Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10Win32.Mars...nu.exe
windows7-x64
3Win32.Mars...nu.exe
windows10-2004-x64
3Win32.Mars...PC.exe
windows7-x64
7Win32.Mars...PC.exe
windows10-2004-x64
7mars/panel...n.html
windows7-x64
3mars/panel...n.html
windows10-2004-x64
3mars/panel...min.js
windows7-x64
3mars/panel...min.js
windows10-2004-x64
3mars/panel...min.js
windows7-x64
3mars/panel...min.js
windows10-2004-x64
3mars/panel...app.js
windows7-x64
3mars/panel...app.js
windows10-2004-x64
3mars/panel...min.js
windows7-x64
3mars/panel...min.js
windows10-2004-x64
3mars/panel...ker.js
windows7-x64
3mars/panel...ker.js
windows10-2004-x64
3mars/panel...min.js
windows7-x64
3mars/panel...min.js
windows10-2004-x64
3mars/panel...min.js
windows7-x64
3mars/panel...min.js
windows10-2004-x64
3mars/panel...ker.js
windows7-x64
3mars/panel...ker.js
windows10-2004-x64
3mars/panel...min.js
windows7-x64
3mars/panel...min.js
windows10-2004-x64
3mars/panel...nit.js
windows7-x64
3mars/panel...nit.js
windows10-2004-x64
3mars/panel...min.js
windows7-x64
3mars/panel...min.js
windows10-2004-x64
3mars/panel...ore.js
windows7-x64
3mars/panel...ore.js
windows10-2004-x64
3mars/panel...ced.js
windows7-x64
3mars/panel...ced.js
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
18/02/2025, 17:57
Behavioral task
behavioral1
Sample
Win32.MarsStealer/Mars-Stealer-main/MarsStealer_Menu.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
Win32.MarsStealer/Mars-Stealer-main/MarsStealer_Menu.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Win32.MarsStealer/Mars-Stealer-main/Mars_Stealer_cracked_by_LLCPPC.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral4
Sample
Win32.MarsStealer/Mars-Stealer-main/Mars_Stealer_cracked_by_LLCPPC.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
mars/panel/assets/css/jquery-ui.min.html
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral6
Sample
mars/panel/assets/css/jquery-ui.min.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
mars/panel/assets/js/FileSaver.min.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral8
Sample
mars/panel/assets/js/FileSaver.min.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
mars/panel/assets/js/apexcharts.min.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral10
Sample
mars/panel/assets/js/apexcharts.min.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
mars/panel/assets/js/app.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral12
Sample
mars/panel/assets/js/app.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
mars/panel/assets/js/bootstrap-colorpicker.min.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral14
Sample
mars/panel/assets/js/bootstrap-colorpicker.min.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
mars/panel/assets/js/bootstrap-material-datetimepicker.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral16
Sample
mars/panel/assets/js/bootstrap-material-datetimepicker.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
mars/panel/assets/js/bootstrap-maxlength.min.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral18
Sample
mars/panel/assets/js/bootstrap-maxlength.min.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
mars/panel/assets/js/bootstrap.bundle.min.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral20
Sample
mars/panel/assets/js/bootstrap.bundle.min.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
mars/panel/assets/js/daterangepicker.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral22
Sample
mars/panel/assets/js/daterangepicker.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
mars/panel/assets/js/feather.min.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral24
Sample
mars/panel/assets/js/feather.min.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
mars/panel/assets/js/jquery.analytics_dashboard.init.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral26
Sample
mars/panel/assets/js/jquery.analytics_dashboard.init.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
mars/panel/assets/js/jquery.bootstrap-touchspin.min.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral28
Sample
mars/panel/assets/js/jquery.bootstrap-touchspin.min.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
