Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/09/2024, 12:54
General
-
Target
https://only-fans.uk/YourDaddy
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 58 IoCs
-
Suspicious use of SendNotifyMessage 56 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://only-fans.uk/YourDaddy1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5060 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13911969698006182412,18094520338824550125,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3044 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x340 0x2441⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
Filesize
277KB
MD5cab500cc8f9df1a564defba1f80c203c
SHA1a233916473fafc40fe8925de387d42d9c04c0ebc
SHA256b4bffed3ae95ab154ca1e64ae74fe7280ad0adc81d3af3ce9d019a871e129146
SHA512321f029e09f0fc99ac62a0adea622678aa83e674245627b499b99c2fa42d4da2e929cf3cc6ffae2ca0cfd15e762f1269a852014a83f0e65b6f82f41b432b886a
-
Filesize
1024KB
MD56c1284b3860ba6930d7307cf81731979
SHA1b4551c519bbbe4160c39140523072304f9725610
SHA256bf2d03a5ed63547fa6686741b6ffc1c01b0ae55545909bc32c09ba51802a1425
SHA51216c7c0f7be64e6aac973f531d11ce169ff02bcd8655b185fb0ac311761f7c863f7df021ec948afa159a69a74e2aea816666f33127bf6a6c9ff5f08b58e3ff3d7
-
Filesize
526KB
MD5c988d721318a71c85df92ef19765fbbe
SHA1d6e589ac1c4ae49fd51abc4985e817200dff0d57
SHA2568aee03e83b3a9a612dc7fe47eea413cf19c20310415f761a65f0a55ac0e13c76
SHA5122223239dfb98d332bb95d0909a3e55c70a861a5fe0ca7f6b36877ca7ddcbc4108f83a2ffa92ec652327f7b8da90d8cdfa05d9db08f2436608b8b1285608a652e
-
Filesize
529KB
MD5d648b28ff48c0920ceeefc0e544ec191
SHA1106d0b17d2bb93319bfb26a334820591b8f473b9
SHA256bb7c40c4084528087eb34c40ae88c04a84ecdd1be743f866443e1ad2538c6abb
SHA512e9a1619794a4dde77e04244f5bdb6a6e743f55a5d96eb8a0dfa84532dfc3cbf869d0adc40db021d457bbe15557416c6209e346433fd96ca13b334ba356b7dd0c
-
Filesize
606KB
MD57d896b61b5c5eb45e69d84342dfe24c9
SHA1514e582260aca0edc12865b0833e49bf753c95d0
SHA25652564414fb1423d709d2acae923a6d626a5dadcbd0ca7e41e104cc125bbac30b
SHA51278d9d7f7128ed83ba6e29a259af1511c66783c4321d0c250a3351613bffa3fe988c98ce12221b7dbd69b539a7ddcff03dfb8fe175a7fa63212d623ce38051d1b
-
Filesize
507KB
MD594b165afe58a445302507a0ef2892662
SHA15ec618722ae593fdbaf046e7ebdc038df97aa0f7
SHA256ab244fa0be32f8444a70f79e46c3868cbf8dfdbd33c5c9ee3629e046a17867c7
SHA5129d86f80805b91776704ac5de61d79910f09070ee0fc2d6b46997af51b2ada49e304ad30f9c725dd5ee4f5a3bb57e6a7517ce89f5f592a33101383766b9bb3272
-
Filesize
384B
MD516a3caf58d72c51eaefb2db82f08d60c
SHA123e805b4bb3221a738b49dd81965c3fca0e27f91
SHA25675ba2ecf6adf708d4123d0396db6ecd3257d55e3393bd8327cf3cd4e7f1d19af
SHA512daf691526a1d74462c5815cfc0a952c8b48de2444f7e34a565513119cd7df3f09725bdebb94e45ec89e04d4cab21020426bb871360e6c2773708ff39f916a290
-
Filesize
1KB
MD5ac9ec6127c0997030211e129ab1915af
SHA12620d9ebbec647f8fb2e56f0353dec6da81fded5
SHA256136a168f3f12a8ea4f82640a2f1aae06cd400a6a48645b2c0ed4ebbbf324cd49
SHA5125339bce1c24d6ee93d0ec80c4c028b29c952858af21a20cc383daed0cca3b991e5bde501760cd0d68b021b6130201436ca452d796a41ed2ff7e98cbaa8f72cec
-
Filesize
5KB
MD5255ba5482675a4568a4c5e4c6a7d36f2
SHA1071c22b895318bc9792d0821812d4165f6870f3c
SHA256e2e08722d66840542291a6e21991fe7bbf8347bb75b1ddb48ab2b9b8bc898690
SHA5128fe2cb508c36a8bc55d97706994a4feba50b74f0a4dd0664307c2793ba934ae25aac5282cc07cdd70ebaeff5b3de973493523ee0166121ab3c8025a104cdf96e
-
Filesize
6KB
MD51c13ac9420f46c8d044bba7842c7baa6
SHA18b1e4d3464226e8d73eca0e3ef4d4e907fef8c2d
SHA256c5b3235087672926c78e1601ec4cfbb0eec5cb8a94368f1985f1ed29ccbdafb7
SHA51230d91c376265c37ca4260ba312401cfd14f20cba0bd677d32ef1645b795b0d37e1cbed8cddde4054fc85b2dc508b9de6ca8f4e88b98c16cc8f40f5cbb613393b
-
Filesize
6KB
MD5d26d362de709d6c45f60caaac7159a3c
SHA1baa40440b61eda649ecc33e87e9484e7a4ccbb38
SHA2564d57ec7aed8595be4377458aaa9cb66a2a2c8523786b23022f6fde446971dd01
SHA51224a1a4ec1495ebe8f6708c40b54577e8670cbc8539ff163bb980c9ff8043bf40a1f7d4fe9162dcbbf70c869b3ca7c510ff96c5d21f7743dbd9cd31d81a7647c7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD57fff7d10b0128b966b6e2fc013651ba0
SHA101631b362e1455533b370ff5133df4ba65b6cc82
SHA256dbb2e66477a6c1a805309938f4af90505a76dc6c5f0b1913806078b98a31d911
SHA512ebab491b8df2001b72ba75a36cdf823860edfbf82b05e4b6dcee9c98bf788d6910b11bfa8d3080fadce69ea7c3992d5acecc4725fabba5416c8e1a142fb95a3d