Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
08/07/2024, 12:24
General
-
Target
https://www.youtube.com/redirect?event=channel_description&redir_token=QUFFLUhqa3JqbEJvejl1Q1YxUnFSS3EtYkJHRG9Fczk0QXxBQ3Jtc0tuNWIxSHdjTGVVb3NOdUVWOUl4NXpHZXBDTGROV3NlaGktSXpiNjZhUzFSYnVPM2VmQUtGUU9pS01kWG5faXQ3V0xxV2Nwb3Q4am1XY1diTHpHSkVnVm16bDNKX2x2cVB5eGs4bEpXR0drZ3NFRlo4aw&q=https%3A%2F%2Frbx-fueb.blogspot.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=channel_description&redir_token=QUFFLUhqa3JqbEJvejl1Q1YxUnFSS3EtYkJHRG9Fczk0QXxBQ3Jtc0tuNWIxSHdjTGVVb3NOdUVWOUl4NXpHZXBDTGROV3NlaGktSXpiNjZhUzFSYnVPM2VmQUtGUU9pS01kWG5faXQ3V0xxV2Nwb3Q4am1XY1diTHpHSkVnVm16bDNKX2x2cVB5eGs4bEpXR0drZ3NFRlo4aw&q=https%3A%2F%2Frbx-fueb.blogspot.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f52046f8,0x7ff9f5204708,0x7ff9f52047182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8764512157759022302,8742057066750124490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e1fe3a26bd35b84102bb4203f31e74c7
SHA145fdfa8433789b575eb64e116718e62e0e0cf4a0
SHA25626e0d51529de906dd285ba48288e25eaf5213c0f0bab9bc5f119ecbc5e1b93ee
SHA512d528db2e9b917d4fbe24b1b5c6f4cb274f4f91c84f63e5119e041fa89ae0cd01a370e314f8b6aca9d6fa958e79feabc720f4b54b3d8aed69aab11fa84cad36bd
-
Filesize
152B
MD52915233ace3b11bc8898c958f245aa9a
SHA168c6aa983da303b825d656ac3284081db682f702
SHA256b2cb442f2ca27619c8df087f56fcbbb53186c53f8fd131af886ee3712220477e
SHA512e3f1b70d39b615e212f84d587ee816598236ee6ce144d919593894fcce4a0900343a9e8b837a0d1bd10921fff1c976c84c4a570eda776fe84d374a69e7a54890
-
Filesize
624B
MD543467296e0b3eafc7a160dd2fed58e78
SHA1c21fe45b959693bd9d78f505c3e8d6d14a298c31
SHA2563fb78781a54e9f820745f4dec950f9634a428bbac137ad1ffb5b71166fc62e8d
SHA512d4deebbfab17888effc4a20fb75e5b94f8081c722ec20a05469e8b58048a74e7f41963d0c5ab14b478f6185bbf1e002d22d076124b71b419e188373e88cce7b9
-
Filesize
264B
MD5a70f7d115d67089b4890eddd006a39e7
SHA1f38af8c5ce926901407e42b26bf0fe75a78cadc6
SHA256af4af12400964ecee7a12df840a85770173b7da453ed5e8db0eecf8fd9b5b6e0
SHA51238cdf9966d0c4172b6305a270066b616fea72d382bfd9d33d3f7d9f273ed2402a243d97540fa6c99cb9057e52006016ee8fa203307b52da5ce7b74e249ba2360
-
Filesize
4KB
MD581acea5eb4f220924a873d59f0981d1d
SHA123e0e1352574ff59aeb59882da344793778dd6a0
SHA256fd930e5d3a49265f0120e790deb7bebb70739df200c21ea4b232c12416172dc6
SHA51295285fcbeaaea0573116fcb7de2b697b7dbc7ff145e443053056aab5d52ea79b09e3381d8058b40ef29e892aa66f33c402776241136f475a92f96a7717436c11
-
Filesize
6KB
MD5130f97b168f38d4ae0a8c5b2881647da
SHA1912b64c4345298b55d9495dcf0fcb9530ebf31b6
SHA2568e1d69e913b602517d7aba0e6a5c9b6c9e92232dead80ce6732967b58e8e0d1a
SHA512fa2b961061b58aa6e9dc06a58c656318a0158f6fdd441b106d43afbf27ab7a1553b00561b41e302de11cc0c4026c08e06e800d9330fed0dcd93f3742a3420db5
