Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
08/08/2024, 07:12
240808-h1xr9s1djn 308/08/2024, 07:11
240808-hz8s5svcka 308/08/2024, 06:40
240808-he96ga1alq 308/08/2024, 06:39
240808-hey37s1aln 308/08/2024, 06:38
240808-hej92sthqb 308/08/2024, 06:36
240808-hdchta1akj 308/08/2024, 06:35
240808-hcdpgszhrq 308/08/2024, 06:29
240808-g84ecathkc 308/08/2024, 06:26
240808-g7cj8stgrd 308/08/2024, 06:07
240808-gvtmzszgkr 3Analysis
-
max time kernel
70s -
max time network
65s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
08/08/2024, 01:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://rule34video.com/categories/roblox/
Resource
win11-20240802-en
General
-
Target
https://rule34video.com/categories/roblox/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3068 msedge.exe 3068 msedge.exe 1556 msedge.exe 1556 msedge.exe 1508 identity_helper.exe 1508 identity_helper.exe 4364 msedge.exe 4364 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 1064 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1064 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe 1556 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1556 wrote to memory of 872 1556 msedge.exe 78 PID 1556 wrote to memory of 872 1556 msedge.exe 78 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 1012 1556 msedge.exe 79 PID 1556 wrote to memory of 3068 1556 msedge.exe 80 PID 1556 wrote to memory of 3068 1556 msedge.exe 80 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81 PID 1556 wrote to memory of 1948 1556 msedge.exe 81
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34video.com/categories/roblox/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1556 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7ffe1fd23cb8,0x7ffe1fd23cc8,0x7ffe1fd23cd82⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:22⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:12⤵PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:4292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:12⤵PID:772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5464 /prefetch:82⤵PID:3456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵PID:660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11707792899202425415,1191046924686907612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵PID:4928
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1464
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2332
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004D01⤵
- Suspicious use of AdjustPrivilegeToken
PID:1064
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:4632
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59828ffacf3deee7f4c1300366ec22fab
SHA19aff54b57502b0fc2be1b0b4b3380256fb785602
SHA256a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7
SHA5122e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d
-
Filesize
152B
MD56fdbe80e9fe20761b59e8f32398f4b14
SHA1049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f
SHA256b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942
SHA512cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234
-
Filesize
50KB
MD512163f6554380750b2adb65d6b322add
SHA162adaf35f63d6ee1888bcbe964cfe4b3dada66cf
SHA2561d34619493f71f3ce631d59618a7751cc6209cd9b55be548d6fe6fa1599a98d0
SHA512155892adea5270efcd78e1d120551e43239f320a17f2f7429871ebd37bc2d21f422a25571e44edb504fcf719d84efd5b9c3d654151fb1a2df690c739c57c0ca2
-
Filesize
437KB
MD5ff2d47c0e776d117f9b5c5561dbddcd2
SHA1da6df18b8d8f1b604efce7d95e6c33ca2def79fd
SHA256ebc839f6c976ed0b7258e94b0ac989658383cf42f447f663354e57d77bb92fb4
SHA512c5352ed594ecf7587047a35fda68e7baef25624175c96beef58be6e6aa991e02379c3dacdf54ae737a83647b47cc7a774979bbeb9a1d9c38f46c2bb2e37f2d2a
-
Filesize
768B
MD5b8ad01df4ff6ae008c56f14f6033165c
SHA161348699d78f32875d872ca4667ccee0f7cb47e7
SHA25652e57afc597fa84a650fb067aa3c6220a61e60cc71d431d812dcc459a95c22e6
SHA512c174c9aed639ca536a499fcfc4e25023647f242e162a9e018dc47ea6f0f9a93df7750332aa8bcc0a60b8c2a0f082c6351bf47c7f642401a4c97534c449925e51
-
Filesize
5KB
MD5dd0cb3ce1aeca1c7dc19417c57e9e697
SHA1a39cac0355de6fc829302c35924e5f3e7143600f
SHA2568be0c7bbbff38516138113097e94d3d279b628cb8912f557147fe44aaf6dece2
SHA51253220f9c92554585868d340209757529bbd28d743fd91ca68e19ce1e427dad7193f2bc4f62acc7458f2199115d5b8231b8892b5d5e9d1d7810e182cf81884a58
-
Filesize
6KB
MD52ebdc939124af43046fcc197f0e1961d
SHA116fff5abe3fd78c4a45989a183b3136365b82806
SHA256216d2660fe39b8c533bdf1acfcc67e6289498a11effa60f378a4343261d2120c
SHA51221408b52ae9e3f90c430b914818ecf44ed7617b1af0996f50c026d5f8f106d345ed1e4245d69348ba180de976bec956153b89989377a3a5dafb31a7c87ebc0c3
-
Filesize
539B
MD51b70e4c2301cc540c3e342abc6ef8d83
SHA18c195fcaa82c80e4d1f3a6344c1f44c25e331ca5
SHA2566973962d8906f32cf84db1c633a02e2d5425cfad3a764a4bb601cb90a78a014b
SHA512521bfec3d31409cff4df229bb3f8bebd8eecdeeda500e6c3b41c72c15a6b7342b9d55697e5eb2a59c044fef27955352dcf5b6199e9256adab9f8f276b64b202b
-
Filesize
537B
MD5d974fc5d851e6053c1de0186803c0948
SHA1a0ce9f406cd1506336fdc38f72a53d135043b51e
SHA256a090c902fe69d9a9beb98a436962975c4778692c6fdbb530ee3aafdbf41582e9
SHA512529bc1044cf32c589b89ef317ecf3bf80b6b07c481ff90995b4ca97fa621713abb92b41dc398decf18be1addd89447cd184dc570cf809b817e6efe953271d7c9
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5a51aff131d736b6953f95a8a68702af6
SHA187e947128cf6c20bdd3fd0349c9e6f7d25dfea5a
SHA256aaf0e3b10cbbb8edc432f515d5ff4617816854fc2ffdcda330c92ef47d17a705
SHA51211dd925f8aa0219cca38b4767968ea502f8916b36b5098a07abed627f68c217361ce6ff9944179f7809f565f529285369cbe668a4bda11f6e54976ebaf5cce32
-
Filesize
11KB
MD53a31e1589834173a941b0a1f2fa5ac69
SHA169cfa37601393ae3cbaa492fb7b00a67392a2b1d
SHA256aac4ec5e199cd49b07b103823def29901aa72b56e6a4f223f161d5177db7e415
SHA51292367ee98aa66bd902958846d438787a846065dfbce1dc2e600b9260cc79b49b9ae602e0ee713a2a7529b73e76df3d1c75fba27d554312a4c59f48fefc21f1e6