Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20250129-en -
resource tags
-
submitted
02/02/2025, 16:11
General
-
Target
https://drive.google.com/drive/folders/1_1dA08FJUOnMLS3DC8lLOZc2UWciH5-8
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1_1dA08FJUOnMLS3DC8lLOZc2UWciH5-81⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac7cc46f8,0x7ffac7cc4708,0x7ffac7cc47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5636 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2208,5781486568668189810,1145150995493607159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\PvZ Fusion 2.1.3 [English Translation] Version 3\(Latest)\Launch Game.bat" "1⤵
-
C:\Users\Admin\Downloads\PvZ Fusion 2.1.3 [English Translation] Version 3\(Latest)\Game Files\PlantsVsZombiesRH.exe"PlantsVsZombiesRH.exe" --melonloader.hideconsole2⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\PvZ Fusion 2.1.3 [English Translation] Version 3\(Latest)\Game Files\UnityCrashHandler64.exe"C:\Users\Admin\Downloads\PvZ Fusion 2.1.3 [English Translation] Version 3\(Latest)\Game Files\UnityCrashHandler64.exe" --attach 4040 15687455907843⤵
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x378 0x4681⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1B
MD5c81e728d9d4c2f636f067f89cc14862c
SHA1da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA51240b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114
-
Filesize
466B
MD50219a4233f8beb975dea9308f660c153
SHA1ce70f05132dd29e4ac56808871b29ef2660ae9ab
SHA2560720ee6c0645355e68326723920d6880ddcc5386cde986dbc86aaf061c228dd1
SHA5125593a5308d2cb369b7060ba3d4766b33d62e279b48a4d21276ed2c10064c44c1d021db8637e6ab2fa5072ede8ba09fdec313b685434b079182728a24d4536b22
-
Filesize
152B
MD5a7b5a5433fe76697fec05973806a648c
SHA1786027abe836d4d8ff674c463e5bb02c4a957b70
SHA256c8d623536ebdf5ffbefb84013d1c8ff5f853b59f1b09c80364c32b8ed5e4a735
SHA51227be4c82e26468bbb9ce698ef305320f6cac46c953f88c714a0372fa524d098b9af2a87a88b14a134ff0f5f4b3d671902908622d2c7ec48e2c7bc458d7f5cc16
-
Filesize
152B
MD58ea156392347ae1e43bf6f4c7b7bc6ec
SHA17e1230dd6103043d1c5d9984384f93dab02500a6
SHA25640b28bf59b3e2026ad3ebe2fecf464a03d7094fd9b26292477ad264d4efc1c75
SHA5122479b86a9a31aa2f260ff6a1c963691994242ced728a27ffa2ee4e224945446a191bdb49ce399ec5a7d5d362499716133072e97d4253b5b4f09582d58b25144f
-
Filesize
214KB
MD5ba958dfa97ba4abe328dce19c50cd19c
SHA1122405a9536dd824adcc446c3f0f3a971c94f1b1
SHA2563124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607
SHA512aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf
-
Filesize
24KB
MD52b77b2c0394bfd2a458452006e617f96
SHA111eff89a8e3e64401818f81a02bdc84e8ecc4325
SHA256c46f001852fd8e16bb731f21cadcfa0cda8e7d064e11b0faa18d6bb8325acb1f
SHA51221dd89b9d6874539477e8b8dc8d98877c86595a8b0b8deb624547c3f407fb41550f65ff744c22f25c574994414a28e73f4d0794c5bd49be890fdac7906f0ba30
-
Filesize
1KB
MD576dd294429dee5b4561297a72fc449c5
SHA180e4120830f9742961dea3a98bcb596dd3d0c5f4
