Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
107s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
11/01/2025, 12:30
General
-
Target
https://styeamconmunity.com/refitr/bopit/truki
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://styeamconmunity.com/refitr/bopit/truki1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff054246f8,0x7fff05424708,0x7fff054247182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5416 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14560890662968498335,9879333141712362420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b8880802fc2bb880a7a869faa01315b0
SHA151d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2
-
Filesize
152B
MD5ba6ef346187b40694d493da98d5da979
SHA1643c15bec043f8673943885199bb06cd1652ee37
SHA256d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA5122e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c
-
Filesize
528B
MD5503c231fdb6402ae5f5da076ff9e4ad5
SHA1faac1e71997649fa886483b52385049ec0c73148
SHA25606db035c2d433201426f219f7460ad71be58d7c515e1a7a48a91eda3216f0739
SHA512f00c30b9107ab9930d4ac93cf57d9c6cdb3ded7a430fd6fb116bba57df507205aff538ccba355b2ff628c8066b9f0839d3da9f59cf0846d01b7e1c0826049f3f
-
Filesize
120B
MD5639e9b53c93b48f66c1457e753423e10
SHA1df073cf35d67bf1381c6cf1ac823d680d7a7ea7e
SHA256f9b9fcac1c9e086798598e5985f14e4a696568c811e58ada6a442bfe7094b16c
SHA512444bac7836959d3390b48c9fbf78236cef02ae24a4f14324aafb65a9f23a72bb1b6e57e15aed6c543dcf162da3c29edb91d4dbb5eca55187f0b8dbfd26775f71
-
Filesize
1KB
MD5105b37d75e508d51048227677b7d58e0
SHA1cd153e120428be0bfbcf71d010ca7c59272a184b
SHA256112a12f43e7e2bc053069fa074c09eda6710904f2e2f7703b8eb2d833b415cad
SHA512c76df5b7165e8561b3f72b5624ff66ebcf172af7693b6ab998b0d9fa1ac5fba627c5995d2313443089c3cd3c096e887fe7f575f7758caca3af7ba6658cb798c7
-
Filesize
6KB
MD583e34fffcc28265453a00762bc5ddc19
SHA1ee211ad1172c015aacfa15be7ff818ccb31e3b90
SHA2569722409b494d57573cc3cb2393b1dfbd1b63ceb6fdbc60a636babebad54cdfd4
SHA51272d3eab4a32556f919d14211e844f9843099c10770aa9954380bfd5d61aa69e975433d1813674cddc65566691e843f0386db42cb41d8d2a2a1f98c07fe4cb30b
-
Filesize
7KB
MD54c3d8f096493f04d9424e4ced279dd98
SHA1c01e33dea27d21bc06fa71f67c11477b250b3687
SHA25661306908fc02313496edab66091565471d6a9e0d46821538ef5ba222329eb6d9
SHA5120ee8d5794a6ae98c7af0f66431604152ea005d6c4e1843e277c7ccbe1f7c8ee02cc029fd9ee62a05a8c0bb0de99930a05e1e33719c2e22cfd0695d7a63c8925b
-
Filesize
8KB
MD57a82dbf1e3a7977a9cab3d76a2268f12
SHA1905ca9da4165f344bb6bb84d3d8f84f9fe56851f
SHA2567620763176da2c5d233cb7e6102284cf1a8681f74c371b842016f7228e377d05
SHA5126c9f58576b1a9774e62add0c742cd619748ffbdb862a22f35e3b8f8c4b06f1aa6511e579095c7b0fc0d2de7bcbc0a111a254e8f8b572f4f3aead238ba4939419
-
Filesize
7KB
MD5f77622fde638602fbfe5391bf903f769
