Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.romhacki...

windows10-2004-x64

1

Resubmissions

23/07/2024, 12:14

240723-pekn5syfql 1

23/07/2024, 11:53

240723-n2aa9avfpp 1

23/07/2024, 11:24

240723-nhnpjatalf 7

Analysis

  • max time kernel
    113s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 11:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.romhacking.net/utilities/598/

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.romhacking.net/utilities/598/
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1120
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c47d46f8,0x7ff8c47d4708,0x7ff8c47d4718
      2⤵
        PID:1988
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2410654559410631559,57548668141398024,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
        2⤵
          PID:4712
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,2410654559410631559,57548668141398024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:60
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,2410654559410631559,57548668141398024,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
          2⤵
            PID:3964
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2410654559410631559,57548668141398024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
            2⤵
              PID:4024
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2410654559410631559,57548668141398024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
              2⤵
                PID:320
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2410654559410631559,57548668141398024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
                2⤵
                  PID:3872
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2410654559410631559,57548668141398024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4892
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2410654559410631559,57548668141398024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
                  2⤵
                    PID:3024
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2410654559410631559,57548668141398024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                    2⤵
                      PID:3672
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2410654559410631559,57548668141398024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
                      2⤵
                        PID:2100
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2410654559410631559,57548668141398024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
                        2⤵
                          PID:3948
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,2410654559410631559,57548668141398024,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6020 /prefetch:8
                          2⤵
                            PID:432
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2410654559410631559,57548668141398024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
                            2⤵
                              PID:1700
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,2410654559410631559,57548668141398024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1388
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4004
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2456
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:4728
                                • C:\Program Files\7-Zip\7zG.exe
                                  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\[598]xdeltaUI\" -spe -an -ai#7zMap9153:88:7zEvent1698
                                  1⤵
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of FindShellTrayWindow
                                  PID:628

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  bafce9e4c53a0cb85310891b6b21791b

                                  SHA1

                                  5d70027cc137a7cbb38f5801b15fd97b05e89ee2

                                  SHA256

                                  71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00

                                  SHA512

                                  c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  a499254d6b5d91f97eb7a86e5f8ca573

                                  SHA1

                                  03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1

                                  SHA256

                                  fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499

                                  SHA512

                                  d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  288B

                                  MD5

                                  cc209bec739522333b35393fd0be5a74

                                  SHA1

                                  5fd745fba7e7118034f48c6772797d11a90209ac

                                  SHA256

                                  c63db8e6533fb161886a2d0120738122fc1ef332b793111a168e64f58e533d9f

                                  SHA512

                                  7a2d83f45320619b37baec263e656e3fdc52d2b598770c0ebf25c62ee7587a7187439340b23f435e1f53477f85d3a41a0268df07ec76ef729748d3a8c5d2d1f8

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  192B

                                  MD5

                                  50ddaca1d79a6aa3f2d487f5dfdeef87

                                  SHA1

                                  55a7022dff390ea077af25a0f7ff4577811875ea

                                  SHA256

                                  00c6de63133e683a622d4dc8260915ed2aa515903f7b5df9a319055213537cee

                                  SHA512

                                  97c1f93205ed42b266e373ff34a6ba0163807c2175cd77a5adcb38373ce002bafc0beda16e1f0752e7c93926190d6081d39034b337a4b9cfaf4406a17241c5fb

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  794B

                                  MD5

                                  d7f30a361e5b01a8a73378aadea20d8f

                                  SHA1

                                  40de72d37cdfb870c8f1936491267715f588e70e

                                  SHA256

                                  e40290de04b11b28e2b83c3fdce7ebd44976ea7798ddf3a3167b8b9a11b68e1d

                                  SHA512

                                  d642ad1a2a6083962f3f60909941bbfd0f4ea94eb7c635da4476b679497f1f8dd799ec59888e2056cfdeb7fa9a4ddc0c68a270d9d611e2febc2ab3aad19ec6fc

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  d61c12a072ff8d145e2c985c358d1837

