Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
97s -
platform
windows11-21h2_x64 -
resource
win11-20240214-en -
resource tags
arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system -
submitted
31/03/2024, 10:03
Static task
static1
Behavioral task
behavioral1
Sample
funni little goofygoober.zip
Resource
win11-20240214-en
General
-
Target
funni little goofygoober.zip
-
Size
41KB
-
MD5
1df9a18b18332f153918030b7b516615
-
SHA1
6c42c62696616b72bbfc88a4be4ead57aa7bc503
-
SHA256
bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
-
SHA512
6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
-
SSDEEP
768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2108 msedge.exe 2108 msedge.exe 344 msedge.exe 344 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe 344 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 344 wrote to memory of 3036 344 msedge.exe 81 PID 344 wrote to memory of 3036 344 msedge.exe 81 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 1900 344 msedge.exe 82 PID 344 wrote to memory of 2108 344 msedge.exe 83 PID 344 wrote to memory of 2108 344 msedge.exe 83 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84 PID 344 wrote to memory of 3004 344 msedge.exe 84
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\funni little goofygoober.zip"1⤵PID:4376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pornhub.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:344 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb2e643cb8,0x7ffb2e643cc8,0x7ffb2e643cd82⤵PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16376338066927679104,18189990809889524463,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:22⤵PID:1900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,16376338066927679104,18189990809889524463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,16376338066927679104,18189990809889524463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵PID:3004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,16376338066927679104,18189990809889524463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,16376338066927679104,18189990809889524463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,16376338066927679104,18189990809889524463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:12⤵PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,16376338066927679104,18189990809889524463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:3668
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3856
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1440
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ec7568123e3bee98a389e115698dffeb
SHA11542627dbcbaf7d93fcadb771191f18c2248238c
SHA2565b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75
SHA5124a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
4KB
MD5bb88ea8623a90b4c6a7b60a238396a92
SHA183462bac402adec4c24ce7d94826edd1aeb9c027
SHA2563c089c4565a520bf0ea1fc2791102b0637203545e9f8478453ddd183610af5c5
SHA512e612db707c9f33ea1ebe28ca5d8d1cbacc816d11dd9a04af72e6b3bdf49093563cfe6f89052b9f8b4e6e6c48247604c1066e7773ec4eac44acc0e59917583e8d
-
Filesize
4KB
MD5264b8898eddd4e2dc42cd4491d019efe
SHA1f23c3c333a38b7a1e7504f28985a02f30ea215f4
SHA256acc31e45e2770792dd3b53f110763c0ebc24bd1dd96431421e69617a30990f55
SHA51262c0f27060dd17f31e765ab523922a215fa75691928461bdd70aaf63547acd38415584febd8dcfff4ebd8ac7ec69aaed687f075fcab1df718f9d321d8491a6cb
-
Filesize
3KB
MD5ef1d148249f1f1dd4bc18858bff741a8
SHA1793343dac078e0e619078c3b84024958661dd492
SHA256547f671c1094b798f96be36c1f3233bed28f49281133cf2f2e5927997822670d
SHA51207d90d28796d09082b55d67cf174fe4f6ff9e560dd376cd81965c2d1d73fa21a296ccdf92e700e23ebccd1dbb800129347166728c53e45065ec7edf31383e333