Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

URLScan

urlscan

1

http://playblockpost...

windows10-2004-x64

8

Analysis

  • max time kernel
    69s
  • max time network
    75s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/08/2023, 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://playblockpost.com

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 32 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://playblockpost.com
    1⤵
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4368
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa408e46f8,0x7ffa408e4708,0x7ffa408e4718
      2⤵
        PID:4040
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
        2⤵
          PID:1424
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3780
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
          2⤵
            PID:5112
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
            2⤵
              PID:2624
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
              2⤵
                PID:4280
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
                2⤵
                  PID:652
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4768
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
                  2⤵
                    PID:4836
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
                    2⤵
                      PID:1224
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
                      2⤵
                        PID:2628
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
                        2⤵
                          PID:4968
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
                          2⤵
                            PID:4580
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
                            2⤵
                              PID:2572
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5364 /prefetch:8
                              2⤵
                                PID:2252
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6260 /prefetch:8
                                2⤵
                                  PID:4636
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12371575499246109085,16269952876834762569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
                                  2⤵
                                    PID:4020
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:32
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:2984

                                    Network

                                    MITRE ATT&CK Matrix

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      b950ebe404eda736e529f1b0a975e8db

                                      SHA1

                                      4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

                                      SHA256

                                      bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

                                      SHA512

                                      6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      96B

                                      MD5

                                      5c509e59518a5d1f3825bf57af345711

                                      SHA1

                                      bb53d6a6f38bef5d5e06db6637e0197e1841eab5

                                      SHA256

                                      8a613b46f6b41f7af5e765a24ee438b92afc2b0bf58c20c06e37e478fea9a2dc

                                      SHA512

                                      e20375dabc4ac152c4f0d746a04540db6ce351124dcdc09dae256cdbb9d6a252dfa6e293b6eb27321e563e2bbd007bb0729d5eb022ef4a1e692710c8b0cc8f55

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      264B

                                      MD5

                                      ddda5eb28ccd09798d4b604047eff835

                                      SHA1

                                      b0347b959c4cb1acd5a57ec573f0bc5f0e5b2713

                                      SHA256

                                      d84883087a7a3081afef0664f36f08a21a96e1a94de3a505b213d88ec97e12ae

                                      SHA512

                                      929ea52ad18f1a32f51c82a9c75d54f3c42d791bddadd6bfd1fb014a8b67e229fd9b6009a7e32305066adfc045db93cc582b6f63d8e09f19f5f2e9d63beec63e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      111B

                                      MD5

                                      285252a2f6327d41eab203dc2f402c67

                                      SHA1

                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                      SHA256

                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                      SHA512

                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      e8eb160f0bab69f7fb3229c3219e1663

                                      SHA1

                                      6c12ae04aaaee5f494e0919e0d079e3e45dfe859

                                      SHA256

                                      f53f24c6b7cbf2d611f6b749bc752df2de702c7e4fe0f82f38fd16e6435014d6

                                      SHA512

                                      c788a5a66f852667d626a5a3bf284495655e6e79648141fdf507a7b782aaaf8754ca21c9622e1722e66f637bd85f67f4ae49d1061ced887f679e06c54fa32120

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      553a6eafb3809ba5a45788652fcbf222

                                      SHA1

                                      6a4ebe32c959b1d954b7b5a7245cbe4986ddaa46

                                      SHA256

                                      06145ccac5879165b3766de396fe3a9e15f8775413cab466ed511bd539cf7156

                                      SHA512

                                      7136d21fad47f5386a826965d2bc22b152ab905fa8f9de4ad9972e7eed89f589e551de37fee528096f608143875653d1a4a67c104d826531bed745e4b7bb71a3

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                      Filesize

                                      24KB

                                      MD5

                                      ca36933e6dea7aa507a272121b34fdbb

                                      SHA1

                                      3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

                                      SHA256

                                      fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

                                      SHA512

                                      5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dfa6253f-3586-44ad-a08a-6e2e0dfed043.tmp
                                      Filesize

                                      5KB

                                      MD5

                                      23eeb197869b1fe10d4e208e52c982be

                                      SHA1

                                      7875bfb16bc60f624a9a4b8a034ee8672aa39db9

                                      SHA256

                                      7483bb9544fb21c5e7308bc6972c7cec73bdc2959b37fb43faa9e538dfe0a733

                                      SHA512

                                      01bf97afb544fbe0c25f17d2098e89ddb1ae49ea96a386058a869e086e7477a7a1e048b9ee91df0b537373e712511a6ef2c65d30891bb0da0cae1c77636c8c17

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      12KB

                                      MD5

                                      f4a7114e1a37765d446ce6d856087f1d

                                      SHA1

                                      dcffac783b4329b005057ce7f3e14d86b78691e1

                                      SHA256

                                      1dfe199d260a1b86e2b1f54d7a97c1f4b6fabc5198d901afbcde3f74a626bfb8

                                      SHA512

                                      850e9e6f8c77ac504f1635bea6359ac18eabbc173d10a22c16735bc8db6d9b72f81237d685ec2832d301a8807582e1a739806812ed12d43c4de8e84ac24d4a8e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e04c8522-c01c-4a47-9c44-44f4d21efe1c.tmp
                                      Filesize

                                      12KB

                                      MD5

                                      8cf84c03e9ad9dfae7488184c2982dba

                                      SHA1

                                      ea4b5e3763a797631f07f23a5da23c369d1f1971

                                      SHA256

                                      81ec5149a21c38611f2f5541f263c3f46f3407411d6e145dcdb005ae646c3757

                                      SHA512

                                      d10d217af70c90c42ba47cec35b5baa0f73473bd61c410d1c51b1de15e23434e32b4c7849b7cc958ab025536c38fd1abccc7428675325cea4b6bf646eb40178a

                                      Download Submit

                                    • C:\Users\Admin\Downloads\Unconfirmed 850719.crdownload
                                      Filesize

                                      343KB

                                      MD5

                                      b50ff3baa45a3e416dd0720d5c1e8ca3

                                      SHA1

                                      85d5c484d9e1f5c02d392c78ecc84471a0f38eb7

                                      SHA256

                                      b552e22693ef23ea14414800b6e56df6c004ec1b7ece174118777443db9cf407

                                      SHA512

                                      a272211f864b460aaac1de29b2c25eb1769bda107d880d4bc12254de2a8a9b9e95d9dabfb6953e6c085f8526ff8080892831efd6c1dbe0d88f2c630de3c3efb0

                                      Download Submit