-
Filesize
6KB
MD51c8799a2cadc1e0d5ec19659c5672e17
SHA1bef3f91385118fe25c8f4df7f99544769174e060
SHA256da70f1e2338eafbf50813b8cc45217af7883a7345b0dc3062be73a3f221ec6c8
SHA512b56f3dc4ea5b0339652e010c88d8fc7a2e9b55eba6e6ef7b2d6f650f27b9799c7d2f9b223ce9b14c8231ca98eb79ffa9bb5b0e1aeb141b559cb46a95416eefb2
-
Filesize
7KB
MD50ae5af619ca2229f1637a9b964d48b45
SHA18c99fcc94c04e983a14d11127c1080f75d3b1fdc
SHA25691d80ee9952cf98072a9bddfc7afbfaddc6ebd10ff712af3952cee50f9923879
SHA5124b543bfb25e0913af322f7e24ef44a8d144bba26af8f55459d323f1bfeda47ed4fe387529b85bfd8c17710e8ded12c7193465a39b321ea3196570a27a7552d51
-
Filesize
7KB
MD5d5181b6dfa0e7697220a78f71fa89413
SHA10320deb36a6b6e03e3d7409696e18ab8059e46ee
SHA256ed146dc7d14e7de731c9daead59274fbafa879dec31f38a7ccce523aa90d3f3f
SHA512ddf0aeae6a280860c7bc7a14f8c916c492ca2e733a59e673d4b5398825468bc0174e25a61af633c74821c0a7a0823ca0432b04c26eb673ba80107feb3e995231
-
Filesize
99B
MD5bfb853ae7d80d0fce0c22b2ef14d6cbe
SHA18b04c36e4fbd6b45d54c1e27b77fb7b832f4acc5
SHA2565566be2b51b33ab71ffab66670b7c14ed7802fd576b54e40d8c7c77e22c58661
SHA51257661794d46a3d320acaa77eae0853810d44bc2c673b593b3671f5ce2521af555aa98bd8df0735d7a788ab46fc7f25b97c3f0c69038bfe11a3fcde20c71ce8b8
-
Filesize
35B
MD5343859b4ad03856a60d076c8cd8f22c3
SHA17954a27de3329b4c5eefd4bdcb8450823881aad6
SHA2568c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f
SHA51258014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254
-
Filesize
1KB
MD547ebb4484fdd9a72c5c55311d5d98f26
SHA1683c2ba41c6cb8ffd8b7b14217a34d6863a201ea
SHA2564109493ca7d12ea3265d0da835d9ffa662c6a858e52b569f5a2f9c3153c63eb2
SHA51277b7425434c23317ff4c8c16e1eead325d7be3df6fa0cd457298194db4e0a1f7ee8e4875b767d40332cb7c89c3a3b9f0c6944a6b88278bb936da608ed352d8c7
-
Filesize
1KB
MD5758d740b99b3939ce89c331a036bf8d8
SHA1604261b29b2eaaa96738ddb528ae63544fdb564c
SHA2562cbb4690cc59f4cf8d9217970a8ed8b35587cc0b819b565fb7e5af1512e5ffe2
SHA51256020b95bea0379444701ee6d5afbeb65efe98f983e28a74d380fa0dfbd11cbd8e3ca930c498e21b6431f3cd3619a9a8f1d755816ba66dc651fbd62d5dd21535
-
Filesize
204B
MD53b734eead9df9ce1bfe0cb673eebcf7b
SHA1b151ff564db666c2d9b9b2b7569b2866dc977620
SHA25640df581a605a68e21d48bc957f7f3f434472c452331147ee6f564f9bdaa4ffe8
SHA5123f61b0c000ee79af384ab8f37b27f5c1c2110c439fe97d0ef2f5868960209d2aedecd1f94858e57d211f70b8869a3511c32cc2746ed2cc33495d37b9f4ae7d16
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD579e382c591c341209741f55c2e8c6f89
SHA1e52856009dd975983d560ab54bba98101b9f822c
SHA256cf886bb78571f6b435bccbad933e6515820603ae1f45f31d00550e0bd74ebb29
SHA512bf10aa5c46b94fd69c7e62d5e3a26823a28677ebfbdd5cc561a737005bbe07d45fe33b07e23dc1ca5a2c754846e42a431293f9ba62b5882a338fa0683d7211ab
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84