Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

STAPI.dll

windows10-2004-x64

3

Resubmissions

27/07/2024, 02:47

240727-c9yg9ssdql 3

27/07/2024, 02:46

240727-c9e1xssdml 3

Analysis

  • max time kernel
    66s
  • max time network
    77s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/07/2024, 02:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    STAPI.dll

  • Size

    25KB

  • MD5

    9d531a513b01a87a1f9a807a651ec6c2

  • SHA1

    167a8a5b8a4781ffce9501fbf940001f94139b07

  • SHA256

    48cf62c11ab607f5eb413b683860b227a596e72f030dd671bccf3cab568c9803

  • SHA512

    be81fe19d2acf7f8b34d1c230c8abd140ff3e4fa06c13555db38806d1760bd517c9ec80ba58cc5f053ad789868f5d07b9878d6f3188ba1bec154ee7266f88614

  • SSDEEP

    384:PD39f1l7fgyJs/BmoIJgm3/BmoI0BG+9mEaoCOepbyPa69a+5TfCCJi1XowRV39g:PDtf1lsyJy+9Oo5epbIr9lk5RRL2

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\STAPI.dll,#1
    1⤵
      PID:3364
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\RevokeDismount.html
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1744
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef8ff46f8,0x7ffef8ff4708,0x7ffef8ff4718
        2⤵
          PID:3060
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,12725223695655635005,10463751056531931800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
          2⤵
            PID:3688
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,12725223695655635005,10463751056531931800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4584
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,12725223695655635005,10463751056531931800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
            2⤵
              PID:1020
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12725223695655635005,10463751056531931800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
              2⤵
                PID:388
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,12725223695655635005,10463751056531931800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                2⤵
                  PID:404
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4464
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:4828

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\393c7aa9-6e27-4e7c-a306-1e4069bbbf7e.tmp
                    Filesize

                    10KB

                    MD5

                    143d135fdb6140ba48501e8d5a8dd586

                    SHA1

                    fc6ad2e6f8d7fc764d8ae26570336b5dfa9ad197

                    SHA256

                    22855a65be73b3785b81304f1300c35edbc6124bddc617245372c46ef9eeba89

                    SHA512

                    f24f6fbe1fc70cb923857d9ededca75e408cbb68c23f577d5dc430ca398aa9f2ec5b91cc9cc2a81be5ba09932a1f4adbf4c063fa3bd0061c78b43a1ccdcb0e24

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    75c9f57baeefeecd6c184627de951c1e

                    SHA1

                    52e0468e13cbfc9f15fc62cc27ce14367a996cff

                    SHA256

                    648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

                    SHA512

                    c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    10fa19df148444a77ceec60cabd2ce21

                    SHA1

                    685b599c497668166ede4945d8885d204fd8d70f

                    SHA256

                    c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

                    SHA512

                    3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    5KB

                    MD5

                    de71089a7a71f4ae36ecd05426677452

                    SHA1

                    c8a3f540d7b1b77e0421ad82874f73be45ec22e4

                    SHA256

                    5781687694821d48d2d7901b5a3a57ab0115ae76014514496d820983914f3489

                    SHA512

                    ead299124c71a11e906b0676d0c43d6fad855da93aeda09750572f01d56c535d0b59eb5863cc8490d1f9c3fee7b354d00932492c0fabf9f4920b6152b0ba481f

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    6KB

                    MD5

                    8d6df38b6d7b998bc63cc9052f1a3d1d

                    SHA1

                    d61bb7c871fdf204684ebb215f691f15bba20e63

                    SHA256

                    154e2b0b75aac9a3926b2308e5701cf8af4c57b94d2008f7c872eaab064b5758

                    SHA512

                    6f9cf56e9b95d3d3c3ed9db6477299e961835ed2d1f8910bd00902254aaeb5ad0857b8b4d65567aa0e9cb2cd0d53aef62f1b952d46f9f89af513b88e0cfe063d

                    Download Submit