SHA169e01884592e2ed881e68c4849bb1edf161a464a
SHA2569144ec7827326b7fc9944d2d5478ecbc6b31150b1e06a6dd490139f10a8cfd85
SHA512ec2651db196bd086436c7eca3ba883a3edb06209b7d836881c55fec0bbea0fe94d41af43ef8decc6813d7bff3b094040f1da1463e5f90e31326900608d17e337
-
Filesize
6KB
MD588ecc0e67892b4afdbd53009ba288df5
SHA160ebbd746ae95e74f59e49ca3fe38e4007fb08f8
SHA2566c6e10add613773139cb9074f57667960478d509375ca59e87272644c0a6cc83
SHA512f1a497514a57188e79ba92a5c131a34035504ce7dc3e0de7f4311690e71a22d25e9bfd30a329c2a72c541a2367c3d1686c860ec8398e0b38f38ce9aa45cbf34d
-
Filesize
5KB
MD53868c291e373add8c54be6ac973e7562
SHA16fb9d7c9a869157b0afd59dec3917dbe2b608d80
SHA256d7a07dab313727cb918c415a87704eb7d11a433ed7b5e6d2d978ca22fe246060
SHA51272cef66f4f3df5c108087bab9e77cd65e8467aec338a6a268a7bd6368d440854a39cf0da0ebea9a8a838626a39058b3a4ae50ebf18ab59327f88f9d9c489e0ea
-
Filesize
1KB
MD50d74bfafc5de1a714b0c7c492c7194ab
SHA15618547a9b42e2b1c94c98609a581d4dcc935860
SHA25692f28a68196c5b6f87f80f1e4a6319d598c3c78a3594e3df323df0a4cbbb55af
SHA51234802e6ef3c80d76f14c2b3a02ab69999ffdd418c6e034ba20a70908e05254bc1b2e07a6a5238652d3fd8fe1864d3da4397508627e311d2c41c59d5c053b1f2c
-
Filesize
1KB
MD57198358f4a181264139098e35a9e0e3d
SHA1769576db354a8cbe3822ec0def53aa9d1653ef9b
SHA2568e522d079a24faf34878f807a8893e59a90a65f82d44c6509b9f5a70917746aa
SHA5129a7146e2e7cc730588809c24ca7ace72c5e02d0ea09d0a4b6ba566f6a5469577344abb286eeba8658578ddec1dee78778d17686731f084471e4464aa686f2b9b
-
Filesize
1KB
MD5bb1923e97769ea5187052a45a0604b38
SHA173a692d2349f1c2ef4ab7e5f97b846a479ede2d8
SHA25693665bd1ef3a0af2b4751465ada784f0fa461de85aace780b348d5970591be42
SHA512d504f4cf5c8832924c563f6ac749daf6c87687d0156404e6f84464370c363953f307a87c4f899eaaebc3fa42491d27a48bfff73885e795679a2aaec6de9e000c
-
Filesize
1KB
MD5be8144bfba36d7d6a6b2fe04c06c6796
SHA182105805437b74171ced3b4332755533900080d4
SHA25647513432d0844b443652c4a1f930592d115e91de81ab5d940622f55531d4ed1b
SHA512975d19c301051512d0ee3ef88c5f5fcb3e12b80e1d1a6265119d1d81c0a27006069a85440129e5185f11c208766f0693c1dfdaa870ebbf8666a91cfeb6b64274
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5531b399c3391a4a9b0bc2e06025d071a
SHA1c6a9590319d961d4383480601e8b5c98d2e4952f
SHA2566bbb327562e7c04fd70c44478cb6dc6096d111f7b7bb04889105f364f71139a0
SHA5127a17ea28af8f27428432d2bba7dd3cd63f1524b85d1e219a2eacdc3694ffffa16ea015f0bb2b96bc7a82cb4cb151ef3ee482f1c29467fb919fcf37dcc8b13da4
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
14KB
MD5edc97506687317432ccf3fd391252356
SHA134a81d17b6c202eebadee7388d4a0cc464065b74
SHA25659f4babc88fadce20affb0fbc76c6882a5ef667e84be6756c5c57f37ebb9f6be
SHA51232c9afe6b8c60946960414f64c09abec20da22c260a04e0915c2e2a26bcbdbebcc295d9396eb83b5db773eb842590dcf2489c3f0b9f2666e050c3bd4483a03cf