SHA256a3dd4bca80fc01e92325ae92778300aeaa446a7bda32b73723f8e972a2197606
SHA512e4f3c80b346fb51cf5d0a12be2cf7125f2ed8a055b1b8c59851cbef617c2440c042980b70e14e20647ae8e4a2797fce38e68495e7d9821ff3f109e0b59a9cec4
-
Filesize
4KB
MD595c2ebeaa15e3de03e9b3567025e17f0
SHA1e9a4ee70c624b1a81e9f717cffa798a708e29719
SHA2565e258d156f476aef0de966346164c001d387716972c60cd273c0ebffa19a6571
SHA5127003a5956ddd642a76ee070726fb883b47ba548cece9f95df2d1a316d5b6ce31161a3a8c32e0a346239a4b01929abc783f07e564490915b287ec417f22a41fe5
-
Filesize
6KB
MD511495c6582f2acf0c4158fe798af8c57
SHA1d3db01dd7ac347ac351fe94f306450a34ac5b31f
SHA25626d10c98a73b5659fdf0ada572eeea44ce99f7f8ac551da40319446888faa9e6
SHA5129b66458534521ddb1d885db798d27fd161cefb0ffd2a14dba85d2ceccf0a21ad69f0083ac85c94200e668e8d725e08d61a2ac57169ae44cbf3834a9efe38414b
-
Filesize
7KB
MD5ba2dc3c71e4836ed484eff6dd99cfe71
SHA16fda69d196e32c45fcd22204c64fe5d8098afa84
SHA2568fe621b37518c01a8c5c6eb25fafd2c4ca0eede8456b5be607f5055d1f334bf4
SHA51224a5e69852d6c8822661585e606d591fe726e3022219b0679e3b6a42b2676e7341830635df63bf32f13b057b2991e785d54106fa7e0f647783f9ed49c4ef3407
-
Filesize
6KB
MD5c478ddbcf4463be0e3540e7096008a84
SHA1ba1592357d3cd6722cbb0a60179cee7bf912a1cc
SHA2561142c5c670f25e0b8cf22b15aefc613ac3eceee9df838e540e2f6ce0b9cee20c
SHA51270d8a29fb4ad509bc3a3741cf892c375ceeea82247592705366c2cef31274dfc15d4d24d9f7d9c08813605930c86a44cb863b21f95399b3568f10876ec9d4be2
-
Filesize
1KB
MD5660a1617a634c9e992516dc8b07144d2
SHA180e7a0c8c9a8452d37ef7974610a82732983b974
SHA2569bf083cdba89cb5db7ae3dc18ba73939e6f125f5ab9aa62058925100abf447ef
SHA512f763986f05ce1f3cb3f4ab038f9984c790832988c3c1560936762d0a98e42455cd7bc1efe26a4e7015d6d3391c6a135bfd3afb8e441907e2989c08aa4a728949
-
Filesize
1KB
MD53efd4686c6f042e787fb53d73c1cffdb
SHA16859aa4952b58fdf0b4f88a7995131f5c5be9e98
SHA25640b6bf4cbfccf750f3e045f6118df0c5f9dee100d18e90844ebedb5b583e06df
SHA512a934527ff565445908087082fa8c03a62394bab53ad428fe04c658ea66479e94c2cc849c85b4f9fa91302b4a69bf465e5918d08fc33307d73169a7a44f8af4d4
-
Filesize
1KB
MD52c8cf564274110c92510e8462f3a27c7
SHA1227afcf441ef6a2cc2f5c8c268c3393567dd118b
SHA256725a252b91d4423b40f91546dabe6a680a5de4bcb6f07e24b89b2f222eccd119
SHA51230c4459003a35ae93d47622004dd7b179c81db49699ede043359bda9f77648771d083a57b096355729388ca0183489f872ab90f8a35108ccd57d6cf91e0b5170
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD506c39f201294c99e4f1e005763a8d129
SHA1c6b6c7bdf800f9167b54499bc6da2b84447fb97a
SHA2561d12705d415eebb70d15fade8bc065cbee0ec8d829036f0f862d7ac6778f1593
SHA512af189d693d68bd3f0fa847e3bcd6540801be64d881e6ac932807a6ca9464a4b09755187926c99219a1572c9a21cf719fecf8514b908d0d092f338a508d004ee4
-
Filesize
11KB
MD5a4e3854aabb4b149dc20cccdf200412b
SHA1a4a7ad5967ff12547987555045c3acc8df6740d9
SHA25628e5209cff61b8cfe29529f713c24d50ef7af6319de297fae34d88b9b8209df6
SHA512a8d5bde978c0c28da4e65d154ec5e417b0928480401700b9318fb60da4aaea8f169cadce1eddf9b26bdfdcfa3ab02ee13236ac1015e2d5a85d88cc12e2462d56
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB