Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
-
submitted
11/05/2024, 09:50
General
-
Target
https://thepiratebay.org/description.php?id=16076637
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://thepiratebay.org/description.php?id=160766371⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc50583cb8,0x7ffc50583cc8,0x7ffc50583cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5904 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6216 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6356 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6916 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,3339876810174333875,9347634282032320574,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2612 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
330B
MD530d6b8ec9bb25405ae7ff9ce8553da6e
SHA1079913bd2964278b45f93a054fc8f53e3435bf59
SHA25632aa7973f39cd66ae52808f11d79aefcc16c0ce9dd3e8185b3989e462c11dffc
SHA51220ddda88c1d151e3934c3c78ce181a220dc52e1eeeb586d5e1caf938c9a42e6a2ec4ff1421b0dcebeba024d34400b2a26e102023b4ab813686a2b66e0c9d683b
-
Filesize
152B
MD5de47c3995ae35661b0c60c1f1d30f0ab
SHA16634569b803dc681dc068de3a3794053fa68c0ca
SHA2564d063bb78bd4fa86cee3d393dd31a08cab05e3539d31ca9f0a294df754cd00c7
SHA512852a9580564fd4c53a9982ddf36a5679dbdce55d445b979001b4d97d60a9a688e532821403322c88acc42f6b7fa9cc5e964a79cbe142a96cbe0f5612fe1d61cb
-
Filesize
152B
MD5704d4cabea796e63d81497ab24b05379
SHA1b4d01216a6985559bd4b6d193ed1ec0f93b15ff8
SHA2563db2f8ac0fb3889fcf383209199e35ac8380cf1b78714fc5900df247ba324d26
SHA5120f4803b7b7396a29d43d40f971701fd1af12d82f559dcfd25e0ca9cc8868a182acba7b28987142c1f003efd7dd22e474ac4c8f01fe73725b3618a7bf3e77801d
-
Filesize
26KB
MD5191cd87d59bcfbb734fca7bb92bbc245
SHA130514c4b000361fe9319ebbb84d5cf93b9b0a82f
SHA256cf07e157a37761abad2d2ccf9385f5023fca4dad5a3594c6832274a1b5823c9b
SHA512a72b2bfe8e6ba1fb307f4d89c1a38070261d315d36f12726c22b77fa90171fb28d6f62b112dcaad521aa09e89990ff810c363fa79e2e75b48329ddded879dc4a
-
Filesize
480B
MD5f1ef04bba81802451dbb38652af3da90
SHA1bf3e9b1311246c987503c7265953dc76cfbadd90
SHA2564cecab668b8db321ab67e9115f9193ff16505b61a6f66b1f977344fd68a18932
SHA512e801951a4d845b9c65ca1b67ea32481627c17ffb3d38cab56e7833cf2ad7d6117e8e45bd2ffb0774f539b8188d1ca2a5721a17ed34a306e67327a8aa8a39eb8d
-
Filesize
2KB
MD543e9c647bf13ef158a96c572b96c5900
SHA1d6e85b3fce14683b257125af142e80158b3d9d8d
SHA25691f10926a53ac6cb52518835f121deda0abcbd78ca710c3b25ae4c3b83a96089
SHA5123821b06736b17f9e9ca78cf7c1177fbffe1718c76c55651f805448ca31cb4b348de4c8b7887ac5651b8e13abd91058d19beffa58e1b48a8d2dff3300088151cd
-
Filesize
3KB
MD5116511a04f2c512e761ce617e7a22d21
SHA19d28f950282ddae54a2e00f78a9bb011ccc8d00e
SHA256cc710251e2570efae1ea802e48b1aa25d9e8a28702c0a31e3eaf4025e3e9fd18
SHA5120cbc983181d1bb0406a6c152f42afe5e3364cf0e521070ffcc1a6e170e8dd2b4ac3fd845867ac8d7d974b7ce84eb71638e3d3e676cb445c4374c0287477ebac6
-
Filesize
5KB
MD533c2d2c5d17b5163274d75bd995d6bfd
SHA134e42a72456dc4a6931141e03c1d204aac983087
SHA2560277448b9b89edbb1a117f33bd8e19db94a7f532e0ae04ab64bdcde030d51b75
SHA5126a719ba17203dcf3cf59d549fb2f44504d43fa5835141a7cdc5be10c474b867db2ec1c76a12c75eebef3986d71f540fd6d8235343a80efcb27b5119057351153
-
Filesize
6KB
MD521adef0f0e23f4c4777e9ba44eea80d7
SHA1e0f213247a5bf95df7295e8f31a6e964b51a63c3
SHA256496cddb81b07fa27fccd511e9dba09dede664564c916ea475533240941c6be4a
SHA512be7a15e5345333b52d6e50702dac10581424124ad6a594aff1b300c405754a2b2220300cdea055427860d4afc20d15bbe55c3f95a667d9b0ed411448ef2bb9c6
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
96B
MD526a9db8bfeff5d0d3263dfc909c84beb
SHA1ae5f0d7431537bc76ba3803587719c5db9db0bfa
SHA256ddb0ea224edcf774b82ada50fb1938aa7375483e38ee4e5a1cec26c01eac2660
SHA5123d0d80d6c7e9772c4032ed6aa3283168e4c09855b79722857a7386bfbd3763143c63eaa61d0e3478a6302f45d605eeb65a49f8ea3fe831c7ddc7b769c217e1dc
-
Filesize
48B
MD56b5664c3b70904cd3a4d6f5ea1922f46
SHA1185762649377b457873ee860c59b804df8da423a
SHA256ebed5dcffd9a59f0d1bc1ea1a771c2af59b644af05b1ff4d2d65c9b1d92a89fb
SHA51229f6189e1f0a80bdcedb8ac5bde886c364efc452b7b64772a3cf1855f8a5ef14b6d1dcda9e81516ac8d6b7eacbddd0e3032164b9f9f87ee6e986cefa60124962
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
11KB
MD5a40e953a6f10c9ca2fd601565fd0dc6d
SHA15da00e45929583f7eb163e8ef45b3f0c0a9d36a7
SHA2562e8a176c4111e730c5ee87cc02e8d1d36f8693c8b93e2adcdcd4c57d6410bef8
SHA51258f0e9292928c688c2f518b7350063aa2530b01648b68fcb068fa0dafaa998e95b2e7f6ee48527ce718069f81e656f3716cb16d66af7ce76ee9fa59cf83d546d
-
Filesize
11KB
MD54b014120790928c675165688b3d74eeb
SHA16f72d70c8a1c7408ce107a718644a59007c57e2e
SHA2569816455acfdb53c3c9c894adc57b9c7a9ec7d77795bc71c5300baa26df22a780
SHA512e62ff7620cb27a3b353379a5f3bbcfbf3b1719514964bd99a1ebc5fe12319a44e106bcaa8fe5be7917a33df98402577388f994818bc3bb9fa498f23e9d3ab2bb