Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3Silent Cli....8.exe
windows11-21h2-x64
$PLUGINSDI...er.dll
windows11-21h2-x64
1$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...ll.dll
windows11-21h2-x64
3LICENSES.c...m.html
windows11-21h2-x64
1Silent Client.exe
windows11-21h2-x64
3d3dcompiler_47.dll
windows11-21h2-x64
1ffmpeg.dll
windows11-21h2-x64
1libEGL.dll
windows11-21h2-x64
1libGLESv2.dll
windows11-21h2-x64
1resources/app.js
windows11-21h2-x64
3resources/...r.html
windows11-21h2-x64
1resources/...ter.js
windows11-21h2-x64
3resources/elevate.exe
windows11-21h2-x64
1vk_swiftshader.dll
windows11-21h2-x64
1vulkan-1.dll
windows11-21h2-x64
1$PLUGINSDI...ec.dll
windows11-21h2-x64
3$PLUGINSDI...7z.dll
windows11-21h2-x64
3$R0/Uninst...nt.exe
windows11-21h2-x64
7$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...ll.dll
windows11-21h2-x64
3$PLUGINSDI...ec.dll
windows11-21h2-x64
3Analysis
-
max time kernel
145s -
max time network
155s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system -
submitted
21/07/2024, 15:37
Static task
static1
Behavioral task
behavioral1
Sample
Silent Client Setup 4.1.8.exe
Resource
win11-20240709-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win11-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20240709-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/WinShell.dll
Resource
win11-20240709-en
Behavioral task
behavioral6
Sample
LICENSES.chromium.html
Resource
win11-20240709-en
Behavioral task
behavioral7
Sample
Silent Client.exe
Resource
win11-20240709-en
Behavioral task
behavioral8
Sample
d3dcompiler_47.dll
Resource
win11-20240709-en
Behavioral task
behavioral9
Sample
ffmpeg.dll
Resource
win11-20240709-en
Behavioral task
behavioral10
Sample
libEGL.dll
Resource
win11-20240709-en
Behavioral task
behavioral11
Sample
libGLESv2.dll
Resource
win11-20240709-en
Behavioral task
behavioral12
Sample
resources/app.js
Resource
win11-20240709-en
Behavioral task
behavioral13
Sample
resources/assets/updater/updater.html
Resource
win11-20240709-en
Behavioral task
behavioral14
Sample
resources/assets/updater/updater.js
Resource
win11-20240709-en
Behavioral task
behavioral15
Sample
resources/elevate.exe
Resource
win11-20240709-en
Behavioral task
behavioral16
Sample
vk_swiftshader.dll
Resource
win11-20240709-en
Behavioral task
behavioral17
Sample
vulkan-1.dll
Resource
win11-20240709-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20240709-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win11-20240709-en
Behavioral task
behavioral20
Sample
$R0/Uninstall Silent Client.exe
Resource
win11-20240709-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20240709-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240709-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/WinShell.dll
Resource
win11-20240709-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20240709-en
General
-
Target
LICENSES.chromium.html
-
Size
6.5MB
-
MD5
180f8acc70405077badc751453d13625
-
SHA1
35dc54acad60a98aeec47c7ade3e6a8c81f06883
-
SHA256
0bfa9a636e722107b6192ff35c365d963a54e1de8a09c8157680e8d0fbbfba1c
-
SHA512
40d3358b35eb0445127c70deb0cb87ec1313eca285307cda168605a4fd3d558b4be9eb24a59568eca9ee1f761e578c39b2def63ad48e40d31958db82f128e0ec
-
SSDEEP
24576:d7rs5kjWSnB3lWNeUmf0f6W6M6q6A6r/HXpErpem:rovj
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 1324 msedge.exe 1324 msedge.exe 2296 msedge.exe 2296 msedge.exe 5008 identity_helper.exe 5008 identity_helper.exe 780 msedge.exe 780 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe 2296 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2296 wrote to memory of 228 2296 msedge.exe 78 PID 2296 wrote to memory of 228 2296 msedge.exe 78 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 4716 2296 msedge.exe 79 PID 2296 wrote to memory of 1324 2296 msedge.exe 80 PID 2296 wrote to memory of 1324 2296 msedge.exe 80 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81 PID 2296 wrote to memory of 3984 2296 msedge.exe 81
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2296 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe38d53cb8,0x7ffe38d53cc8,0x7ffe38d53cd82⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,6765719494289715287,4594979748536951738,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1720 /prefetch:22⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,6765719494289715287,4594979748536951738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,6765719494289715287,4594979748536951738,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6765719494289715287,4594979748536951738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6765719494289715287,4594979748536951738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:2656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,6765719494289715287,4594979748536951738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6765719494289715287,4594979748536951738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:12⤵PID:1108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6765719494289715287,4594979748536951738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6765719494289715287,4594979748536951738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:1352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6765719494289715287,4594979748536951738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:2756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,6765719494289715287,4594979748536951738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,6765719494289715287,4594979748536951738,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4964 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3324
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4796
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1236
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5caaeb604a99d78c4a41140a3082ca660
SHA16d9cd8a52c0f2cd9b48b00f612ec33cd7ca0aa97
SHA25675e15f595387aec18f164aa0d6573c1564aaa49074547a2d48a9908d22a3b5d6
SHA5121091aa1e8bf74ed74ad8eb8fa25c4e24b6cfd0496482e526ef915c5a7d431f05360b87d07c11b93eb9296fe386d71e99d214afce163c2d01505349c52f2d5d66
-
Filesize
152B
MD51fe10b6cb6b345a095320391bda78b22
SHA146c36ab1994b86094f34a0fbae3a3921d6690862
SHA25685a627e9b109e179c49cf52420ad533db38e75bc131714a25c1ae92dd1d05239
SHA5129f9d689662da014dfae3565806903de291c93b74d11b47a94e7e3846537e029e1b61ad2fad538b10344641003da4d7409c3dd834fed3a014c56328ae76983a2a
-
Filesize
5KB
MD55dd8863d9f643a690e9a03aff16ab70d
SHA123de2553ae8c41796b7d519a94566e1f931eae73
SHA2562c8b48ab9da17f80ca457f7e9b0c8a7509c45c64478ec72c0e9bb3cdaeb814e2
SHA512174836ec9ea5ee1768136aabad4c349ed319bbcfe8bde110f1517cf132580995b256b7a997d3734227e25c866aa5aded7f5393d1729ebd3fd2a5720645af8b1a
-
Filesize
5KB
MD5c808aefcc212d06b6651829f05b24333
SHA16cb42cba11f2c4d6653dbf70fbc8786f18b8389d
SHA2566fa59c08918f35f110865a51be1d45b30bdba6de8e3fe3c00985a47c165b24e2
SHA5127dbd44eb33b451f8f4cf1cbfe5744c41e58dfac11918d3a6c8d164354f6c70e8756339f14c0e1ff5e235f47f845848c13a480198e33aa20861c62a7a949684a7
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5220a77b5d0dac63c07d710a5637b02d7
SHA19e409fdf39c8ace3f2388cec4b097b1ab10d6e3b
SHA256bb027e5cbf04fbda3a61cd808510bd989ff77f435c330f6cb9feddcca5c5d51c
SHA512ea6cd691876bcbcb92bc8940693a1eaa7ed289be9ff5fc2dfff73813d08bee3435d2cf3c3a7688e85cb514bb89cba811fd7ad5495456d6f025c8e7063125af2b