Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
599s -
max time network
603s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
05/08/2024, 14:44
General
-
Target
https://moneyz.fun/kdPfuY
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://moneyz.fun/kdPfuY1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa985c3cb8,0x7ffa985c3cc8,0x7ffa985c3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6112 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,422451624019812013,12897999991557859019,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4848 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D01⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50487ced0fdfd8d7a8e717211fcd7d709
SHA1598605311b8ef24b0a2ba2ccfedeecabe7fec901
SHA25676693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571
SHA51216e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993
-
Filesize
152B
MD55578283903c07cc737a43625e2cbb093
SHA1f438ad2bef7125e928fcde43082a20457f5df159
SHA2567268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2
SHA5123b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601
-
Filesize
504B
MD53bf0456984d8401136efdb874077c53c
SHA12be49ff43457ec8fc7a9af4e6681975b228e8f7f
SHA256d8b4d5dc3bf3df7e51c18bbc9e001d4b6ec26929a3b16c16300917a38d2c29a3
SHA512b352a77eabecc7305468c23cb3eaa3e18d802ac2d90382d7f2dbd6e03b807ef52a3e672e57d405b9e65f131b09fcd9d1bb13913ad0b5b1b4ec90525446df1d97
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
1KB
MD5ad0ebef50e2190845509bd36b31379d3
SHA16420ca759d63b4af6878108c61db1c5ae96a0c4b
SHA2565b6fb2184e5f875e87ca3aa8bfeebe41e996bfc8f01fd89f0475addaf0428a2c
SHA512240d2dd75ca2063c0fdd6c50a56baf4c8d536f4d8655d3c4bc867a2f8e9457763faeb28ec042edebe3151f8c67ac96f67d0bea44120ff5d98238c5f8562c9efb
-
Filesize
5KB
MD5e8b07677dc896263fe999ea9e5a55af4
SHA11d56ec1d669e66aa547042b6be3b8108e8e77054
SHA256900ea50dd467494cd5b2d774c767fb71254bb849f15387a39d7069c11fbf1874
SHA51281518f84e1e65a2e4cfbc38ffacfca3ddff6055a2ad1ef1a3c10a51d3aacd260d5173e113eac2ad5036f466e59fc7cca5c3802c3752fb68de1e245f10d4cb00e
-
Filesize
7KB
MD55f72e1140549333c164bf690bb845c20
SHA10a763dcce82b4d5e9906732face4a6e9c8544994
SHA2567b0f5b1f2c2301d2b5cea42115e5562fa8739f3a444ac7905180e9d79d4b8593
SHA512fa4a51d87e6797aacb5b9562464c72272a4d6e63f5fbbfe5528b1fb57cb0882cce398c6c75e48a4b2f3122cde7155bffc0928601c94f4429fba1184101af53ee
-
Filesize
6KB
MD59e85afb8f3ec8b1fa8c76aac5f3547db
SHA100696c1491d40005633c0eca8eb9efefd15f5865
SHA256fe03af0557c8342306be1d91a4e15c28d7776da4ca277d3cc95507ecef24a286
SHA5127a5009597a342ff72daac56a10f81e7100d8a8515870c85526c57086c7b3244a319faf01c005f7137f7d8b6533933e74c0ddc95565133e64bced44697f1ac987
-
Filesize
96B
MD586dbc9870d5b3f1e96f26b5f33813c92
SHA1956a88795005aa0f6a58799f7c329b4521f79266
SHA256b1153e3d9d2d850a9b7cf8cc5e1630377c629f2984e2696cf35bc2da7d5c53cb
SHA512230a9196714da3067480bb349dba76b8be9407d44dcc7c07949c8d0dbe43d1ddaca3833c5b10b8b826c2d44f23d931cc74149313e59de5a667fcbf1f4ee049f8
-
Filesize
48B
MD5b27c0d3ebe1447121c65cef3cbdbd967
SHA12b63199a738327f35ed1c3684289b7e34b5c6f3f
SHA25664e2f29576ee4dd616a271db7cafe58dd57aa9ff2ebb6202ed6995c8534733ff
SHA5123c3a29afa60f32afb6a05070b561a87d0a7c76d0833a97d0d9ec699955f4012e9afad5bbd659c0f5d2b71dcea51b771429deb65b69282eedda9b417b63fabece
-
Filesize
1KB
MD534e8cea8683bb65ec961c50c839ff516
SHA19eff0cbd61d29fab2ab3e16aefc7fd734e63881a
SHA2563e02e5d38f0f29ab58a8201b368c821998e6e06dc2d89965d2170e3d07e460cc
SHA512461d6f403b4f8c3b112a1a4add015de30f4a032af3aa8a0846177c0803886da9b10595bbfba4e41bcc263fd400dd3add20695fc382750819a7d01d213181c7e3
-
Filesize
1KB
MD5baff823c5fbc0418ec347b5c8467d762
SHA161a97d15b5fbc781e78f40bdbecca34e8a72cda0
SHA2560d7474dd691d5747049f949c3513be0339dc759574f0553fba23f31e7a155928
SHA5127a496a7dd1b7b520137a6eb28fd1e82841d0d9acb2a08fa141e266e4698a290a99beab1781c3030ecd7be9a32219688ac055f23c81f1a9161c019c224273e341
-
Filesize
1KB
MD53be3a907b84e34d7db7818d927870864
SHA1d766c9d8417f1ceaa22b3560e955174ca1f8da64
SHA2566758ab36ea4db733f947def784c1c5aeddef38466702c174a8aae2f235d17818
SHA5120e99466bc77276a96098db90e6458070ffa847bb4836c6f50dd8617286966b0611cbe630aaec836251e0d770a1ad65e5ae16a539a8995b189f67d8523131f64c
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5be188142ba7ff37fe3a02e961868a39d
SHA16d890865c12077869857406e1a452e73448e3193
SHA256f06654a530c9497cb31c48fdba771c7ae4c23a2b4249e26bba06230417d07d89
SHA512ff82cb8e6b7b7dd2e2f47b8c7d51404d1ddc73f6d96b1e4978c58d4b3db89689d4032c2edec718c9517b204486a819e80698a49fcec575ed68b425d9d7fb6d56