
Target
824-97-0x00000000002E0000-0x0000000000310000-memory.exe
-
Size
192KB
-
MD5
6d48ed4d6611e523a7826db28695cfca
-
SHA1
31587036856ecc68800a32e31e2451e9822fe892
-
SHA256
f0f2ee7efac49fb975781173db74e67e38e7a49664cae1e65788b10a73675baa
-
SHA512
cd15d552aebe2486fa1c96daf47629b45c44b9a1978361085776d25f7ffbb78a57b2efa574b1b549f714e6e512079509e72b76d39038482d6d85e62cb617ee80
-
SSDEEP
3072:J47FCYO0NJQ5S0xNcIA7qVJeNGt8e8hy:Jvd0AEnCVJeNGt
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\824-97-0x00000000002E0000-0x0000000000310000-memory.exe"C:\Users\Admin\AppData\Local\Temp\824-97-0x00000000002E0000-0x0000000000310000-memory.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=824-97-0x00000000002E0000-0x0000000000310000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=824-97-0x00000000002E0000-0x0000000000310000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x2a8,0x358,0x35c,0x2a4,0x368,0x7fff688b2e98,0x7fff688b2ea4,0x7fff688b2eb03⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2272 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2948 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:33⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3084 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3428 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3444 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4888 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5084 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3604 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5192 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5744 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5744 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5852 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5804 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5956 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3564 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6036 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5056 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5956 --field-trial-handle=2276,i,3207366468803192798,11202831713194117163,262144 --variations-seed-version /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4136 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5048 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5444 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5536 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5588 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5624 --field-trial-handle=2496,i,15897292497548307209,13920214570023230813,262144 --variations-seed-version /prefetch:11⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5b58211ad0be2a2e0819203d22e07c2e4
SHA1090b9c4c425dba69e4b66650745cb229846846f7
SHA256fcc1a21bdbf065abd75206ebc208a4068e5e74dbe5a377fde2050cac2ecd34a5
SHA5127eee3d92834509f833668dfd47913efff3b6af152e98a7df927558bc8c747347de7cae868e53730f8c22b38e358cc76634308a06eb75fff4a00c7af23e6b63f8
-
Filesize
280B
MD591e60e466cb23688852776f8bb2fc42f
SHA1b947a5d32579b0cf10e57995a1eaf1f6659e3c10
SHA2566ed2529d5ea92a429326b215995c9e2ba7d150bad6044448f0dbfd88f180df8b
SHA5126733dad3b4cba7c806169b11d1f9bf55d329a20efca6e64569e72dd67519268b539789a8554bf71a60645b21560017659d482ac500234754728fdd768dcb5a3f
-
Filesize
331B
MD5306ad16889cc6df6dc3b012f018bc9a8
SHA165b3f41414283a34af6defb262ceed174e954665
SHA256253c7a4d16b0abd16443898e36dbd73598b9047b1342368a45e3d52e2c0f8932
SHA512b4b85293fabc10174c6ddeebf84e467f71d0a90821ff0bff747379e374d3691aedd0004d807e27764ed0a9a475a615a1b1597211fb3fe7b6ee4af4cb52fb2cf4
-
Filesize
192B
MD5500283c402474399b408f7eb9d37696f
SHA10ae2ac9412d19569ce8c2df02ed1341c393f611b
SHA25610f4852e68c914ed6cba1e0209666c5f011a9eaed7ed5c47b6c933fd057ea92c
SHA51258b4cf81f610d98ca91a3b0264d29bb9e3d9c70b02d1775ef4efc08031acbfd74329cb0642363f27c252345571e0557b4c3eb48bc5520c40765af29061344ce9
-
Filesize
168B
MD572a246b32deb7b4928643d3ae0873d60
SHA18d5f981c82f3bedbd95d8f900c4c71e820ada634
SHA256d92a6993961b0cda43c803435adb338d815e30905ca3d8d14f24be384434ad41
SHA512dc74a51fbf14a89fc035cb71f287c08a9222f60729db8c9af163c544fbf5491a402d57af5da351ca03dc2a6605aeb43147b13eb7221fc003c4cfbc4595ba6735
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2KB
MD5cd157e93fbb8a1f0f33ba886a1625c9e
SHA111fbab5f50212f9b83dff4a09dfd358ff00d6e26
SHA256002adfcaed1780bdc0f7bc67b94edef631cc59c49db49b41d3ad700ccb1b14e2
SHA512de8dad3be634fa68caed87d4cc21093a924ab9290b678d951afcf2452d7679e6a58e701b557d9d2aa1cf6655a6b1f5a4685afd74287dbd6e16fc55bbbdf18c43
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
854B
MD5dea9c5130c081ef7887ef58440a97c5b
SHA1c297af0c3a3fd04c2ef321438c3d860a69aa433e
SHA2562db1e934eec6b177a50437896e477243570141218d7fefbbb7cacdbbbe687a0b
SHA51250895f8772a5c596529b2d01f8f5a595c0723a1ce85c9ae010f939a19ed3c384ffd801f0df9e8f46e4eaa8140fc594c09fcc2f7b750f24715f2372615b963f47
-
Filesize
10KB
MD5ba01cc0039e19d9bd3df68c96012d806
SHA192ecda369089717693c1047ca149d9defce30641
SHA256c6e31e9343d87ac8b15151656f72733e455c27662918ae68d70e057cdaf3d3f0
SHA51220c207f48683dbe3e959df85ee0b9335a285ee66ba5ebe6ff50098a0d2bc59e65f5ef2a6cc815bd7fd4e413f2efb62fe47151969c25416c3ebdf8dda35a0586d
-
Filesize
30KB
MD5cdf96bc9514edc1565853798261499f0
SHA1f4490c6de4d46b188870fda735205226d0efe3f6
SHA256cb0fc45af52e1828b47e9fe61dbd0bcce08672bb3af7dcc08325b1938d0fecee
SHA512d98f7448a3f58d6205b86a2e458b6d62c4b350da69f335870788d5755c49d5ae6385e3318801763a29c4988f03388a98526e728a81631d9d32db6704d2388505
-
Filesize
46KB
MD5b761f5b01349b04440ed311c5baf9d97
SHA176f731f0b2b7fa25868b58b87d42a863c876b245
SHA256c60c9d0c5ef5f74a458f1b0b03e6a94d397b669fd55f24566d032986930b5d2a
SHA5129395b31d23991078e3378d40c31037c2984f8724d0950ec8989a6146707afb491070f3279acf93e9fba949fc29de8258802a10b04eec7534261d25df3b42bac6
-
Filesize
36KB
MD5f056d32030e2b41875508f77e3ac9115
SHA1542d1f782740b308df0ef5bdc704910783ce5e3c
SHA25671bc227be5d387825ebbc3b6dfd9a3f9fe16e063d7e5840dce931953b41ca1c6
SHA512a54e0b39ab0a6c4556c51403346c0e13cef0a4e886f64cddada7cd6acf9714d143778ee9191e40a0b1eb235f1687e06d42eb937051141444e4e391f681c7be6d
-
Filesize
2KB
MD50d22145df4403800d3696901e4b9d1d3
SHA1fe25edbbfe57a88633c38e0c5a50103810d1943a
SHA25680a66346ad24621422f266c88dd117cb53339347943324c180504a1fddff7e68
SHA512c3b7acb9b8548c83259aeca10faff636b2aa1e2e2aeae18cf2cdbe81d01fe67c378833faac6cc8e9b84bfafc192a16d13267bf32a6f71d0e35b842f0f81f6f2f