Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
43s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
30/06/2024, 19:35
Static task
static1
Behavioral task
behavioral1
Sample
Discord-Bot-Client-master/index.html
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
Discord-Bot-Client-master/index.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Discord-Bot-Client-master/installstartscript/install.bat
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
Discord-Bot-Client-master/installstartscript/start.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Discord-Bot-Client-master/main.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral6
Sample
Discord-Bot-Client-master/start.bat
Resource
win10v2004-20240226-en
General
-
Target
Discord-Bot-Client-master/index.html
-
Size
663B
-
MD5
d2a9260c703ff7e2c44039da3af61abf
-
SHA1
bb95faa311a76278c7c01f543c850d43b7ee290d
-
SHA256
0b853078febbdf34f2b2d2681eb475c3fab4139bb46416fa8f69e42672b41d96
-
SHA512
f0b060f7a362060d65cb93dfc5d73ab911d5d86dff466f5db30d06ad756debf9390f1f59cb15dcacdeeff1a86102db4d533d7299f7de348ba2759c82cbb6ea02
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4612 msedge.exe 4612 msedge.exe 4448 msedge.exe 4448 msedge.exe 888 identity_helper.exe 888 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4448 wrote to memory of 1904 4448 msedge.exe 84 PID 4448 wrote to memory of 1904 4448 msedge.exe 84 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 2276 4448 msedge.exe 87 PID 4448 wrote to memory of 4612 4448 msedge.exe 88 PID 4448 wrote to memory of 4612 4448 msedge.exe 88 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89 PID 4448 wrote to memory of 1604 4448 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Discord-Bot-Client-master\index.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4448 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96ea946f8,0x7ff96ea94708,0x7ff96ea947182⤵PID:1904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7379384302197274589,14068723204310525393,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,7379384302197274589,14068723204310525393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,7379384302197274589,14068723204310525393,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:82⤵PID:1604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7379384302197274589,14068723204310525393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7379384302197274589,14068723204310525393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7379384302197274589,14068723204310525393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:82⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7379384302197274589,14068723204310525393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7379384302197274589,14068723204310525393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7379384302197274589,14068723204310525393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:2232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7379384302197274589,14068723204310525393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:12⤵PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7379384302197274589,14068723204310525393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:5016
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4064
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3380
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
5KB
MD501c7cb37e6d8f58917d47dd05bb47baa
SHA1a202aa6374bb4afbcb80b341065c8fac42431fd3
SHA25669699bd3456ef274eac265e76e9033ee263099caf8a53cb2ed1c1268a116a057
SHA512c64781511be9a1023e4e5cb006aa1b7b43f13040929136ce0730d88c06b95ee0b70133c61debc7313d327546adbc924a8ca731d9212b45d20202851177301c9d
-
Filesize
6KB
MD566fe3d4f671cd9d44eedd42d1b1c9bf4
SHA18ccd79ff5820a9f5103de3112f08392c48a19da8
SHA2565b5e8a928e6a104644dd86ce5e68659076f9b8af372434bd111eb1567bc2bce4
SHA512d1c5fc966b89d33efc1fe5f22986c01f9ed56c5631dd09e2632005872a22d3f43af16a5a4d5c29611dfd06bdc633d507c73250a55140b8d91cdcee97d1da77ba
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53f0867eb015191f6448ca979111f1589
SHA17f48c27bf062ed2c0cac92aae296c918f67e04ef
SHA2566b82382040ee5b56b6ce1239e27cf1a1b67978ea118f395a2705e18f576eb64d
SHA5123ffd3c4f4934c5d65745238f5dfa8d2388b174e3f780b5fb969393be74c3ca6b7ae32b24d1c06e1123d6918c5c40a3b40cbe06ef9b4bc15290234cc94ff3b451