Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
04/08/2023, 02:24
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mouser.co.uk/MyAccount/Verify?qs=XSaGJxJpLHg0GFxW8%2FHVUp2Wk8rKXuTZ5G0hfg3MDhEAwnGCAZBX4PrabU%2BDjp3ShdGbiKQ3csU%3D
Resource
win10v2004-20230703-en
General
-
Target
https://www.mouser.co.uk/MyAccount/Verify?qs=XSaGJxJpLHg0GFxW8%2FHVUp2Wk8rKXuTZ5G0hfg3MDhEAwnGCAZBX4PrabU%2BDjp3ShdGbiKQ3csU%3D
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4048 msedge.exe 4048 msedge.exe 224 msedge.exe 224 msedge.exe 4284 identity_helper.exe 4284 identity_helper.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe 224 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 224 wrote to memory of 2696 224 msedge.exe 51 PID 224 wrote to memory of 2696 224 msedge.exe 51 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 1896 224 msedge.exe 83 PID 224 wrote to memory of 4048 224 msedge.exe 81 PID 224 wrote to memory of 4048 224 msedge.exe 81 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82 PID 224 wrote to memory of 4200 224 msedge.exe 82
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mouser.co.uk/MyAccount/Verify?qs=XSaGJxJpLHg0GFxW8%2FHVUp2Wk8rKXuTZ5G0hfg3MDhEAwnGCAZBX4PrabU%2BDjp3ShdGbiKQ3csU%3D1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c64046f8,0x7ff9c6404708,0x7ff9c64047182⤵PID:2696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:4200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:82⤵PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:2576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5740 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5028
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3560
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3364
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b950ebe404eda736e529f1b0a975e8db
SHA14d2c020f1aa70e2bcb666a2dd144d1f3588430b8
SHA256bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4
SHA5126ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD577b00ee642e8906b5e4c8cf1cff693c7
SHA1e6cc112e281e47fe74ce5b23b75babef4e2e956f
SHA256022bb9dd4cc0366d1a1434c7a38ef8ae78b9c8eea86e29b18ebc4aabaf81de71
SHA51242b38eb44f52ce791cb51973d5f69eddd547c12f2e3dff287bf2eabce6af4a033907cfca67d8206965abbbe317737ac5497b409190052bdaa4f3113e2ad825da
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD575e2389ea8b49a03aae92a127e04ade0
SHA1e613fb3de026574e3bbfd3471cca9a284d07a249
SHA2567eb40e5c244e15685bb7fa91481497d1f7931884126901e67f397038a111e008
SHA512b671d4a9d4c2d924b20d20c2853a93fcb16b6d716b171bae10b884494890ebfb04f0194c45ae622776568b01462671aa0a28b477a87cccc9a1ba53683854bba9
-
Filesize
5KB
MD5b32b16acedc54ba20c9d61fa1d68cfce
SHA135f2569705ee320f8657a86b0e9c80b66c6870a5
SHA2565c5ee90251ba8562ce351656b7d744a00bb96765344a621b179afffe604ef485
SHA512249c6b8525d0378db948fca393a731b8a65e4eaa928e1a9a76d6274db85e63d7b614d311ab59d5654b6aed1413c8c74d77f0713eef97e7caceb65b711a18a9ca
-
Filesize
5KB
MD5d2c1d5f53fd7ad96726681f19f4e8378
SHA1af2a5b33c56b14bcbb1250a186c6ffc0fbea6ff9
SHA2565f40faa868985f7b1ee96af77981f501b4590ac200817220f505bf2ccd556d42
SHA5120f868c104bbeefd0057bca1aee79530e167846ce99e2ed8662cfc1e51c101475eeca71262414404f7e6605ecab73875d18bbe8208ec037b53225927af98c9272
-
Filesize
24KB
MD5ca36933e6dea7aa507a272121b34fdbb
SHA13b4741ca0308b345de5ecf6c3565b1dbacb0fb86
SHA256fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d
SHA5125a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD53c277cbbe55127f95e5a4fa2d51a2445
SHA1de3688bd400a355c4b9b917cfe89f4b2087cd078
SHA256ab6b4afeae3d616078458e191d8daefe769b18220be4baa4323a3dc2b4e41c58
SHA5121cc27179f3a2117ef1c3a6130ddacba9680388a7acbb0e3576ef42fd47680f7f48e0a342b8ef53f4b63fcc5d58fb83741cb73956008223163fcce300c2863c3c