Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
26/06/2024, 16:25 UTC
General
-
Target
https://cdn.discordapp.com/attachments/1255165018316476447/1255511838292971550/3CXLoader_.exe?ex=667d6604&is=667c1484&hm=3dfb0e5e516e2709cfc51305ca6edf7d1956e3bcbab56a2d64f29b61a1fd9037&
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1255165018316476447/1255511838292971550/3CXLoader_.exe?ex=667d6604&is=667c1484&hm=3dfb0e5e516e2709cfc51305ca6edf7d1956e3bcbab56a2d64f29b61a1fd9037&1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd1a5f3cb8,0x7ffd1a5f3cc8,0x7ffd1a5f3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4788 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15698162434417079941,15821583588410608078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A -
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNS8.8.8.8.in-addr.arpaRemote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR
-
DNS8.8.8.8.in-addr.arpaRemote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR
-
DNS8.8.8.8.in-addr.arpaRemote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR
-
DNS8.8.8.8.in-addr.arpaRemote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR
-
DNS8.8.8.8.in-addr.arpaRemote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTR
-
DNSgoogle.comRemote address:8.8.8.8:53Requestgoogle.comIN A
-
DNSgoogle.comRemote address:8.8.8.8:53Requestgoogle.comIN A
-
DNSgoogle.comRemote address:8.8.4.4:53Requestgoogle.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNS4.4.8.8.in-addr.arpaRemote address:8.8.8.8:53Request4.4.8.8.in-addr.arpaIN PTR
-
DNS4.4.8.8.in-addr.arpaRemote address:8.8.8.8:53Request4.4.8.8.in-addr.arpaIN PTR
-
DNS4.4.8.8.in-addr.arpaRemote address:8.8.8.8:53Request4.4.8.8.in-addr.arpaIN PTR
-
DNS4.4.8.8.in-addr.arpaRemote address:8.8.8.8:53Request4.4.8.8.in-addr.arpaIN PTR
-
DNS4.4.8.8.in-addr.arpaRemote address:8.8.8.8:53Request4.4.8.8.in-addr.arpaIN PTR
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
-
DNScdn.discordapp.comRemote address:8.8.8.8:53Requestcdn.discordapp.comIN A
No results found
-
8.8.8.8:53cdn.discordapp.comdns
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
-
8.8.8.8:538.8.8.8.in-addr.arpadns
DNS Request
8.8.8.8.in-addr.arpa
DNS Request
8.8.8.8.in-addr.arpa
DNS Request
8.8.8.8.in-addr.arpa
DNS Request
8.8.8.8.in-addr.arpa
DNS Request
8.8.8.8.in-addr.arpa
-
224.0.0.251:5353 -
8.8.8.8:53google.comdns
DNS Request
google.com
-
8.8.8.8:53google.comdns
DNS Request
google.com
-
8.8.4.4:53google.comdns
DNS Request
google.com
-
8.8.8.8:53cdn.discordapp.comdns
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
-
8.8.8.8:534.4.8.8.in-addr.arpadns
DNS Request
4.4.8.8.in-addr.arpa
DNS Request
4.4.8.8.in-addr.arpa
DNS Request
4.4.8.8.in-addr.arpa
DNS Request
4.4.8.8.in-addr.arpa
DNS Request
4.4.8.8.in-addr.arpa
-
8.8.8.8:53cdn.discordapp.comdns
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
-
8.8.8.8:53cdn.discordapp.comdns
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
-
8.8.8.8:53cdn.discordapp.comdns
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
DNS Request
cdn.discordapp.com
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50d84d1490aa9f725b68407eab8f0030e
SHA183964574467b7422e160af34ef024d1821d6d1c3
SHA25640c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e
SHA512f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00
-
Filesize
152B
MD50c705388d79c00418e5c1751159353e3
SHA1aaeafebce5483626ef82813d286511c1f353f861
SHA256697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d
SHA512c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f
-
Filesize
5KB
MD56f240c743cb2efecc96037b0a777ee7d
SHA161e82efa1ec00e464ee56c742861f18783ec5941
SHA256473a3ece3bdfd5d39726c6db3bb9e9911fb043fd64067aab174643cf7c04189d
SHA5124fcc86922425e19a4188b0d381979c0d57f09f49c3d0e2c669f284b52b24450438914463635a4c729ffbd38ea3ea4760644b145ae3dd649a5c8a2dba12176e79
-
Filesize
6KB
MD5cf7bf9169854ad3d652de9250afc1ae3
SHA1939b84e67af0407861a4e5c43582c669be1ff4c2
SHA2567a4cde52a0b223931f65123a3bd8599ce4d5efb48c1b0f3ad7a4e952b5675c7d
SHA51220eeb17288c83567722f9beab903b29dac5c263493867bab16c95b4616b91f1ccf3ce4fbc370adb4faa33015580b38d442ae092a9993c8e8a6587712195b1648
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD547d5eb4903c4c4c3cf912f6e84a55c4c
SHA177d97612587e7671061b76a036913c094d53cfad
SHA256d99577e9c0b634d6875a53208cfbed4ea4cba9e4897bae7c55c656ada19105cb
SHA51212ac788469349f7b5b4d9d5fff0a068763e7941a43c5f91b0ef279910941f081cadebe25623837fb9c879eba85a4eb18c0ddc5f8eb54be9e361cdc3ee944edc1