Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

URLScan

urlscan

https://github.com/p...

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-fr
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-frlocale:fr-fros:windows10-2004-x64systemwindows
  • submitted
    11/08/2024, 08:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/pankoza2-pl/Ethylenediaminetetraacetate.exe-Malware

Score
7/10
bootkitpersistenceupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 14 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pankoza2-pl/Ethylenediaminetetraacetate.exe-Malware
    1⤵
      PID:1748
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3932,i,8457343488571993338,13289450751020348124,262144 --variations-seed-version --mojo-platform-channel-handle=4064 /prefetch:1
      1⤵
        PID:1244
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3968,i,8457343488571993338,13289450751020348124,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:1
        1⤵
          PID:1956
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5412,i,8457343488571993338,13289450751020348124,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:1
          1⤵
            PID:2684
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=fr --service-sandbox-type=asset_store_service --field-trial-handle=5576,i,8457343488571993338,13289450751020348124,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
            1⤵
              PID:1092
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=fr --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5612,i,8457343488571993338,13289450751020348124,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:8
              1⤵
                PID:3156
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5964,i,8457343488571993338,13289450751020348124,262144 --variations-seed-version --mojo-platform-channel-handle=6116 /prefetch:1
                1⤵
                  PID:3268
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=fr --service-sandbox-type=service --field-trial-handle=5976,i,8457343488571993338,13289450751020348124,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:8
                  1⤵
                    PID:3220
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=fr --service-sandbox-type=collections --field-trial-handle=6688,i,8457343488571993338,13289450751020348124,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:8
                    1⤵
                      PID:2256
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6672,i,8457343488571993338,13289450751020348124,262144 --variations-seed-version --mojo-platform-channel-handle=6748 /prefetch:1
                      1⤵
                        PID:2740
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=fr --service-sandbox-type=service --field-trial-handle=7004,i,8457343488571993338,13289450751020348124,262144 --variations-seed-version --mojo-platform-channel-handle=7024 /prefetch:8
                        1⤵
                          PID:3220
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=fr --service-sandbox-type=none --field-trial-handle=7292,i,8457343488571993338,13289450751020348124,262144 --variations-seed-version --mojo-platform-channel-handle=7396 /prefetch:8
                          1⤵
                            PID:4060
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:3632
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=fr --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5924,i,8457343488571993338,13289450751020348124,262144 --variations-seed-version --mojo-platform-channel-handle=5788 /prefetch:8
                              1⤵
                                PID:4488
                              • C:\Users\Admin\Downloads\Ethylenediaminetetraacetate.exe\Ethylenediaminetetraacetatex64.exe
                                "C:\Users\Admin\Downloads\Ethylenediaminetetraacetate.exe\Ethylenediaminetetraacetatex64.exe"
                                1⤵
                                • Writes to the Master Boot Record (MBR)
                                • Modifies registry class
                                • Suspicious use of AdjustPrivilegeToken
                                • Suspicious use of WriteProcessMemory
                                PID:5196
                                • C:\Program Files\VideoLAN\VLC\vlc.exe
                                  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Ethylenediaminetetraacetate\horse.wmv"
                                  2⤵
                                  • Suspicious behavior: AddClipboardFormatListener
                                  • Suspicious behavior: GetForegroundWindowSpam
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of FindShellTrayWindow
                                  • Suspicious use of SendNotifyMessage
                                  • Suspicious use of SetWindowsHookEx
                                  PID:4512
                              • C:\Windows\system32\AUDIODG.EXE
                                C:\Windows\system32\AUDIODG.EXE 0x418 0x4e8
                                1⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:5468

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Ethylenediaminetetraacetate\horse.wmv
                                Filesize

                                763KB

                                MD5

                                8156051564f566676e3e020ae38d86ac

                                SHA1

                                d664d3358bc6fb1d8356048da95d50bf64e3084c

                                SHA256

                                92c577b50f523fcfe5ffdebba8d46fc20c42caa96d1c35a43f75ac00d2cb6d1a

                                SHA512

                                8c19ff4a8ccc39a5480fa91e4ee2c07d59985be7180cd237876dd10570e10416253e2c5f5245fadf1d8606e3340d74d20c68849a0b47aaf71c1dab395770abc6

                                Download Submit

                              • memory/4512-23-0x00007FFC14310000-0x00007FFC14327000-memory.dmp

                                Filesize

                                92KB

                                Download

                              • memory/4512-21-0x00007FFC1B310000-0x00007FFC1B327000-memory.dmp

                                Filesize

                                92KB

                                Download

                              • memory/4512-17-0x00007FF6746B0000-0x00007FF6747A8000-memory.dmp

                                Filesize

                                992KB

                                Download

                              • memory/4512-18-0x00007FFC13B30000-0x00007FFC13B64000-memory.dmp

                                Filesize

                                208KB

                                Download

                              • memory/4512-19-0x00007FFC03590000-0x00007FFC03846000-memory.dmp

                                Filesize

                                2.7MB

                                Download

                              • memory/4512-27-0x00007FFC03380000-0x00007FFC0358B000-memory.dmp

                                Filesize

                                2.0MB

                                Download

                              • memory/4512-26-0x00007FFC13AF0000-0x00007FFC13B01000-memory.dmp

                                Filesize

                                68KB

                                Download

                              • memory/4512-25-0x00007FFC13B10000-0x00007FFC13B2D000-memory.dmp

                                Filesize

                                116KB

                                Download

                              • memory/4512-24-0x00007FFC13C60000-0x00007FFC13C71000-memory.dmp

                                Filesize

                                68KB

                                Download

                              • memory/4512-35-0x000001F128290000-0x000001F129AFF000-memory.dmp

                                Filesize

                                24.4MB

                                Download

                              • memory/4512-29-0x00007FFC13610000-0x00007FFC13651000-memory.dmp

                                Filesize

                                260KB

                                Download

                              • memory/4512-20-0x00007FFC1BA40000-0x00007FFC1BA58000-memory.dmp

                                Filesize

                                96KB

                                Download

                              • memory/4512-22-0x00007FFC18DC0000-0x00007FFC18DD1000-memory.dmp

                                Filesize

                                68KB

                                Download

                              • memory/4512-34-0x00007FFC12EF0000-0x00007FFC12F01000-memory.dmp

                                Filesize

                                68KB

                                Download

                              • memory/4512-33-0x00007FFC12F10000-0x00007FFC12F21000-memory.dmp

                                Filesize

                                68KB

                                Download

                              • memory/4512-32-0x00007FFC12F30000-0x00007FFC12F41000-memory.dmp

                                Filesize

                                68KB

                                Download

                              • memory/4512-31-0x00007FFC13AD0000-0x00007FFC13AE8000-memory.dmp

                                Filesize

                                96KB

                                Download

                              • memory/4512-28-0x00007FFC00520000-0x00007FFC015D0000-memory.dmp

                                Filesize

                                16.7MB

                                Download

                              • memory/4512-30-0x00007FFC13340000-0x00007FFC13361000-memory.dmp

                                Filesize

                                132KB

                                Download

                              • memory/5196-1-0x00007FF6D8540000-0x00007FF6D86AD000-memory.dmp

                                Filesize

                                1.4MB

                                Download

                              • memory/5196-0-0x00007FF6D8540000-0x00007FF6D86AD000-memory.dmp

                                Filesize

                                1.4MB

                                Download