Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
109s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
18/09/2024, 20:04
General
-
Target
https://slumpunk.com/
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 45 IoCs
-
Suspicious use of SetWindowsHookEx 13 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://slumpunk.com/1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82e9a46f8,0x7ff82e9a4708,0x7ff82e9a47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3512 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6066923308719115082,3768133091482913283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\SlumPunkBeta.rar"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
168B
MD56b7e44fa6a75f1b1c2221c8b10d92180
SHA1770a9765465edd25794cc3d0336365722345ed77
SHA2568f49901a76ce1bc7eb68f1c0e9187823f12474d68f303ff1b88e470d878ffe1d
SHA51240275213ddebc6466b0c4073280e7fe17f58fe35cc136ba95a2ea4be91f1108e91941d62ef275033a6bd0321c6baca766f28950e1f4cec680ff06eeb7b5be368
-
Filesize
329B
MD5439c76bb7ff5cd6ffc4c804a7012f82a
SHA1e778b731aeab4857eb071f3fc0d6e00fa30beae8
SHA256a8a23d54023d972a4d6df7b4f4195f900ebdc4c23b4542fee18d664990f422fc
SHA512d037f4ba5d3b410aeb35a918475d8fbc4ef38b1a2aab4a0dcbe3f8318a4714cc715ee6b06df8c738589b9b945c32bcf34a98ee3dd8ca21a366b96efff252fdf5
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
5KB
MD5f0710debf0d2733ebc0e6ce6f5f81186
SHA1af476d08aab93dfff19ad7a6f31040cfc604ab60
SHA256fe35341a462a354e2cfd2523ae9471ea21e1b54adcee22a43fc5e09f73da1f74
SHA51269a4ab0a5dd763eee43cb017041d3f558748f882d869a98322f1859cd7c7e6c3a8e8fcdd5a25926e55c27d0fd86bbc6b029e99ddae798155b4ec4562a39807e6
-
Filesize
6KB
MD5cab2fb027053bde26758c309f625f779
SHA1ba527bf557f4e6661616e40b1c1aed590f370b37
SHA256c396e046ccb4e2c4dcdb06f6cc20c3cb6b0b05215d670cc44468077837a25d16
SHA512803ea036dd1a75cb629f21659ff13120aee032c1ff08914a22ba73b61d3ee77158105888cf4bbcb7f6704500c76c0cc60d78021986fe164b178d468996915be8
-
Filesize
6KB
MD568b7d8b8f79e5bd7404b1c9765517e24
SHA165179ac2344ec8c4ab1d1e7f7ec215a348a17b63
SHA256f28560c343cd5796a55bfac10e9208b78d7648c063de01e97dfc55b49ff303d9
SHA512d1cf27cb91723c46efa7fb40edb82eb1e3b72121b0c30a50f1c363df3e3389205571d1a6e9ced50a7398c93f9b0a242c4d166dce293f67425f6bf8ca66a77f4c
-
Filesize
202B
MD52ec44eeb5d451e991be9fb12beab9304
SHA162d1c85de4099f7ed657a4846fc2a6e60d559f87
SHA2560e307d9257da55d3fc49b684df855e86ad9a46c6bc45f5ad752cd4ffe546746a
SHA5129227b433140d9e817a74c56a637c26257bc9908fd9d37423e4981f350f7e29f16f7b167995ac37f6bfd507b865a8e9b60a919ce1dfc4ea285ed106b5242c2e7b
-
Filesize
202B
MD5a6fba03b9a7a2847a3e76600ea8f28cf
SHA140887058b63ce45d1f57106cad58b5fea8ae685c
SHA256bf1ec72a3284061c077f2b710454edbfbb23b06c1d882d8497a4edf144ceb22f
SHA512b34037ab9e157e49520001537ac1910f0faabfaee69fc761797912438a5f3b007ead6fffcb0c478f61e006fb13cf0f71710011561a8c95f60eff3110f8f66815
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53e3e77f05b7e9770ee3bfb2ec11bfa50
SHA1a4a89739d507425b3fb411171883dbec475e5143
SHA2561454cd2dd8e507eefac64a56a4f50dc5185b15fd78b52296fbf0cbe5baef92d3
SHA512c9294c440c71aa5f863ba707fd92510e6dd0fe7a38a74576571dd752e25d9fed333ca70c308ef65dec55fbfddbdc96fba8ca3deb7620b7cd52296defc3d06564
-
Filesize
11KB
MD527c683c73e453c30b9d12f24fd7f3332
SHA1d9099de4840d7f42217d88ac99a18f19be03010c
SHA256e3d777cf40eb946db71644ec17e6fcac9369d4ea63a35b3a77606e0ab5889a54
SHA512217b6ee7c0481a7d741ea340e3cb20446b34ac4fdceba20fe74fbb3990c0ee8c43d4387afa6fd5f14be864bad18f6f8f55aa05390368e91c7ed8b158fc07aeed
-
Filesize
10KB
MD5c9850771d184a76f9acc1e5ef471afa8
SHA1a4cf0125fd870b596bc87e5b0d02200207e32f78
SHA256bcc26d56e371069ad542148fec8d9a6cc81550eea60b9dd0291855e5056dd8e0
SHA512c835ed7b661c8cdf89463860ab92f6dd567bc71084c8908095be8fc97a21094966416ebede3fe3b5dc2dadc97222297ed8d139b39eabf07e5adbc559967f5452
-
Filesize
10KB
MD5ee028348cd47da919e08f2e7aca62e6a
SHA1f223aa95a369fb94d40e9f8b8d37bc5c35fc8f3a
SHA25641933fa448cce7a16b8af90f465634f0e0016d1b3dcd36972bd6c497e18aacb2
SHA51252ee4a723b86699da0e700fb2d429ed4ce40a927bf5ce96e6ab09da12e65c37da7b6e7938217978d46f1db69bf9a134c4a79a101831fa3a65b54fc68efe755dc
-
Filesize
79B
MD52737be2e1ecae191130503204baa958c
SHA1e21775325fcec075f4b1c4c3675be6f4cfb2ef51
SHA256a82d61e3065c94407aa6e9e20df499d552326c5750c7acb3ee9472baaf079198
SHA51283cf99a8f85786ab1a917e48db57b096b3dab2ef3c6909fa3f2a8c4dbe37c8f5a67ef3a2025eac52c15fd2885d0f2b86dc86e65eafc2694e0c0b76920496f031
-
Filesize
116KB
-
Filesize
132KB
-
Filesize
68KB
-
Filesize
92KB
-
Filesize
68KB
-
Filesize
92KB
-
Filesize
2.0MB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
96KB
-
Filesize
2.7MB
-
Filesize
260KB
-
Filesize
16.7MB
-
Filesize
24.4MB
-
Filesize
16.7MB
-
Filesize
16.7MB
-
Filesize
68KB
-
Filesize
96KB
-
Filesize
208KB
-
Filesize
992KB