Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
316s -
max time network
320s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
05/04/2024, 23:27
General
-
Target
https://www.ti.com/ordering-resources/buying-with-ti.html?utm_source=google&utm_medium=cpc&utm_campaign=ocb-tistore-null-58700007762798204_tistore_april22_rsa-cpc-pp-google-wwe_pur&utm_content=tistore_april22&ds_k=texas+instruments+products&gad_source=1&gclid=CjwKCAjwwr6wBhBcEiwAfMEQs6tI1_zeBwcPqLsWTMWM0kaGRaLOIn80EKc3nAbWojcA9qtX_GdP9hoCZR4QAvD_BwE&gclsrc=aw.ds
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ti.com/ordering-resources/buying-with-ti.html?utm_source=google&utm_medium=cpc&utm_campaign=ocb-tistore-null-58700007762798204_tistore_april22_rsa-cpc-pp-google-wwe_pur&utm_content=tistore_april22&ds_k=texas+instruments+products&gad_source=1&gclid=CjwKCAjwwr6wBhBcEiwAfMEQs6tI1_zeBwcPqLsWTMWM0kaGRaLOIn80EKc3nAbWojcA9qtX_GdP9hoCZR4QAvD_BwE&gclsrc=aw.ds1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xe4,0x108,0x7ffffad046f8,0x7ffffad04708,0x7ffffad047182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11085007698807623016,15958315974199307424,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11085007698807623016,15958315974199307424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11085007698807623016,15958315974199307424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11085007698807623016,15958315974199307424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11085007698807623016,15958315974199307424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11085007698807623016,15958315974199307424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11085007698807623016,15958315974199307424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11085007698807623016,15958315974199307424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11085007698807623016,15958315974199307424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11085007698807623016,15958315974199307424,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11085007698807623016,15958315974199307424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11085007698807623016,15958315974199307424,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11085007698807623016,15958315974199307424,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
Filesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
Filesize
1KB
MD5bbf0693ab24dbb89d7e232b2f8b00803
SHA1d0e58b0e0c1bfcd3c14c8493bb241ee958ecda01
SHA256314ca388500acdc68295c3925b3b1a4e9cfa3ea1949ddd884856e1fbd1e7001a
SHA5129afe7d7baa2e035ada33b0ca943721be42a0d3ca8eae045d6eb15435b54d22ae304c8b86881c9f244d4ad4f2578b52b6c862b1cea5f22fec313a5c9f304109c7
-
Filesize
640B
MD56a18669e8d12a703d87055d6654c5ff7
SHA1813fc460e9a2f2248c3ca7747a468be79916d2a9
SHA256ef4cd5180c8ea44b58e1c3fb8dcf9f85a8af9c07bb42cd56d894ca18b6c80a41
SHA512c71bf0d3cbbf4ccc7e07b23cd1fa2f0e8d8527a26239fae37a82620100b151217b8f59d19f38b3aebc830f429696080cf98decc96d9102c691a7866577accba6
-
Filesize
640B
MD51affd81d3adefb9257e8d7362941447d
SHA100d43134ffe109f6b78f4c80ca8b7c48650d5894
SHA256d7a0b2c10bd2aa777bd1d27084ada91d7beb3b72f88ec215ba001c252df6a1a1
SHA512039390a3045c2cbdcf6e8e50c84ff03614637e065f87eed716b843ab11694016daf8121ad79ffb689790a8203f3c24d5a3f01bfdc4e3240b33a0cdf726e0f471
-
Filesize
6KB
MD5daaef3f7ddd4762d3c5ad33f2cfaeafe
SHA147234780077ca14221a4201bad5a1f7c4c968c33
SHA2569c020f11c850759d9dda0307f529aa9dd603f620ecbc03028f428d1e1d90522a
SHA512d2992697dbfae15a77d55eef75b45f8a8ffa9bb1e9163486a16e149f93382cfe67189559f40a40e6c505d680438bbdf70ec5528406fcf8db2e66db83d66557c9
-
Filesize
6KB
MD5f373c5a63bfb9114a0c7a79a430f7172
SHA1cf5f4eebc66d1b058a78d1558d9d28ee989179b3
SHA2561545361470bd816a50b1d164e079512b2f3f6eaaa1ee110a54e34dde53aa0521
SHA512b126f56c4e3d9e0f709e032088c894c87f1b5c3bef8a21d8312bb10baca6614ae100381a999f0a99bb265f268b08d467feb4c638f030811e20e93f1547a3fc94
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c646f7038417251ae8ee3fdcec27d06f
SHA1f6d4fc0eafc2439d09e96df4ef364bafcd3fd7d4
SHA25687939a19c58aa9b9e1923cf89eb9c62d5ded118a52b21f0b0f0da05b2e6ebbec
SHA512a1cb0b2b70a6fae0844566b93bfc739e6fdf7b0342cbfb21d90dea0c3ca4589bce3fd832f1b33491e98d70dd55de7fc9140aa5b6d1801302eda7b96e3f0e61e0