Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
18/03/2025, 19:38
250318-ycrjca1kz6 618/03/2025, 19:35
250318-ya273a1kx9 918/03/2025, 19:32
250318-x86gpsw1hs 618/03/2025, 19:31
250318-x8flaaw1gs 318/03/2025, 19:29
250318-x7f6es1kt5 1018/03/2025, 19:25
250318-x5evks1j19 1018/03/2025, 19:16
250318-xyyn4swzdx 818/03/2025, 19:13
250318-xw6a6swzb1 1018/03/2025, 19:04
250318-xreyeswyfv 818/03/2025, 19:00
250318-xntmeawycw 10Analysis
-
max time kernel
136s -
max time network
146s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
-
submitted
18/03/2025, 19:32
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe
Malware Config
Signatures
-
Drops file in Windows directory 9 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x28c,0x7ffdfd6ef208,0x7ffdfd6ef214,0x7ffdfd6ef2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1820,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2556,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=2608 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3520,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3508,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4860,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4936,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5856,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=5784 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5856,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=5784 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5984,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6484,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=5992 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6500,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6508,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5228,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6660,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5252,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5952,i,6201726945539683557,7728059918409751937,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5aa9afd16e8041e8c80250b50ea6899e4
SHA1a3a698d431952253255c343f2b35f74e73e63088
SHA2562bd7f856d73f78bc3a4de32b447b21babad42c009b19fcebe2f8cdeca2380926
SHA512344de0888df8851d957ca6fab055eb9e2f1aa6d958022c2c30442cd6aad4d158d0a99f8908184abc60fb1e0ccdd3d9395d8c0d37fc317d3700974c3348d4a5ff
-
Filesize
4KB
MD56745ad6615526c3115228c5632f7e9ea
SHA1e16a3e76b6ea4f0679e2235a689ce2eb3672b359
SHA2563eff0de2c055c28c1b80d71c4d27d9b8f6162017c384846ffc85aa25d800d790
SHA512fc611b3660d505e0e2aec700610af68457c392fe135da339302d197404ae83cf2aecb654afa291f5d78217d556cee7e917825cf4fec9105ee78a27169cef60a8
-
Filesize
3KB
MD5d0a48cb20154922c94a5cb2732cdf120
SHA1e0291a6e6cb1598ca9407d837c7863153fec5a3d
SHA256f9c2ea88347cedae92e143ec7a0044ea8572bf065284b15788c05029956a83c1
SHA512912d6a619d11b4332478555566fe6b6e39ec46e96a72c6bdd20b60077b202a4a01c6373e4bda0062996107b5a2cf55c3ed3c02a09500b2936879dd146f06390e
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
2KB
MD5c2cde817a3bb86a180a2912d7635e3ed
SHA10ec15cb3ee8809b7f0f54b3362d3d0500ac92ab8
SHA2561d69972469fdec11c8d1c91e02cfd6aa3d6915def42a9e07a82a641c2eae0b6e
SHA512700afa6624519cc8f2b8c9c5f3c989b708e96b6684f8ce13cc19dd9bb166d6b80510340d0cc16190445f4f33db97d062ded92e0d33ee41506e959a16b93fdc33
-
Filesize
2KB
MD54763fb76f814a9eb8db5638a5f182d89
SHA15ee9e8af426a6965c0d566d241382e55834192ca
SHA2567aed6dad644232a40b489bbefae5fd49a7cb3f9b269337f9fb051f1880988101
