Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

libdirect3...l.html

windows7-x64

1

libdirect3...l.html

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 00:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    libdirect3d_plugin.dll.html

  • Size

    7KB

  • MD5

    f84068e81d88f39612bed3f98d2e2839

  • SHA1

    e0d39f527ca2e251e563c125d6261ee855cd2a9e

  • SHA256

    ea1f97f50c13f24a9f7b38a3f4301c1eaf3ae1da404c2053cd05a7e4044bca73

  • SHA512

    af0c5742b0d71ca6f229dfdb00d09daa8ce850d29cdaeff3e6d4a0955e6a0bb32bd8cf83827cff489fae3be6cdc1ad0798a3eb6d03e23f2728ce1f92cf8a596f

  • SSDEEP

    192:ZrvTPMcMHyx16vVv/Pv/dlv/qvC4v0mXHP5BxSnv/FvST/lo3f6vv1v/9vLfvMvG:ZnPMcMHyx1S/dthmXHP5BxSnYT/2SGsN

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\libdirect3d_plugin.dll.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4196
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffdf75146f8,0x7ffdf7514708,0x7ffdf7514718
      2⤵
        PID:1716
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13020366914115000953,5327196048309271612,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
        2⤵
          PID:820
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13020366914115000953,5327196048309271612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2148
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13020366914115000953,5327196048309271612,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
          2⤵
            PID:2416
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13020366914115000953,5327196048309271612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
            2⤵
              PID:4984
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13020366914115000953,5327196048309271612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
              2⤵
                PID:3692
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13020366914115000953,5327196048309271612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
                2⤵
                  PID:1896
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13020366914115000953,5327196048309271612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1976
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13020366914115000953,5327196048309271612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
                  2⤵
                    PID:1528
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13020366914115000953,5327196048309271612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
                    2⤵
                      PID:1892
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13020366914115000953,5327196048309271612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
                      2⤵
                        PID:2396
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13020366914115000953,5327196048309271612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
                        2⤵
                          PID:5040
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13020366914115000953,5327196048309271612,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2748
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4116
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4036

                          Network

                          • flag-us
                            DNS
                            68.159.190.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            68.159.190.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            241.154.82.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            241.154.82.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-gb
                            GET
                            http://www.google-analytics.com/ga.js
                            msedge.exe
                            Remote address:
                            216.58.213.14:80
                            Request
                            GET /ga.js HTTP/1.1
                            Host: www.google-analytics.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
                            X-Content-Type-Options: nosniff
                            Content-Encoding: gzip
                            Cross-Origin-Resource-Policy: cross-origin
                            Server: Golfe2
                            Content-Length: 17168
                            Date: Wed, 17 Apr 2024 23:16:50 GMT
                            Expires: Thu, 18 Apr 2024 01:16:50 GMT
                            Cache-Control: public, max-age=7200
                            Age: 3401
                            Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
                            Content-Type: text/javascript
                            Vary: Accept-Encoding
                          • flag-us
                            DNS
                            25.24.18.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            25.24.18.2.in-addr.arpa
                            IN PTR
                            Response
                            25.24.18.2.in-addr.arpa
                            IN PTR
                            a2-18-24-25deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            14.213.58.216.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            14.213.58.216.in-addr.arpa
                            IN PTR
                            Response
                            14.213.58.216.in-addr.arpa
                            IN PTR
                            ber01s14-in-f141e100net
                            14.213.58.216.in-addr.arpa
                            IN PTR
                            lhr25s25-in-f14�H
                          • flag-us
                            DNS
                            21.114.53.23.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            21.114.53.23.in-addr.arpa
                            IN PTR
                            Response
                            21.114.53.23.in-addr.arpa
                            IN PTR
                            a23-53-114-21deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            26.35.223.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            26.35.223.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            157.123.68.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            157.123.68.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            198.187.3.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            198.187.3.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            31.121.18.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            31.121.18.2.in-addr.arpa
                            IN PTR
                            Response
                            31.121.18.2.in-addr.arpa
                            IN PTR
                            a2-18-121-31deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            172.210.232.199.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            172.210.232.199.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            19.229.111.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            19.229.111.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            25.73.42.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            25.73.42.20.in-addr.arpa
                            IN PTR
                            Response
                          • 216.58.213.14:80
                            http://www.google-analytics.com/ga.js
                            http
                            msedge.exe
                            908 B
                             18.4kB
                             13
                            18

                            HTTP Request

                            GET http://www.google-analytics.com/ga.js

                            HTTP Response

                            200
                          • 8.8.8.8:53
                            68.159.190.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            68.159.190.20.in-addr.arpa

                          • 8.8.8.8:53
                            241.154.82.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            241.154.82.20.in-addr.arpa