mars/panel/assets/js/jquery.core.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral30
Sample
mars/panel/assets/js/jquery.core.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
mars/panel/assets/js/jquery.forms-advanced.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral32
Sample
mars/panel/assets/js/jquery.forms-advanced.js
Resource
win10v2004-20250217-en
windows10-2004-x64
General
-
Target
mars/panel/assets/css/jquery-ui.min.html
-
Size
279B
-
MD5
3d94c5db6219640112a01c9f126e894f
-
SHA1
042b019ca257c1c8f979ee8c2e13105ee2d92327
-
SHA256
d36921d85f158a051daed4dd44ca81fc98a4b707c71f0b587a3e8df8d683f5a2
-
SHA512
74da9160f3a50e944a922a209dda4d0a2c4b088b646e57fdf7d2e707d70594d280c89855acadd09ed4e0a1b37fe9b7d758ef7e00b3fc5290386ec1163a853f83
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 228 msedge.exe 228 msedge.exe 3024 msedge.exe 3024 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3024 msedge.exe 3024 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe 3024 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3024 wrote to memory of 1596 3024 msedge.exe 86 PID 3024 wrote to memory of 1596 3024 msedge.exe 86 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 1484 3024 msedge.exe 87 PID 3024 wrote to memory of 228 3024 msedge.exe 88 PID 3024 wrote to memory of 228 3024 msedge.exe 88 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89 PID 3024 wrote to memory of 2852 3024 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\mars\panel\assets\css\jquery-ui.min.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3024 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe838b46f8,0x7ffe838b4708,0x7ffe838b47182⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,8714872868168492134,15968118103311432346,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:22⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,8714872868168492134,15968118103311432346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,8714872868168492134,15968118103311432346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:2852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,8714872868168492134,15968118103311432346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:2928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,8714872868168492134,15968118103311432346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,8714872868168492134,15968118103311432346,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4768 /prefetch:22⤵PID:3656
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5052
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4588
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fe6fb7ffeb0894d21284b11538e93bb4
SHA180c71bf18f3798129931b1781115bbef677f58f0
SHA256e36c911b7dbea599da8ed437b46e86270ce5e0ac34af28ac343e22ecff991189
SHA5123a8bd7b31352edd02202a7a8225973c10e3d10f924712bb3fffab3d8eea2d3d132f137518b5b5ad7ea1c03af20a7ab3ff96bd99ec460a16839330a5d2797753b
-
Filesize
152B
MD51bed6483de34dd709e03fd3af839a76b
SHA13724a38c9e51fcce7955a59955d16bf68c083b92
SHA25637a42554c291f46995b2487d08d80d94cefe6c7fb3cb4ae9c7c5e515d6b5e596
SHA512264f6687ea8a8726b0000de1511b7b764b3d5a6f64946bb83a58effda42839e593de43865dafeeb89f5b78cc00d16f3979b417357fa2799ca0533bdf72f07fda
-
Filesize
6KB
MD5f8f8e7e29db62edb9a10e49e61964cfb
SHA18b6e417f3b405414e6adc603e143c688bd6c3a37
SHA256d8d3af0bf477bcea643cbf4f1e737cdec60c019f42f376239e89e3358513e5c7
SHA512fb9d37ab5ee86518b939ee793502134c82ee30db0cbffbf958af262c43593ef69c3311e68e7358cfa39346735a5da10afca4159f742be74111f7129466339982
-
Filesize
6KB
MD5daf800cd5946e64ea2e9336a4744641c
SHA12bebd04a1b6625218d4bf7c6c85d856825dedf57
SHA2560f8733e9030e1166c1824e5f45a71900fb9f2b1870da9e65eb522acd3a0cc5e6
SHA51286ed90e437e2081ae76a6680fa69901209adf86b4ed1c02afc684f49fd35d23017e7b7e793684524c5e3f360061c1e99f13aa1dfb6a87ae63d87cbfb3275adba
-
Filesize
10KB
MD5ca5088d34dcf193a20dff66783587d35
SHA1c0a5e4e145c4d8d6312ba8ded0ab914910c1b487
SHA256aa246f6f19c0a0ebbd37fb57093e7507c4bd069d5841373fb42010821ef9e777
SHA51259dabef2e51cedb26b7a505bd825f5e855d053087596f216fed9cbd152fd521b4f47772801328681725dce86d262a260f5bcd569bb6ffbfcc0f8b89e767417b1