Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
08/08/2024, 07:12
240808-h1xr9s1djn 308/08/2024, 07:11
240808-hz8s5svcka 308/08/2024, 06:40
240808-he96ga1alq 308/08/2024, 06:39
240808-hey37s1aln 308/08/2024, 06:38
240808-hej92sthqb 308/08/2024, 06:36
240808-hdchta1akj 308/08/2024, 06:35
240808-hcdpgszhrq 308/08/2024, 06:29
240808-g84ecathkc 308/08/2024, 06:26
240808-g7cj8stgrd 308/08/2024, 06:07
240808-gvtmzszgkr 3Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
08/08/2024, 06:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://rule34video.com/categories/roblox/
Resource
win11-20240802-en
General
-
Target
https://rule34video.com/categories/roblox/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3552 msedge.exe 3552 msedge.exe 1320 msedge.exe 1320 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe 1320 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1320 wrote to memory of 1764 1320 msedge.exe 79 PID 1320 wrote to memory of 1764 1320 msedge.exe 79 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 916 1320 msedge.exe 80 PID 1320 wrote to memory of 3552 1320 msedge.exe 81 PID 1320 wrote to memory of 3552 1320 msedge.exe 81 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82 PID 1320 wrote to memory of 4424 1320 msedge.exe 82
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34video.com/categories/roblox/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1320 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff956e73cb8,0x7ff956e73cc8,0x7ff956e73cd82⤵PID:1764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,2474057708734960869,4158691233354544773,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:22⤵PID:916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,2474057708734960869,4158691233354544773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,2474057708734960869,4158691233354544773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:82⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2474057708734960869,4158691233354544773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2474057708734960869,4158691233354544773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2474057708734960869,4158691233354544773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2474057708734960869,4158691233354544773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2474057708734960869,4158691233354544773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2474057708734960869,4158691233354544773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2474057708734960869,4158691233354544773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2474057708734960869,4158691233354544773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:12⤵PID:2016
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2008
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2844
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b4ae6009e2df12ce252d03722e8f4288
SHA144de96f65d69cbae416767040f887f68f8035928
SHA2567778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d
SHA512bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1
-
Filesize
152B
MD54bf4b59c3deb1688a480f8e56aab059d
SHA1612c83e7027b3bfb0e9d2c9efad43c5318e731bb
SHA256867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82
SHA5122ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5cd7ca44526f7b8fb9a0f7c2aa8c1677a
SHA10f0dadc10d0746dbd4e77aa90ad9fda51eb8661a
SHA256d3417f83c5762c621282354fc8ee35c7eb1a05bcadec08e65391b9961b3b7419
SHA512ffe5bbfa9d320be65e1208045eb5d44aebe168c318db0cff02aad41af4a1d98bb216bd208e7633d404577fcb3bdabff73b1eb97e481d9df2af423db39919b8dd
-
Filesize
6KB
MD514e0d125dac7d7b3f1b286e0b60374df
SHA1b09cf85cc913069e6fb58b851d73b3ff933c20a7
SHA256e08d279e3456c8401ae544573a794330754e0a218cdbb9159de214721b028fce
SHA5127bd21ca84dd0e4bd758f3ce6417acb367c132591dc35aec770a23baa29c417128a0cb4e644a6b4d6b2dfe17090b263a24fdacc510365eeb89da21e62f225de44
-
Filesize
10KB
MD53612daaf7b473b82f35093cd4cd84e88
SHA17d7b8cb14e8566f6c23d9259c7e39cda7e6bd163
SHA2565b062dd7bdf2d3bdcfd8cb82b6462c35448effc14c35fe5dff50c0d861413b1b
SHA5120c802c7f642f6cd4b6f073a139ee13aee8d449adc02d3784c5cdc21a76a3612720688cf551498a37cc65cc79d0db6be47bfddb56d4322674d081d639ad709b77