Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
19/12/2024, 21:14
241219-z3cnjszqcp 319/12/2024, 21:13
241219-z22laazmcs 319/12/2024, 21:13
241219-z2wp2azqbk 319/12/2024, 21:12
241219-z2dt8azmaz 319/12/2024, 21:11
241219-z14dgszphn 129/08/2024, 11:14
240829-ncgc9sybpe 316/08/2024, 20:51
240816-znlb5szdrr 316/08/2024, 20:19
240816-y36e7aybqm 915/08/2024, 16:42
240815-t758rssbrb 815/08/2024, 16:35
240815-t3qbra1hnh 5Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
29/08/2024, 11:14
General
-
Target
http://bing.com
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: LoadsDriver 4 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bing.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96f5846f8,0x7ff96f584708,0x7ff96f5847182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7064 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7044 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,578614761504365876,3665384712621874833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x304 0x3f81⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
Filesize
7KB
MD544dbb610c49e5f76a70e4bc024e891dd
SHA1d3c94e9bafc2c58700e16152a1058bd69d8423e1
SHA256840461e08d587387cc851aa66673f379365a3eea53de3ef12bc3d78425a9b4d6
SHA51298a0cd1c0fa09c27d0579dcea0337b1a43e9d4e535f9ac0cdc0420240b0aaa31fd83f258f3e1294d7ab0baa38a22c2f82a30143c8c3d1f450a3a8a04cbb6764a
-
Filesize
5KB
MD59371dca4eaaaa5f3176a9ce98b6a7a16
SHA131136e7b0dd9de00ea1f9b1d03e953a083e8afd4
SHA25641b8cac9d85b85a6459d7349c3b73d1a3bd751a6d8c7569e877669e15352fbec
SHA512cac44dd4ee534424847d728109a779be798d67f0267ae4b8c9c5b0ab09712e6c66be0e10083805602a13c574589c2861fd48be51d9bae69c5c298fc22a51bd4e
-
Filesize
16KB
MD554c78aa423a88d6c5641239d0b032f10
SHA162985f10bd80339e0c0ecd487f1f44b3bcf02aca
SHA25650eb188c05f5c01b724d166938b90d36e3eeb241e498c3221df5fb3258587c4c
SHA51267778b99f0a7e4f27a7492b881fa2a7becd26595187d246d584b54dbafcb477ae77e582fb402773df898d744a7d442c79a7480155ffe8c69c6504658cf1a21a7
-
Filesize
69KB
MD5d59c0089cdc2490dc9da84f13518287f
SHA16b15d3e32d4e015b765470516f36dd3b7bf6c006
SHA2561c928bf6d043a4cce2987ca93dc3736fc82ba0f3ea76520a08e1a1ba78869c20
SHA512d7f617ad241fc397e133c9a496de0ae204db9782d47f8d35954a8fbb8798e1b807cf4cbe0547f3b9e2a7b0ed163beb3cd9aad4671dc35c93fa301261b767bc0e
-
Filesize
18KB
MD516fedbb8a53ca7c04bd39a54bf02f11b
SHA141addeb324f98dfc906236b58e53de793a198b55
SHA25613ca143f3067d4d5cef1e8783ab3e99d035852271019577729d4f2200cb040a1
SHA512380b0eeb744abb7fba14eafeb14971ae030785eb749934fdb19bb60c5c9925b57e573786aeb702837679a825f509a10a6750eed5c27a60e430bfaef23c4fa07f
-
Filesize
37KB
MD54bbbf289aab4d1d188a92c2ca86f7961
SHA1e8b9a631c1667c54f3335ccfd10fb97ef5001479
SHA256a25a046ce86b81de1f9f01b8127f51534612ebc56ca86ba1f3be1c297c5bfff3
SHA512714791efa4cf5a2ae3636dae08773b72adb221fc51677b5dbbcff662dcf24085f8b7867408f212376269383dcba71fb0dacf0e56f74359214b169b5e3664c2fa
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5273fcf8fb60dfb3c6cc74bac028b8e82
SHA1972a16ec49c04817d9a7f1ebf7014f79a5100810
SHA2563f5d4012ebd1a51ff015d81fce78e1bff9fd26e406a11d5b9ac3c614c9f8cf2c
SHA512a9ddf16492211a13fb67350f3f5bced6102859b1397138389698674f987b14a1a41dece3af56b1e866ce53ec808da1e6fc9ffeaa11f591f92e3753f00d814dc2
-
Filesize
11KB
MD595673e45131ff1c36c88bc9e5eaf870b
SHA123c1b5bca776dc570c8f3d47f65a44ccc502f01f
SHA2569636001e06cc0887de237ccea4290bce29437c0b5875c433445d4c837153de23
SHA512839ed5a02fedb6ea7ac2ed46daa523389aad06b84baa0c66e87595c9e95b70faf32bf0ce7df74d9476303d490c20e3a557d32fb1525bc7c10f0cdee7d749ba93
-
Filesize
5KB
MD575ea9cda9da7aa26a361249fbd44dad5
SHA11b1c9d793fd4949b45c58894deca5780e5dc3d35
SHA256df200c0554d3099b6ab25ff3a3511bc7037aa16d15c71a5fea51c8f014c60663
SHA5125af4f6621aedaa639c45433e08e8f25487c97613190fe43253228bf5d0b5c38b1ff56a699e4e794308162e8486724e4204ee0d61e8018ce82242a850677d87d0
-
Filesize
5KB
MD5c12462e7b88e9bce0b8d48681bb1d53c
SHA117b0d1aea56592f17995031e7e7153d3ad1d55a4
SHA256a63985a7a77c5ca6f4105d8cc4520de0025745496b7e569d58de33f966553971
SHA5127151d33bf7d5cf74490ac2835566942a454043151c219601875ce3fac48dd6c699b92eadec3adc99834783009e801eb3f92165793bad0918b0588d85f9afd4e9
-
Filesize
1KB
MD5ecd90f3bb72d4cef862885549c80b4b0
SHA1143b6f28b4c6f9966d0351b9e4f202caab711462
SHA2564d37c51155fdc8bb45866930f5ed2469239d1caa8d93aac3a323b20f0c174c0a
SHA512e5ee29ef52ffb794370b1298b13c532b970f3667a37d73e6eac9165f5cef235d248869fb2f23ee4767ee0ebfe7768c24ecdb1246fe0b90c24f43783a6f27df9b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5cc35fc8362bb553d09b55930a6ce91f0
SHA1c9b3dd7351f8db9530d943a8cd76028ed8f6f2cc
SHA2565993ad55d2942bbb70d186119ca785271296c3f8ffcfee1a0284d828c1e5aa72
SHA51242139ccd0d2012edb5d9068a506a1edf184d37c3cd81f68ca45d5d528992c0aad3b784e07df04de76ce9c171ddd5b0679c96bf2b60128340302aead9bced63ed