Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

URLScan

urlscan

1

http://bigrat.monste...

windows11-21h2-x64

3

Analysis

  • max time kernel
    18s
  • max time network
    16s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20/08/2024, 09:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://bigrat.monster/

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of FindShellTrayWindow 28 IoCs
  • Suspicious use of SendNotifyMessage 14 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bigrat.monster/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1336
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff80bb53cb8,0x7ff80bb53cc8,0x7ff80bb53cd8
      2⤵
        PID:3952
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,14606645107760758762,9082432530905591616,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
        2⤵
          PID:2528
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,14606645107760758762,9082432530905591616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1784
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,14606645107760758762,9082432530905591616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
          2⤵
            PID:1936
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14606645107760758762,9082432530905591616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:2708
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14606645107760758762,9082432530905591616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              2⤵
                PID:5108
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14606645107760758762,9082432530905591616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
                2⤵
                  PID:1684
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,14606645107760758762,9082432530905591616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1324
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,14606645107760758762,9082432530905591616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2256
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14606645107760758762,9082432530905591616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
                  2⤵
                    PID:3644
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14606645107760758762,9082432530905591616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                    2⤵
                      PID:3224
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:2264
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:4528
                      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                        1⤵
                        • Modifies registry class
                        • Suspicious use of SetWindowsHookEx
                        PID:4584

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        9af507866fb23dace6259791c377531f

                        SHA1

                        5a5914fc48341ac112bfcd71b946fc0b2619f933

                        SHA256

                        5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

                        SHA512

                        c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        b0177afa818e013394b36a04cb111278

                        SHA1

                        dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

                        SHA256

                        ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

                        SHA512

                        d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                        Filesize

                        471B

                        MD5

                        51ef93e02310f93f6e44242f8e82fc17

                        SHA1

                        c804f6050d5594a1a10352673f2fc78c46e12791

                        SHA256

                        ffbb3bfa1df3142c0d89d0d0de80194e941f2e6aeadc42d1e9e3cf56f2fafe0b

                        SHA512

                        899cfe1e780ebd0e4931a05a33e61c2492020e5a40cd8c5edd4aef80282062950bd2179c2c70e83b492b65ae32362bc11a960efac3af1049d85e0e3f150c5803

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        5KB

                        MD5

                        4543582bee5908fd216b80041d55e212

                        SHA1

                        4fc328b9d99d7af6d6440eb0f9cd4e55c56a2e82

                        SHA256

                        6c603787351e2c0af9eb834372452d8d0f304596293a01a240abd3062a95da32

                        SHA512

                        4424772e8114559927f76a6bcb2a9d7bd14ed53e250ba98e94522ac05162e1abdcf080fb45c3f0441566022e25f0c8b6ba54de137db1173e142cf5834c36d64e

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        6KB

                        MD5

                        815f18200f88860cf93162819203cb78

                        SHA1

                        292086dd567e0d637340740e4c608233164c4b28

                        SHA256

                        7a7d5f90f1da44a5c30c7d508a52c4825bb0aa6edcacb38b9ce0cf515e8a4d4e

                        SHA512

                        fd7b8fc10b65160e16eb28f3b17c4f1b32be1ab69790e9976479cceab26494337630e0359336ec99367f4cae21a52d2def8a374774c07c235401a42f0c9d9b35

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        6KB

                        MD5

                        1b6a3268353821bf9268b3072249761a

                        SHA1

                        797de1a3b981fd4b20b9f0519ce2845d0e90e054

                        SHA256

                        d6ad92b38bb5abb4a390062bf79dd4ddd126955b4fd82b6975532ba4a9ddcaef

                        SHA512

                        8ca05d6434c0e295f35351f83a8b83a0dcbecc9f0d09c9fda29451699f416e3fd56754f071b25afeb38f48a7f5456e6454c138bba383eafabde3c1ab90ba201f

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                        Filesize

                        16B

                        MD5

                        46295cac801e5d4857d09837238a6394

                        SHA1

                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                        SHA256

                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                        SHA512

                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                        Filesize

                        16B

                        MD5

                        206702161f94c5cd39fadd03f4014d98

                        SHA1

                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                        SHA256

                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                        SHA512

                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                        Filesize

                        11KB

                        MD5

                        715b19590c95173f6bdd6e3fd771fc02

                        SHA1

                        54a62ff093f8412530740dbc1615704216e4d63a

                        SHA256

                        4d996deb7d1c935988df6afa258505f49931e6b15153104468b56d8d7004f4e0

                        SHA512

                        e55f559d6643eba7c86bacd7e1ec9f61d2054be24a3cf49c1ef77e5e2b14aea10decf753b62d070afd1ef7483a7c515bb094138b1a5b05cbd3d92ceeca0e70a9

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                        Filesize

                        11KB

                        MD5

                        7f5e221cbbb62037f450ebb9d6593083

                        SHA1

                        0378b9887f104f2405235670ab8f21c77a0a2999

                        SHA256

                        b71ab4874023f40d114a89e4b8d05cf495dc35d52c3d938509b10adfd1ed2d98

                        SHA512

                        32ef8b1c5fc8ebae9b0760dc7a802c086b6d897966d28d03e18e5bdcd46c928c9e9a0d2e311b8a3cccc98f9f5465116662d743a0bca9cf400af40a6908d9fa56

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                        Filesize

                        10KB

                        MD5

                        30f9f69bd4cb3ca8ed4af465e6bf3b72

                        SHA1

                        1f7bf3625d683c1af38485d1eb39152949648749

                        SHA256

                        fbb114871abc3901711a5f204cb370f1cc1602ad89fa0c8155288ec72e4eaf36

                        SHA512

                        ae96746716d0b47912c191ca52db48ee40aca9591444c1f0ffbc913346be1fff1e9f71c6e66cb4c175fd308e04a504367dd56bf84920f94c65142cd8508258c2

                        Download Submit