Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

windows10-2004-x64

3

Resubmissions

16/08/2024, 16:47

240816-vaxqssygmk 3

09/04/2024, 17:33

240409-v4zr9ade89 7

Analysis

  • max time kernel
    135s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/08/2024, 16:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.mediafire.com/file/lqlncwwnvq7n1rq/WaveTrial.rar/file

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/lqlncwwnvq7n1rq/WaveTrial.rar/file
    1⤵
      PID:468
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4340,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:1
      1⤵
        PID:4436
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4332,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=3932 /prefetch:1
        1⤵
          PID:4716
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5372,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:1
          1⤵
            PID:4232
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5548,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
            1⤵
              PID:3100
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5568,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8
              1⤵
                PID:2508
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=1068,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:1
                1⤵
                  PID:2236
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6300,i,8231329449558834090,4540802069600791165,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:1
                  1⤵
                    PID:2964
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                    1⤵
                    • Enumerates system info in registry
                    • Modifies data under HKEY_USERS
                    • Modifies registry class
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:2136
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ffbe5e6d198,0x7ffbe5e6d1a4,0x7ffbe5e6d1b0
                      2⤵
                        PID:4804
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3236,i,5120085922120497717,5821532662864104742,262144 --variations-seed-version --mojo-platform-channel-handle=3232 /prefetch:2
                        2⤵
                          PID:2692
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1804,i,5120085922120497717,5821532662864104742,262144 --variations-seed-version --mojo-platform-channel-handle=3268 /prefetch:3
                          2⤵
                            PID:596
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2292,i,5120085922120497717,5821532662864104742,262144 --variations-seed-version --mojo-platform-channel-handle=3384 /prefetch:8
                            2⤵
                              PID:2560
                            • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4488,i,5120085922120497717,5821532662864104742,262144 --variations-seed-version --mojo-platform-channel-handle=4512 /prefetch:8
                              2⤵
                                PID:2352
                              • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4488,i,5120085922120497717,5821532662864104742,262144 --variations-seed-version --mojo-platform-channel-handle=4512 /prefetch:8
                                2⤵
                                  PID:1388
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=560,i,5120085922120497717,5821532662864104742,262144 --variations-seed-version --mojo-platform-channel-handle=4736 /prefetch:8
                                  2⤵
                                    PID:4448
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4552,i,5120085922120497717,5821532662864104742,262144 --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:8
                                    2⤵
                                      PID:2796
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3132,i,5120085922120497717,5821532662864104742,262144 --variations-seed-version --mojo-platform-channel-handle=2744 /prefetch:8
                                      2⤵
                                        PID:876
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4696,i,5120085922120497717,5821532662864104742,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:8
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4552
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
                                      1⤵
                                        PID:216

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                        Filesize

                                        2B

                                        MD5

                                        99914b932bd37a50b983c5e7c90ae93b

                                        SHA1

                                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                        SHA256

                                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                        SHA512

                                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                        Filesize

                                        4KB

                                        MD5

                                        38be88760d878c63757e6784f8e26234

                                        SHA1

                                        170dcf2d22c4a1592fbcd99c4b40e446c65a71a3

                                        SHA256

                                        b5bf56deb097bf23d5fe8623ffa4620358dbda8044cd63a3b7782f934abb2dc9

                                        SHA512

                                        50c38762803b2ed9afc740e5aeb6216376c46d8028d7f5a86036015b1e2e5e494776ea1fc54a8896ca12ffef8619a787c60e4abe5522b681dcf174abaa39f9c3

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                        Filesize

                                        40B

                                        MD5

                                        20d4b8fa017a12a108c87f540836e250

                                        SHA1

                                        1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                        SHA256

                                        6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                        SHA512

                                        507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        12KB

                                        MD5

                                        584d6bd9537cd202a8d0ef2f8e2ed75b

                                        SHA1

                                        4ad45083e4147293c39f3acc5afc5b3359151034

                                        SHA256

                                        fb148b60a0ad3ec4b72bb673e9946d44b4ff15f48718e23011260f06dc523fd3

                                        SHA512

                                        59e45bf4a33859748606a6ea97543f8231f9cd9fd0f6118b770a9881da630c9df0e597bf42da10cd10e4ada601b2b09554ce0c8aa0163ca9dc15a17f6f7ec5f3

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                        Filesize

                                        30KB

                                        MD5

                                        aefbeb6e2ab5b75f77df03e3d0960f33

                                        SHA1

                                        471c353f15a438dedd02041acbe7ce93757e372c

                                        SHA256

                                        028ebd7451acc5094804e1e8d0de1588a899dc5bfd86b2eae23fbb04abd88b48

                                        SHA512

                                        d1f4086f795574574e1d5d47c4498a6e489bc44b0fde493f5a1cd57f4f664de8891055825d8ec7259c38cf41f105d3723fe249762b49c07234fa849295abf79e

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        57KB

                                        MD5

                                        13903fff76df7415446d295b8e9de198

                                        SHA1

                                        4c1c7af212513b851b0a3fdb925c58a5ed0094d1

                                        SHA256

                                        45786416bb3f5ae1623db74781fabd50532c9ec8b9c0862584cba87f97e53fd4

                                        SHA512

                                        ef29bd2efacfc6c51e10cf6b5a756e8477c4724f6b798aec0a9849878d777434e39e6690ac2ee3c9a7c94462d04e060ea5c81dc71c7034e6cdf7a8a890d29784

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        61KB

                                        MD5

                                        9f2022585a8b0eb92c2a576b10720292

                                        SHA1

                                        e3e9a5908540f928f716518634fcc82e941a771d

                                        SHA256

                                        1736a1fd336a7f9f3098ad32d30b718f887f9439bfcf6fa171b5d03139e182e7

                                        SHA512

                                        585edec3ba1a0f3062d1a62f18ab3680c3a3e1e78888ae0501ea287c6f287be0d2da8d9c176a5594ffbde67a41859d0e3a6a7762810170e5bf3fefe4093cd038

                                        Download Submit