46e5f9e2ed520c184ea7026b991f924593f9819f1a5e7286fab94d4b725031fc

General

Target

2025 Trianer.rar
Size

11.1MB
MD5

2bba72bd34bbdef434d56c2685875b77
SHA1

86b0138719deb49cc2780bcd346ce045eb0c95e9
SHA256

46e5f9e2ed520c184ea7026b991f924593f9819f1a5e7286fab94d4b725031fc
SHA512

7db3cb2ef3a1ed6936da4aede5099c28eacc29e8ba44dcbcd3dec23924bdf83a39ff4bdf27c4f0bc44952ba35527e7475c01f2c1c98601c3c5b4ec36ea08ba4a
SSDEEP

196608:G+L8IztDc3V9CJmgysbdSqYqVMuqEhUtaQ3e8kYOL0AnFHJEsQiy+JIhMy:GSh1c3VvgycXYK7pm9CL00FpE3+JIGy

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
36	1484	Process not Found

Executes dropped EXE 2 IoCs

pid	Process
2396	setup.exe
5072	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E60C942F-7A6D-44A0-80F9-47CAC36ED129}\EDGEMITMP_3F6D6.tmp\SETUP.EX_	MicrosoftEdge_X64_133.0.3065.59.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E60C942F-7A6D-44A0-80F9-47CAC36ED129}\EDGEMITMP_3F6D6.tmp\setup.exe	MicrosoftEdge_X64_133.0.3065.59.exe
File opened for modification	C:\Program Files\msedge_installer.log	setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source2396_1973060741\MSEDGE.7z	setup.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4504	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	1528	7zFM.exe
Token: 35	1528	7zFM.exe
Token: 33	2396	setup.exe
Token: SeIncBasePriorityPrivilege	2396	setup.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1528	7zFM.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 2396	2576	MicrosoftEdge_X64_133.0.3065.59.exe	102
PID 2576 wrote to memory of 2396	2576	MicrosoftEdge_X64_133.0.3065.59.exe	102
PID 2396 wrote to memory of 5072	2396	setup.exe	103
PID 2396 wrote to memory of 5072	2396	setup.exe	103

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\2025 Trianer.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1528

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MURGQzM4MzctOEMzNC00NTc4LUExNzMtOUE0NjJGNTNDMTVGfSIgdXNlcmlkPSJ7Rjk1QTk3NEUtNThGNi00MTVDLTlFMTEtNDNEOUZDQTlFOEIzfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7Njk4MDg4NzYtQjA1RC00NkFCLUI4MzMtNEI3MkJDRDZGMDE0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODMyMzYiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NDI1MTE0ODAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTY2ODAwNzUyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4504

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E60C942F-7A6D-44A0-80F9-47CAC36ED129}\MicrosoftEdge_X64_133.0.3065.59.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E60C942F-7A6D-44A0-80F9-47CAC36ED129}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E60C942F-7A6D-44A0-80F9-47CAC36ED129}\EDGEMITMP_3F6D6.tmp\setup.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E60C942F-7A6D-44A0-80F9-47CAC36ED129}\EDGEMITMP_3F6D6.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E60C942F-7A6D-44A0-80F9-47CAC36ED129}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E60C942F-7A6D-44A0-80F9-47CAC36ED129}\EDGEMITMP_3F6D6.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E60C942F-7A6D-44A0-80F9-47CAC36ED129}\EDGEMITMP_3F6D6.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E60C942F-7A6D-44A0-80F9-47CAC36ED129}\EDGEMITMP_3F6D6.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff6712f6a68,0x7ff6712f6a74,0x7ff6712f6a80
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

System Network Configuration Discovery

1

T1016

Internet Connection Discovery

1

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E60C942F-7A6D-44A0-80F9-47CAC36ED129}\EDGEMITMP_3F6D6.tmp\setup.exe

Filesize
6.8MB

MD5
1b3e9c59f9c7a134ec630ada1eb76a39

SHA1
a7e831d392e99f3d37847dcc561dd2e017065439

SHA256
ce78ccfb0c9cdb06ea61116bc57e50690650b6b5cf37c1aebfb30c19458ee4ae

SHA512
c0e50410dc92d80ff7bc854907774fc551564e078a8d38ca6421f15cea50282c25efac4f357b52b066c4371f9b8d4900fa8122dd80ab06ecbd851c6e049f7a3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads