Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

Private Se...ch.eml

windows11-21h2-x64

3

attachment-10

windows11-21h2-x64

1

attachment-11

windows11-21h2-x64

1

attachment-12

windows11-21h2-x64

1

attachment-13

windows11-21h2-x64

1

attachment-14

windows11-21h2-x64

1

attachment-15

windows11-21h2-x64

1

attachment-16

windows11-21h2-x64

1

attachment-17

windows11-21h2-x64

1

attachment-18

windows11-21h2-x64

1

attachment-19

windows11-21h2-x64

1

attachment-2

windows11-21h2-x64

1

attachment-3

windows11-21h2-x64

1

attachment-4

windows11-21h2-x64

1

attachment-5

windows11-21h2-x64

1

attachment-6

windows11-21h2-x64

1

attachment-7

windows11-21h2-x64

1

attachment-8

windows11-21h2-x64

1

attachment-9

windows11-21h2-x64

1

email-html-1.html

windows11-21h2-x64

1

Analysis

  • max time kernel
    1214s
  • max time network
    1168s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    29/03/2024, 17:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Private Search Engine - Brave Search.eml

  • Size

    176KB

  • MD5

    1b73aa09df155e5e691b03e1ccb4be69

  • SHA1

    f3a57891eeb16fbff1ee5deacabf3cee13a6c3e7

  • SHA256

    29c5020fc1c1932a567feab182bfb9da15c369f455e3f607779a6a77c8f69e1f

  • SHA512

    412eb3cdb52eea404aff5c09fb549dfbbb2a1bcdd240898c06e68da74a2afae6a807520a8061ed8f3fb424f3b4d27c9ec0875b92839e195e44f384b0a36d3892

  • SSDEEP

    3072:SS9YlP1+1COXojNjZCvHmq0yxmRLrQsQsnSKns4iL3UyeaKm2xpFUcnjQVnSbrF9:SS9YlP1+1COXojNjZCvHmq0yxmRLrQst

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Private Search Engine - Brave Search.eml"
    1⤵
    • Modifies registry class
    • NTFS ADS
    PID:2508
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb5e433cb8,0x7ffb5e433cc8,0x7ffb5e433cd8
    1⤵
      PID:2424
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
      1⤵
        PID:4976
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
        1⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4116
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
        1⤵
          PID:76
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
          1⤵
            PID:4592
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
            1⤵
              PID:2900
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
              1⤵
                PID:700
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
                1⤵
                  PID:1608
                • C:\Windows\system32\OpenWith.exe
                  C:\Windows\system32\OpenWith.exe -Embedding
                  1⤵
                  • Modifies registry class
                  • Suspicious use of SetWindowsHookEx
                  PID:4180
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:4136
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:1068
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
                      1⤵
                        PID:4256
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                        1⤵
                          PID:3952
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
                          1⤵
                            PID:4248
                          • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
                            1⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5108
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
                            1⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:852
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                            1⤵
                              PID:1760
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
                              1⤵
                                PID:5032
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5172 /prefetch:8
                                1⤵
                                  PID:4516
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5956 /prefetch:8
                                  1⤵
                                  • Modifies registry class
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4600
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
                                  1⤵
                                    PID:3636
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
                                    1⤵
                                      PID:1992
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
                                      1⤵
                                        PID:1140
                                      • C:\Windows\system32\AUDIODG.EXE
                                        C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E4
                                        1⤵
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:3324
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                        1⤵
                                          PID:4592
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,15521513031489372247,5454925646834296011,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4160 /prefetch:2
                                          1⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:2176

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b
                                          Filesize

                                          1024KB

                                          MD5

                                          214a00029eb7825c9de2e0ac97e65889

                                          SHA1

                                          936dc084dece3f57d095f58edf6f2193b6cbc1ac

                                          SHA256

                                          5a307e1a3d8ed2fcc663a2ad5a313cfe601bfbd40ea766b32252dc24d9e27431

                                          SHA512

                                          dcb1a0db33e26f0cac7fadc991afe1143b6476870cd0462a3e0eae8f4c4f17c55444dd015756e23d1b52e1bd57fe5a311c5fd6246a1e2a4032d9da79ccfefba4

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d
                                          Filesize

                                          1024KB

                                          MD5

                                          c86ddd79a5575d490b7e1420d220b059

                                          SHA1

                                          11e1e7bddb77bc427bd07e902e804e5fa9d4cbe6

                                          SHA256

                                          2a40e668d39445150dfb3798076719bffe4be6ef2765ae60e9d8e863ca5eb6ee

                                          SHA512

                                          ac825cba3e274c5c614a7a2471834ba2f31e38f9091983fcfd568ed24946b95a353f7b9a0e48dc3ee3da0a414bc02df6ce3c3d0eccf8787f2a4c519d47769b4f

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e
                                          Filesize

                                          1024KB

                                          MD5

                                          1bcc88e4ebef45813f0ec6a3a94c0606

                                          SHA1

                                          76619f68ab8783a3f8d07e4129bc5a1ced5c5e1c

                                          SHA256

                                          2e7aa0a0d49809bdc6c69b7b8a2faaa75202c0cb7476795e32a382804ed480ac

                                          SHA512

                                          c23c54bb96fb35616ca7b6c10ae2109d81821801a690b7d3bba0ec0f2fc785fcdc6bac7ba33caa92c5f86537f859f8b1cde2166d8f793d5eeddf2d9f9c1b1d3b

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                          Filesize

                                          111B

                                          MD5

                                          285252a2f6327d41eab203dc2f402c67

                                          SHA1

                                          acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                          SHA256

                                          5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                          SHA512

                                          11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                          Filesize

                                          111B

                                          MD5

                                          807419ca9a4734feaf8d8563a003b048

                                          SHA1

                                          a723c7d60a65886ffa068711f1e900ccc85922a6

                                          SHA256

                                          aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                          SHA512

                                          f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                          Filesize

                                          1KB

                                          MD5

                                          c30273d72c0cccad9b0ac26005cc64b5

                                          SHA1

                                          df6547410a5fa2365c88d7a53ae1b108d5f5b996

                                          SHA256

                                          f975cfb011c411908fb17ef3f509db5a6ec4e5ea793e05e0c37e7c3f46e2c084

                                          SHA512

                                          35cc65854ffa0104622f9466f2496248250482d9b0890c9ac01276c8fdf03590d02ff95727c26e7402f6e0b1061313c0d0e0b641df5fcaa1a73a69c2323e414d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                          Filesize

                                          1KB

                                          MD5

                                          379270d8aa1a3de42ae983cb861ee5cf

                                          SHA1

                                          eea54130a6a04f7d9981dcec4e31986f28081f70

                                          SHA256

                                          6b1af5ea7975fed46aeb745b64fcb1a4299907ccb0a47abc5e233daafcc33246

                                          SHA512

                                          79d667de33c51d76b856e05de78bf8df3b1355b68124bceacd23aa987dfc8b3ed9ad27091ace638200881b54968b89ddc5e8239e265cd454c6bd3ca5179d8f5c

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                          Filesize

                                          1KB

                                          MD5

                                          0591228d6ad72681354ab75667330be5

                                          SHA1

                                          bf349edf19a481ab6fbdbe3a76a79190001fe30e

                                          SHA256

                                          626746510681174ce4702a745501a0bfc2ee990e7cab3ce225c1afad8c342a2f

                                          SHA512

                                          61b40f6ab1bba9ce35d16437f76ba4faba52b5bf42490578634526364f6b1d38314c89709ead8a055d8fa5cd4a01abd25f3ef58a25a06ed404e7ab01521993ad

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                          Filesize

                                          1KB

                                          MD5

                                          6c0742b92fd18f4624c1ce53f9297e36

                                          SHA1

                                          562dbef429fdefaeecd58e23c407ee9ef9c2b4c7

                                          SHA256

                                          a3936941c7b0ba595327af1568e830e4a44564b92e5777dffc058707b00d9725

                                          SHA512

                                          f1a246afdc9ed21869e3365f854f4814127be14a151dbaee0fea7766cac2d6a73c91141841679ea0a12b8f6fa4bbdd1a600d0a087fc8b7dd243b2159097b1a2b

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5887e8.TMP
                                          Filesize

                                          536B

                                          MD5

                                          70dc6d87cc634fe8306fe6c16fc72084

                                          SHA1

                                          fa2bbed07c38b92a702aa4e5ca93ad3845d7c3b0

                                          SHA256

                                          74ab3af08cd9e0fc0bf7779b00b8c164eb85a4f3178b00e55e8ebce7322f3913

                                          SHA512

                                          56649bebd77a7a9044898c5336423da7836c07b418582a273afa2c6c4e0b637cdefd6b82c4575b31a000eac9b72ca1904d57ee563ee3c40fbb993fbc185d2d9d

                                          Download Submit