                                  SHA1

                                  26c25bd4b76800e556b47651aeab17e3ddd74597

                                  SHA256

                                  b2a25b62f7e7f59fcbf2083fe9a2911c566ecacb86da1a250f51b280198830a3

                                  SHA512

                                  6eb4147689f3a86ffb56ed0b707d604fb5b7a45a2edb0324532bd7047672d0b621d24716340735bb031fb0476aa550328d5b31c7185c338a49eb32cb6c88cb6d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  e3bbdae6eb17f8ab8f224dc8fdfc3a04

                                  SHA1

                                  8d6aa42ce33e3b82efae0606801d074543600446

                                  SHA256

                                  7dce07713d2c359ce22e55e08969f9dd3c60ca8b8b55f231607a689d35916b6a

                                  SHA512

                                  54baf14c9e89fd8588ce30d5756212736724076830a52ddefa4547a1060f32544494a40feb9961ce0cc20283d4b32e4336fc313a36e403ce8144b848ce5bd3b2

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  1f713037510b1a0b69860ca927e61bb8

                                  SHA1

                                  40e85154d8a4b3e6be96767dccd4e343c146a90f

                                  SHA256

                                  375cc7b40fc121e07f1e8e37c4a0a88f49724f8ffe908d2f422dfefaa94852b4

                                  SHA512

                                  cd68e69712917787e25ec544a777c54c0895bb80ed4a80528ab7dc4dd7ca252fea7996ea15915fed89b53de7fa451b65dda4954112354f45f151f5b5e8109e6f

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  7f1b0c481d378af3cd6381fe6b5ac29c

                                  SHA1

                                  3df4102b2a688df57575bb70bdb101dd68ae8e2a

                                  SHA256

                                  de3b04f5201f9ca89d5478409421f0e64de6d3021be705b4592c63ff698159c4

                                  SHA512

                                  3a09fb50d8a52af64117aeb44514daa42d9ede095c6f38880e805a058f27ef48b7ae3a63284f835b089311dcdcbed2a36268ed8f29c0356c8c069c29f2bf4faa

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  c2f5a04ad2abedde3a7af119c7115fce

                                  SHA1

                                  6c1c874e659674c8fbfc252a8b86a3a7689f5495

                                  SHA256

                                  dd8ed6a6a37b3cf0462f422bdaff8b57e64b0061c7dc345af4140bbf0a7b00f6

                                  SHA512

                                  69643df8732e3c5dfa009d44a863b5ab8638dd7079bffc03aef4bc3e18ad96f2eacfb04b368dd33fafa4ad84645ed471d0cbd07cff767fe2d5fa40bbba8bdaab

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  12KB

                                  MD5

                                  32377674c1515acc3f0998b54b7dde42

                                  SHA1

                                  f60734ba84e147bccb7d763612ce759a396b4018

                                  SHA256

                                  9803435524d448002048e29d940dbf5901fc6fb72c202611680d519a8db0b809

                                  SHA512

                                  55463273361aeac293f234d3695593863ecf6ad20ccf75d0327f9f848060a54c7276d05a2217d95c6d0f196657cef9cb378195d4fde02901da8359e05f9a5a78

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                  Filesize

                                  2B

                                  MD5

                                  f3b25701fe362ec84616a93a45ce9998

                                  SHA1

                                  d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                  SHA256

                                  b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                  SHA512

                                  98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                  Download Submit

                                • C:\Users\Admin\Downloads\[598]xdeltaUI.zip
                                  Filesize

                                  250KB

                                  MD5

                                  75df280de6cf6e81032084008c36190e

                                  SHA1

                                  6f6ae8cce69413ae964c4d5339197021a505cb67

                                  SHA256

                                  5b7450a02e7bfa9ea0ea647f75f35b7833595ee5ca977fc3e628e27681cdc1ec

                                  SHA512

                                  b940a124d89e6bcce7306f4eb408cb1b3b91673bfde7528b9baf49169f1fb80f796110ab0b67ed404d7d290bab2abab09cd2e999fd03905e550c1e8e23665ee0

                                  Download Submit