Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

URLScan

urlscan

1

https://tria.ge/subm...

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2024, 16:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://tria.ge/submit/filehttps://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fclick.pstmrk.it%2F3s%2Fmarryatbali.com%252Fdev%252F%2FEUHQ%2FBl62AQ%2FAQ%2Fa302f891-2db4-4f14-bea5-1efcc42403ec%2F1%2FTyi7dmshyC&data=05%7C02%7Callen.deary%40openexc.com%7Cf85580d919d74caa8c5708dc99d5b157%7C7f5af38288ba4c7f8d8e55d2ada242dd%7C0%7C0%7C638554391044355794%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=dnBQ1ih9te4hZQ6nhcGOTsWqB%2BFNJnvt9Fb6i9LtkHk%3D&reserved=0

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/submit/filehttps://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fclick.pstmrk.it%2F3s%2Fmarryatbali.com%252Fdev%252F%2FEUHQ%2FBl62AQ%2FAQ%2Fa302f891-2db4-4f14-bea5-1efcc42403ec%2F1%2FTyi7dmshyC&data=05%7C02%7Callen.deary%40openexc.com%7Cf85580d919d74caa8c5708dc99d5b157%7C7f5af38288ba4c7f8d8e55d2ada242dd%7C0%7C0%7C638554391044355794%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=dnBQ1ih9te4hZQ6nhcGOTsWqB%2BFNJnvt9Fb6i9LtkHk%3D&reserved=0
    1⤵
      PID:3960
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4436,i,17949988676391029604,13756926835471203788,262144 --variations-seed-version --mojo-platform-channel-handle=4684 /prefetch:1
      1⤵
        PID:760
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --field-trial-handle=4116,i,17949988676391029604,13756926835471203788,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:1
        1⤵
          PID:4660
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5292,i,17949988676391029604,13756926835471203788,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:8
          1⤵
            PID:3452
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5312,i,17949988676391029604,13756926835471203788,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8
            1⤵
              PID:1184
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5984,i,17949988676391029604,13756926835471203788,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:1
              1⤵
                PID:4516
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=4112,i,17949988676391029604,13756926835471203788,262144 --variations-seed-version --mojo-platform-channel-handle=5948 /prefetch:1
                1⤵
                  PID:4560
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5348,i,17949988676391029604,13756926835471203788,262144 --variations-seed-version --mojo-platform-channel-handle=6328 /prefetch:1
                  1⤵
                    PID:3504
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                    1⤵
                    • Enumerates system info in registry
                    • Modifies data under HKEY_USERS
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:2536
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x240,0x244,0x248,0x23c,0x218,0x7ff9be9d4ef8,0x7ff9be9d4f04,0x7ff9be9d4f10
                      2⤵
                        PID:2740
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2324,i,473132181694681993,15523872801582531686,262144 --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:2
                        2⤵
                          PID:3788
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1968,i,473132181694681993,15523872801582531686,262144 --variations-seed-version --mojo-platform-channel-handle=2848 /prefetch:3
                          2⤵
                            PID:760
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2344,i,473132181694681993,15523872801582531686,262144 --variations-seed-version --mojo-platform-channel-handle=2968 /prefetch:8
                            2⤵
                              PID:640
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4600,i,473132181694681993,15523872801582531686,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:8
                              2⤵
                                PID:3956
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4608,i,473132181694681993,15523872801582531686,262144 --variations-seed-version --mojo-platform-channel-handle=4652 /prefetch:8
                                2⤵
                                  PID:2820
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4656,i,473132181694681993,15523872801582531686,262144 --variations-seed-version --mojo-platform-channel-handle=3448 /prefetch:8
                                  2⤵
                                    PID:2580
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=760,i,473132181694681993,15523872801582531686,262144 --variations-seed-version --mojo-platform-channel-handle=4548 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4336
                                • C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"
                                  1⤵
                                    PID:4304

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                    Filesize

                                    1KB

                                    MD5

                                    901a736d4f8327c35f21e9d2d0a29f70

                                    SHA1

                                    892724e6c535337f47a3f2b1507ae518f32d7ef6

                                    SHA256

                                    df0ca554fd318646a4a08a6107b6910828f7a0c5a5d91e37f5783518c78ff5ad

                                    SHA512

                                    6855b52612f6ae80da987605dee9165612b7c6a0592f87b972f585c7a8860b77264df7786d952b7ec3143657b4593e6de67427ef441ddc0371cdac3fe28348b1

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                    Filesize

                                    40B

                                    MD5

                                    20d4b8fa017a12a108c87f540836e250

                                    SHA1

                                    1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                    SHA256

                                    6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                    SHA512

                                    507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    fe7030fd7d15398f0dad05e3546499ed

                                    SHA1

                                    193757921f0943cf743c10532173ecbb5a09ba96

                                    SHA256

                                    61c93a065496094878ef17f6267070b67c2a008858ad54061019444846fdf6f6

                                    SHA512

                                    928c3baffebce21cab431e4b6e77441e16ad5d929b5a2cf9ff54fb5a690f6708de4e46219ca5ec033b8af96192863ec08b4cf86760aeb0fda6d5741608a6c82d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                    Filesize

                                    30KB

                                    MD5

                                    293733b4628c39df4b9d271cff753c8b

                                    SHA1

                                    9298d3d5fd4eeafc7edb0cdc17fe98f1309a67fe

                                    SHA256

                                    d26ca7f21e5353b5c61d4c48cda2fd042281f19847a7f07359c0d1517167de10

                                    SHA512

                                    ea55a8f778111d349ebb6dcb9a85185fb8cc854cb39eca5c3695cfda795159a6e19af05e13a6c8d0ab8151c1bf5dafec2637ee546a8ce7e3e0f93a58ccea974c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    54KB

                                    MD5

                                    3f5222e846cdf20e5e00bfc8163bb1b7

                                    SHA1

                                    182fbd68f97b331cef3eb946097799bb3c5f8859

                                    SHA256

                                    a6a022b192e3409677c1a46419ec85c2f9678747bfa0ee2eb246ff95cb5d0cfe

                                    SHA512

                                    43eeb087c93a671dc3b2124b6b3a34a3f4b5e5a922cc622a08c2a04e635881767d23d8765d3bcdcea88ac7a99a11a013f284e0856c40501107dc3bea264c2e7b

                                    Download Submit