                          • 8.8.8.8:53
                            25.24.18.2.in-addr.arpa
                            dns
                            69 B
                             131 B
                             1
                            1

                            DNS Request

                            25.24.18.2.in-addr.arpa

                          • 8.8.8.8:53
                            14.213.58.216.in-addr.arpa
                            dns
                            72 B
                             141 B
                             1
                            1

                            DNS Request

                            14.213.58.216.in-addr.arpa

                          • 8.8.8.8:53
                            21.114.53.23.in-addr.arpa
                            dns
                            71 B
                             135 B
                             1
                            1

                            DNS Request

                            21.114.53.23.in-addr.arpa

                          • 8.8.8.8:53
                            26.35.223.20.in-addr.arpa
                            dns
                            71 B
                             157 B
                             1
                            1

                            DNS Request

                            26.35.223.20.in-addr.arpa

                          • 224.0.0.251:5353
                            574 B
                             9
                          • 8.8.8.8:53
                            157.123.68.40.in-addr.arpa
                            dns
                            72 B
                             146 B
                             1
                            1

                            DNS Request

                            157.123.68.40.in-addr.arpa

                          • 8.8.8.8:53
                            198.187.3.20.in-addr.arpa
                            dns
                            71 B
                             157 B
                             1
                            1

                            DNS Request

                            198.187.3.20.in-addr.arpa

                          • 8.8.8.8:53
                            31.121.18.2.in-addr.arpa
                            dns
                            70 B
                             133 B
                             1
                            1

                            DNS Request

                            31.121.18.2.in-addr.arpa

                          • 8.8.8.8:53
                            172.210.232.199.in-addr.arpa
                            dns
                            74 B
                             128 B
                             1
                            1

                            DNS Request

                            172.210.232.199.in-addr.arpa

                          • 8.8.8.8:53
                            19.229.111.52.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            19.229.111.52.in-addr.arpa

                          • 8.8.8.8:53
                            25.73.42.20.in-addr.arpa
                            dns
                            70 B
                             156 B
                             1
                            1

                            DNS Request

                            25.73.42.20.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            8c91c8582b0c918416d14bd7eedd686e

                            SHA1

                            b2ff8149bc21144fdcec64111afda492965c6621

                            SHA256

                            1e839706b748c04adf8efa2790564ca1efd707fdf6451e71af6862e07123717e

                            SHA512

                            a93be868d9f08097bff39069378a0bfa0f5c78e74e9e8df820be9b0426cbfe84e03e9638b329b6142279ed140a120c4c4c21857f410fc4789a370445c3919dcf

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            2579d07b98bbefadc929d80fb3dbd32a

                            SHA1

                            1ceb57c4b81f0f23500e118a4b9a225116a467de

                            SHA256

                            b8443c289ad36568a2bf794ac9ec1f259a9dd930c36680dafc8d0cb4de81feb6

                            SHA512

                            53522ad5e8e2a272d5b1bff9b9226b7d976d47413891c60d7efebd4365baff12b6891e3f79b20e14892ec7c654ad2d437941014290c428c6b1bd78a7b3e557de

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            5a88598a653aa78a3b253d495456b44a

                            SHA1

                            5a11a11c8681b589de4c429b633c51489a0fea46

                            SHA256

                            0e2cf19658e009b4295677b3293182f1a0ee977bc532825a9f74c4b4c05b4076

                            SHA512

                            066519e58ddc2c38259dd89eadf7c8df2a5df76a89cbc9776767b69ca5af4b540decee835b0e5b4d2b4468b47404fa1d473853c6c25a7702c1f6c0ea912ce487

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            0dc8f1b76b31b92bf3c9a36f8b744907

                            SHA1

                            ac76938d8051e69dec1840f2ce461032bb8bac94

                            SHA256

                            b32f40ad9cedc72a54e80cee9084e0a356ef8f45124b65a0506dbecab0dcb5d9

                            SHA512

                            b97eb853a642d8425a79b11700c13339798f9b85ccd8f2b7bb93e8333bf4cfe120251b691419bc58e44c45cae2d5e9e4dc9dfdcfeec2236b15527b4a9d3beb85

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            9617a096f01e7e71ddd6a0be0e40c476

                            SHA1

                            ef3c664b0e43deda34078c08105bc5c24af20d0c

                            SHA256

                            2299350621360b6ded91cde2f0a7ef37784165531067ea73e056cf3c50985977

                            SHA512

                            9c682aeec1aa1e25542778983dd7594def2413bf5d961589668f27f4688abd4c9a599480076a28f8481a2ce108aad4a4ed551b3a66981fd751c9442fa21fe679

                            Download Submit

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.