Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://mailto:agrabu...

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/08/2023, 12:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://mailto:[email protected]
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5104
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff833d946f8,0x7ff833d94708,0x7ff833d94718
      2⤵
        PID:3352
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17898138199198622748,2598890425805937968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4316
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17898138199198622748,2598890425805937968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:1164
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17898138199198622748,2598890425805937968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
          2⤵
            PID:4544
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17898138199198622748,2598890425805937968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:1800
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17898138199198622748,2598890425805937968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:3140
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17898138199198622748,2598890425805937968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
                2⤵
                  PID:1624
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17898138199198622748,2598890425805937968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
                  2⤵
                    PID:4672
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17898138199198622748,2598890425805937968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:396
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17898138199198622748,2598890425805937968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
                    2⤵
                      PID:2084
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17898138199198622748,2598890425805937968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                      2⤵
                        PID:884
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17898138199198622748,2598890425805937968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
                        2⤵
                          PID:116
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17898138199198622748,2598890425805937968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
                          2⤵
                            PID:4280
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17898138199198622748,2598890425805937968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2656 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4304
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3348
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2472

                            Network

                            MITRE ATT&CK Matrix

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              3423d7e71b832850019e032730997f69

                              SHA1

                              bbc91ba3960fb8f7f2d5a190e6585010675d9061

                              SHA256

                              53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

                              SHA512

                              03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              312B

                              MD5

                              dae8528ef42da7ef4554e16e79de5f69

                              SHA1

                              ac765039b7380fede989e5acdfdebb9049d8bfc5

                              SHA256

                              fea05e40dd821d4177d2e3df4ebb14cfd8e0c4976389e514c5d34d289a40c067

                              SHA512

                              13bc7a5b77717f3877326187e6f68853a6f6d8fd7317241a88928d669676f4a0e77383d20f1c5e90b62d72149a8a1d2451fed477818ee9c6fae27e2d8ebb1cb0

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              1KB

                              MD5

                              3805194b7366a2cd5753780192e96ecb

                              SHA1

                              89afa70b22f490f92a0d7710e900b864ad2a5bf9

                              SHA256

                              cb85137f4811b5a28e817fd72e987da8d5db5419b55c95b7183bbbc5541464c9

                              SHA512

                              6a6af3b62fd128525cb451fd7f36989edf6ec6f61b161cf800e6966cf0d16dfb6b773125fe0cf599cc57aaa2631583286d11856957969931c456d0dda49eac1c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              111B

                              MD5

                              285252a2f6327d41eab203dc2f402c67

                              SHA1

                              acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                              SHA256

                              5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                              SHA512

                              11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              b643312a4acba5cd931cce682b99ef89

                              SHA1

                              af792a419fbfb6876915e0e68481868756e26b2c

                              SHA256

                              69db6b8c2a5161aafe2edec076d1a69b01592ed8d2ddd18ed0994ef1fde6e352

                              SHA512

                              9032e8973df33d0b9cc447f5e589a65feea9f51af1eb1176fb642cd46cfdc58fdf509639a9634bbb8e3a37060ed08995e477c9ccaa488c9b2678fa28a7b20bdf

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              2c5dcf70c669e563a597945ab9c2864b

                              SHA1

                              0c9e5228cbf4043636e3cce88441b05e00b1dbba

                              SHA256

                              32866c7ad049adcb186088c5f8a9b5d52b4aae176a6f04fe5f33d4425dcd44fe

                              SHA512

                              debd7b621f0970cf3857bfd1c68712629851ff62abfd5613d3e75ef1d20114bc967811da1346be4ede1aae3c7b7b26ee3fc013e8e9427082877f7b982a35adf2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              bf27deff38137dda92066a624953417f

                              SHA1

                              480d62e38201c2504ce5e543b506fec31b38fe29

                              SHA256

                              ef9d9fac33519c19d6a9106ef37ab3dc9c1a31c082ea5c87b949f5877c23e17b

                              SHA512

                              ec7198e0cac2cb934a7d9d7b6569c5fa129a89ae00bd37b1c8b0cf0e7e56a4dbddffa29cca6e9198fe751039e1c345e4e8cb5697c9d88305c9b80fd0500daa96

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                              Filesize

                              24KB

                              MD5

                              0e78f9a3ece93ae9434c64ea2bff51dc

                              SHA1

                              a0e4c75fe32417fe2df705987df5817326e1b3b9

                              SHA256

                              5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

                              SHA512

                              9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              12KB

                              MD5

                              27e559ee30cc7e2fc7b8a19312013930

                              SHA1

                              6bdb2ba7b1c4c1bba1feeba70a2e2b00308bc98b

                              SHA256

                              2239732e28ff5591d4766353648bd3075708c64a6599155cb9bfe0abc4f2c150

                              SHA512

                              7329f8f04292e957698bce2d23716388b48c7e32c903bb1191e15ccd2ead7f0653e05aa0fe7aa99bcbea599fa7512139a227db285dbb633367ab75405e603b71

                              Download Submit