Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
18/04/2024, 00:14
Static task
static1
Behavioral task
behavioral1
Sample
libdvdnav_plugin.dll.svn-base?id=8328c31dba7c71ee20ee32f1a735d639f9e43928.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
libdvdnav_plugin.dll.svn-base?id=8328c31dba7c71ee20ee32f1a735d639f9e43928.html
Resource
win10v2004-20240412-en
General
-
Target
libdvdnav_plugin.dll.svn-base?id=8328c31dba7c71ee20ee32f1a735d639f9e43928.html
-
Size
7KB
-
MD5
99e8bddee798aeedcdcc6c98e697e521
-
SHA1
14d9ad2a11a634341460c273fa1e8b6ccf069ddc
-
SHA256
c479661ab48ef01be3afca82b6241159746b9a562a9e1d1d4df1e27bb74d8d99
-
SHA512
ae36434e9c0c56bc21ba9418f07af06ce50a66c9115f56037065b2a8238a1c6dec62491b525aed2d5c6b09dc0d3fcf1ef6665b2c2b364e2fff8046d008667641
-
SSDEEP
192:Z4vTPMcMHyzvKvlvi6vKvCDvMX5v5v5B/lo3AvQvfvqvPvTvfvYUQE8uI:ZgPMcMHy75X//IE8uI
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2268 msedge.exe 2268 msedge.exe 3124 msedge.exe 3124 msedge.exe 4476 identity_helper.exe 4476 identity_helper.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe 3124 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3124 wrote to memory of 2776 3124 msedge.exe 84 PID 3124 wrote to memory of 2776 3124 msedge.exe 84 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 4576 3124 msedge.exe 85 PID 3124 wrote to memory of 2268 3124 msedge.exe 86 PID 3124 wrote to memory of 2268 3124 msedge.exe 86 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87 PID 3124 wrote to memory of 552 3124 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\libdvdnav_plugin.dll.svn-base_id=8328c31dba7c71ee20ee32f1a735d639f9e43928.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3124 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb5b646f8,0x7ffdb5b64708,0x7ffdb5b647182⤵PID:2776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10133942313646354849,1119404955718163363,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:22⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,10133942313646354849,1119404955718163363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,10133942313646354849,1119404955718163363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10133942313646354849,1119404955718163363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10133942313646354849,1119404955718163363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10133942313646354849,1119404955718163363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10133942313646354849,1119404955718163363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10133942313646354849,1119404955718163363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10133942313646354849,1119404955718163363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10133942313646354849,1119404955718163363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:12⤵PID:392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10133942313646354849,1119404955718163363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10133942313646354849,1119404955718163363,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4848
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3500
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:816
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5cff358b013d6f9f633bc1587f6f54ffa
SHA16cb7852e096be24695ff1bc213abde42d35bb376
SHA25639205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9
SHA5128831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259
-
Filesize
152B
MD5dc629a750e345390344524fe0ea7dcd7
SHA15f9f00a358caaef0321707c4f6f38d52bd7e0399
SHA25638b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a
SHA5122a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902
-
Filesize
6KB
MD5b604efe446640b3f67887e7f80577e93
SHA1e34e109c27f86e05958f7231b5577d5475f563fe
SHA2561ff8af284ca20f3dd6c30371ca38fb372453d9382b3cad4a7f7cf5eb800ef1e8
SHA512d0941fcfef34feeebf2ff6f1b0e4515cb35387990f62d83ae807beb8ee6658dc2b7a2e34cc6a0d67a30ca4d1b8f82a269f008396dc7e06e2f4f59a8e3697dcd1
-
Filesize
6KB
MD5d2cef4ec7832078ec006d6ebf44f14e4
SHA1f2fb9d9ffa43f93c323f6637b022499f02fcaaf1
SHA256c34d0453359e6e0904946d7f2ade00c0b8ec88485e6a9402d085161c8f47b311
SHA5120df528caf473bd15633d311655792bb8c436256628f698800716655cca06f91eb47e4e39436acce730422aee3607e45c49bf38121a83e4507237ebbe3c764247
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58ca9a816ade8c62e0488af57a974f312
SHA196d8cce00e12806e9f389a1607b6c0b425ec53c9
SHA256358d47e429438129968ae4c3df2b7f1c8d74fe9ccb94b3aa7bf742762aad75a5
SHA512c3f6a77dfac77ac127bbb57eb161ffdd017b7a06149ec009961ab7c0396bde01d2a9a308238e1679e2dd85b4dd87a9bb31ee9028df1e5457b60748eee47809d7