SHA5124ad4baea00e6d59bd6236354b3ea23d8f07416fb7120666f82bef883dc284cf7b06a5121778892bf526c7b53833d5530daf564e383731c7bd2f2d51c17c701b5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD54cda493b2b0c4d223b7b06a93df1926c
SHA1b08138145e6e4a54f75875e8ad856d408057ec47
SHA256d4f552e9256a8a348209cd6e20bd18f3159815bccef9660376eb3f436cd6fb76
SHA512a4a8db6c9436b275711ead01055cf4ab8cb4199454d623760946940b6e1d123b6043f499792a79147ecaa32694603ba2ccc85b9a0a68584673cb3bea77b420f0
-
Filesize
16KB
MD530554ad626ddd2deea354c2805bc105d
SHA1c969b2319566fbbbfec1a16afe67736ff56c46ce
SHA256de5403ce2db351a4e5020400f334382bad67604d868b9c87e25bd99e892513a4
SHA5124f6d18ae8f9f4fa09ff825a0ad975bc86611880b65703a1d37d9b2261d614bbbeeab5f266ac00908706403789e0d968187f2b551a42b43cadd463ffd698f229a
-
Filesize
36KB
MD529d99ce4830da19bb6415317a5b024f4
SHA1e0b6d83ce6d73ed0332439a2b4be1f370ce9f1b1
SHA25638565e64051c5f205fcdade125fa9e08b9d17024a940fc617dcf414baa593267
SHA512c9653499ca33df126bda75ceb839ee6be79cf7b730f1cbc402b542df974e23df6f01b74a8ae38175cd64a472f3d47930809ba48f53d757d40a132c06ee5a510b
-
Filesize
23KB
MD5dd115e7af645e9da726a288d4b7c1010
SHA1fd6f6defcad29de57a6bf658a745c6223e2dbe2b
SHA256a7c6720e8a778c1f03b29f64863b7e56624647b53d2a17a0af93ee33992f60ed
SHA5120904c7c026028f021d06a5207c25b31a487fab79dcbb9b289ec2aea555277485e124c1c701b752f0b90fe937b276c9beeeb3a89ee10c3d192e553419fde01ab7
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
900B
MD5eb29a3c7c50002850de77ab0993d69ed
SHA1954adb39810923f9ee929e57fe7f64f40d0352b7
SHA256d281d2f25b17314b55ae09d2b72142a18ddd19c160aa959a286e3f80349d2a8b
SHA5122ee3d99a14e350559902fc5eb72baea3f5f13fe3a387830fa1431061a39dc8c98e6b97e8954bf2d24ea3cbbe16d30242da434b239b25f39b716f72d9c3f2f5cc
-
Filesize
467B
MD5a82a58d9c87cf616252c75dbaccf2e9a
SHA189fa631e46f4737ca97c7b6c15b99dede6a1432f
SHA256ee8d1656edd3d6184f68a9ffa4917ec1103a5a62683ce73d4c439a86e5f40421
SHA512ed67df0b28b3072f868b30cec743d9d58e241c7d48d2e02e6d3ecd195d4f01e19d1337bbae7c58698a6c190bfd6f62baee157e5b1fdafe526f7d02f62a6465f3
-
Filesize
18KB
MD51bd36ec738b89c9ac187e47fdd26485b
SHA1610d7e608c0f0fde8c4da88955a57114bf30b00c
SHA2561fd5cb98dd2abcbfac6fa5a24599dc0a0990e3f38c8bf2c3a78bc88beec3f87d
SHA5123846bde9794f1d91b73de6bfd5dabb46cda14346e3a41bd9eb412661e7a8f43ecc1399e1fe4c623bfe9de8c0f59bd0cfdd89b4c8f7427f194fb057e09f3b44d1
-
Filesize
55KB
MD5f71f515893a9035d97f4b103a1465c5f
SHA17e9d208643041128441bc79abebc5bded790b1c4
SHA25601a4c658d541c94a58ea76c8b7f58a9a203f62d3c806457d2a8a71d193441c29
SHA512378e2f5d7b7d9c41756caf4ee1c52140fa5fa701fdcf5c8d120a5ca80a8db729350b485cb20ab720936c60bd863c24b02ebb8b4371695086d9eb5dd5c90980a5
-
Filesize
50KB
MD5ddc36297cfd39a690f390dcd1187cd73
SHA1e16a8fc609b678a2d859445ea61f6445661c6cc3
SHA256ec279f9538d22050c7804ee19320950ba1c0cdafc8e9d30258894854647dbf5b
SHA512c3cb5d272829c045bf15ce89f17f24790a7a984e119425a206bc4e71257fe70940324273ff08f7feb1b9ebfd3351691a09ec848dbd419c7118b14b480f150b69
-
Filesize
41KB
MD5e48e6f102017a6cecc80b37175aa88e3
SHA1c60eeb48a24039278ce8a7ebb0416b111f75a5c6
SHA256e96a86835816e98f17ec5f98a4ddb6c4589a5ff5c2f894a59ec508ba4c78ef7d
SHA5124f4774e5d22dd0ae43d0a427d982d01946a60d585e96ba2af866938d0afbcda313c65bbc5ccc788ecec809d892c7587c172ec956f59b91636b078cb5daaec20e
-
Filesize
2KB
MD5d723974449361bf7932de9a3a6dd4c57
SHA1d44177d91d319eeef399a399122a778ff8af7993
SHA2565dbc8100e4d5cdab2fd11f8456c06df17288d8c2ecddd648fbca298cb8384916
SHA51230dab51c577e3de6f8454af52313c13494cf94d781435d3516801c9fddacf81cd97e53c7e53c083443d0631a7b9e2f4df8079e38fac2c8be05a490b3f8fca628