Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
08/08/2024, 07:12
240808-h1xr9s1djn 308/08/2024, 07:11
240808-hz8s5svcka 308/08/2024, 06:40
240808-he96ga1alq 308/08/2024, 06:39
240808-hey37s1aln 308/08/2024, 06:38
240808-hej92sthqb 308/08/2024, 06:36
240808-hdchta1akj 308/08/2024, 06:35
240808-hcdpgszhrq 308/08/2024, 06:29
240808-g84ecathkc 308/08/2024, 06:26
240808-g7cj8stgrd 308/08/2024, 06:07
240808-gvtmzszgkr 3Analysis
-
max time kernel
70s -
max time network
65s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
08/08/2024, 01:51
General
-
Target
https://rule34video.com/categories/roblox/
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34video.com/categories/roblox/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7ffe1fd23cb8,0x7ffe1fd23cc8,0x7ffe1fd23cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5464 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004D01⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59828ffacf3deee7f4c1300366ec22fab
SHA19aff54b57502b0fc2be1b0b4b3380256fb785602
SHA256a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7
SHA5122e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d
-
Filesize
152B
MD56fdbe80e9fe20761b59e8f32398f4b14
SHA1049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f
SHA256b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942
SHA512cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234
-
Filesize
50KB
MD512163f6554380750b2adb65d6b322add
SHA162adaf35f63d6ee1888bcbe964cfe4b3dada66cf
SHA2561d34619493f71f3ce631d59618a7751cc6209cd9b55be548d6fe6fa1599a98d0
SHA512155892adea5270efcd78e1d120551e43239f320a17f2f7429871ebd37bc2d21f422a25571e44edb504fcf719d84efd5b9c3d654151fb1a2df690c739c57c0ca2
-
Filesize
437KB
MD5ff2d47c0e776d117f9b5c5561dbddcd2
SHA1da6df18b8d8f1b604efce7d95e6c33ca2def79fd
SHA256ebc839f6c976ed0b7258e94b0ac989658383cf42f447f663354e57d77bb92fb4
SHA512c5352ed594ecf7587047a35fda68e7baef25624175c96beef58be6e6aa991e02379c3dacdf54ae737a83647b47cc7a774979bbeb9a1d9c38f46c2bb2e37f2d2a
-
Filesize
768B
MD5b8ad01df4ff6ae008c56f14f6033165c
SHA161348699d78f32875d872ca4667ccee0f7cb47e7
SHA25652e57afc597fa84a650fb067aa3c6220a61e60cc71d431d812dcc459a95c22e6
SHA512c174c9aed639ca536a499fcfc4e25023647f242e162a9e018dc47ea6f0f9a93df7750332aa8bcc0a60b8c2a0f082c6351bf47c7f642401a4c97534c449925e51
-
Filesize
5KB
MD5dd0cb3ce1aeca1c7dc19417c57e9e697
SHA1a39cac0355de6fc829302c35924e5f3e7143600f
SHA2568be0c7bbbff38516138113097e94d3d279b628cb8912f557147fe44aaf6dece2
SHA51253220f9c92554585868d340209757529bbd28d743fd91ca68e19ce1e427dad7193f2bc4f62acc7458f2199115d5b8231b8892b5d5e9d1d7810e182cf81884a58
-
Filesize
6KB
MD52ebdc939124af43046fcc197f0e1961d
SHA116fff5abe3fd78c4a45989a183b3136365b82806
SHA256216d2660fe39b8c533bdf1acfcc67e6289498a11effa60f378a4343261d2120c
SHA51221408b52ae9e3f90c430b914818ecf44ed7617b1af0996f50c026d5f8f106d345ed1e4245d69348ba180de976bec956153b89989377a3a5dafb31a7c87ebc0c3
-
Filesize
539B
MD51b70e4c2301cc540c3e342abc6ef8d83
SHA18c195fcaa82c80e4d1f3a6344c1f44c25e331ca5
SHA2566973962d8906f32cf84db1c633a02e2d5425cfad3a764a4bb601cb90a78a014b
SHA512521bfec3d31409cff4df229bb3f8bebd8eecdeeda500e6c3b41c72c15a6b7342b9d55697e5eb2a59c044fef27955352dcf5b6199e9256adab9f8f276b64b202b
-
Filesize
537B
MD5d974fc5d851e6053c1de0186803c0948
SHA1a0ce9f406cd1506336fdc38f72a53d135043b51e
SHA256a090c902fe69d9a9beb98a436962975c4778692c6fdbb530ee3aafdbf41582e9
SHA512529bc1044cf32c589b89ef317ecf3bf80b6b07c481ff90995b4ca97fa621713abb92b41dc398decf18be1addd89447cd184dc570cf809b817e6efe953271d7c9
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5a51aff131d736b6953f95a8a68702af6
SHA187e947128cf6c20bdd3fd0349c9e6f7d25dfea5a
SHA256aaf0e3b10cbbb8edc432f515d5ff4617816854fc2ffdcda330c92ef47d17a705
SHA51211dd925f8aa0219cca38b4767968ea502f8916b36b5098a07abed627f68c217361ce6ff9944179f7809f565f529285369cbe668a4bda11f6e54976ebaf5cce32
-
Filesize
11KB
MD53a31e1589834173a941b0a1f2fa5ac69
SHA169cfa37601393ae3cbaa492fb7b00a67392a2b1d
SHA256aac4ec5e199cd49b07b103823def29901aa72b56e6a4f223f161d5177db7e415
SHA51292367ee98aa66bd902958846d438787a846065dfbce1dc2e600b9260cc79b49b9ae602e0ee713a2a7529b73e76df3d1c75fba27d554312a4c59f48fefc21f1e6