Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://nods.gov.ag

windows10-2004-x64

1

Resubmissions

07/08/2023, 21:54

230807-1r8saahe98 1

07/08/2023, 21:51

230807-1qmhnaba51 1

Analysis

  • max time kernel
    46s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/08/2023, 21:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://nods.gov.ag

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://nods.gov.ag
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4576
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7db746f8,0x7ffa7db74708,0x7ffa7db74718
      2⤵
        PID:1648
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,7602955104548744202,4423590125845026960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:3884
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,7602955104548744202,4423590125845026960,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
        2⤵
          PID:5080
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,7602955104548744202,4423590125845026960,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
          2⤵
            PID:5008
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7602955104548744202,4423590125845026960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
            2⤵
              PID:2236
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7602955104548744202,4423590125845026960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
              2⤵
                PID:4864
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7602955104548744202,4423590125845026960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
                2⤵
                  PID:4148
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,7602955104548744202,4423590125845026960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
                  2⤵
                    PID:4440
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,7602955104548744202,4423590125845026960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2208
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7602955104548744202,4423590125845026960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
                    2⤵
                      PID:2120
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7602955104548744202,4423590125845026960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                      2⤵
                        PID:3824
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7602955104548744202,4423590125845026960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
                        2⤵
                          PID:2880
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7602955104548744202,4423590125845026960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
                          2⤵
                            PID:1408
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4388
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3172

                            Network

                            MITRE ATT&CK Matrix

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              fc99b0086d7714fd471ed4acc862ccc0

                              SHA1

                              39a3c43c97f778d67413a023d66e8e930d0e2314

                              SHA256

                              45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

                              SHA512

                              c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                              Filesize

                              20KB

                              MD5

                              87e8230a9ca3f0c5ccfa56f70276e2f2

                              SHA1

                              eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                              SHA256

                              e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                              SHA512

                              37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
                              Filesize

                              76KB

                              MD5

                              fd7b552526557b80a337ae1d855044d5

                              SHA1

                              cea5acf78a92b5bb01af1bd4846aab35289ad7b0

                              SHA256

                              09125f7e2e3d8b21bcab92f150c5a7042baa1bcbf34e82f48963f6fbcaeb234b

                              SHA512

                              3f573459aecf648c1116d5e6f78c6ab16ab31b2d94ae1d415a1897c2b339d3e34e8a476f6e90b8edbc38976538567463f706308787e96fe6669259951a8d23fd

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              111B

                              MD5

                              285252a2f6327d41eab203dc2f402c67

                              SHA1

                              acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                              SHA256

                              5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                              SHA512

                              11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              b6d1ce7cfa2e3e83e9d993db2b7c9ade

                              SHA1

                              94a850ecc3dae30c439e56a3961933e87313c402

                              SHA256

                              52e0383766da1e2fe4843cb76a14e11f2ad86e0a68b6ea5696aafc53c90059d8

                              SHA512

                              109321611ca706ace8489692167763b8d1372a67271699bbe2e67925e9520b635c456bb258eaddb606eec411c8ad5afb2dc7ba8a0641790511bcea15e121826e

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              5030d3dcb32628216d3ddbb4c35a7758

                              SHA1

                              f687e9f4a3b6e7e1ba925b028d47790069198fbf

                              SHA256

                              350c3018e14d453acf5bc0f721892490e3254296bdcdc6ed767613add76a85bc

                              SHA512

                              852fbdb1271a8a328967ab9e54e1a929f9081e732ae0c59ee97b6ac148e3691f1dd6d201ae861549cff6d5d42a966f1ba770f7aa205158592342b206179f222d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              cb1682a88f9bda3494225c80b456c3e5

                              SHA1

                              49b8248576d364e59750d293f73377efc439cfe1

                              SHA256

                              bbf43c82130f28ba59b81c018b0aa1fff40580ec2dec88eafcde405936e41f7b

                              SHA512

                              6115a38cb7c4fb3dc45a3c6bc5f3d2333148007ad60b7dee3c5db437a2272d0d7609c9ae8e34c3592d837eaf9f6ebf26a54557e286eb4be58b723abbe5a4a0e2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                              Filesize

                              24KB

                              MD5

                              96f00bbd6a174879c58220f95f0115f5

                              SHA1

                              d3d7f82b0bf27daf1b3903bfe050c2d05422050f

                              SHA256

                              644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107

                              SHA512

                              e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                              Filesize

                              538B

                              MD5

                              d6ba191a80b2484f705b0e5c05b87c69

                              SHA1

                              a049c3cd6833ec047248e914efc52fc629507aa4

                              SHA256

                              c46a799bfa37999273f0488b7d6bdf861390543facaa4dce2bb30b694325fb87

                              SHA512

                              f4f5d80bd91656e70487800b22e7047bc2110f363246acb110cb47f608e50baa87bb11fc4699963e79bb48dd2a50d4653927bbd2fcc885f076df02eaaa68cde6

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f8b8.TMP
                              Filesize

                              538B

                              MD5

                              ca88f1ccfdd9c180125513132013d89c

                              SHA1

                              e89f9524636a0093cc9451ac06b36c1cf9a4b051

                              SHA256

                              749d4c5f8150d8b518d05efb63530d4c0ec91faa57f362d96de93f63c193541f

                              SHA512

                              2c75dba59f1e4f53e1c93e6dad482f209a41984cec0201123ee7153edfb653c42d5dbaa39f9b731e4050ee80407b97e778c54b57daf4daa62480e5bcb34b3271

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              12KB

                              MD5

                              ef8bfb020d8034ed3e5bba2ebb2a36c0

                              SHA1

                              ff30d634b6af37923e800dcc541ca01cde39a7b4

                              SHA256

                              7d4d319ddfc6212c829bce2d8b18d9916699c7241a5f56fc76ce59dc3c54fe4e

                              SHA512

                              014d265c23bf2f42456f2655d904173f6c9ccf3f74fcd57954b945770ee2afe3b5aac8a16daa066a207a0aa8e19702b11fc6216b682f3dca42371d4039bbb42f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              12KB

                              MD5

                              56252081a02b18e52394f33daa0341cf

                              SHA1

                              24c7859e95a3c8847caaea2d9364d88ea76273e5

                              SHA256

                              14f0f59017981a42195ec7b155d8310c04409394ea87fbe50895e7d74df57323

                              SHA512

                              e3d3cd71ff9d05b2a94a04081987edf809b1c5f2361b13986ea139642805809d19196b763b6a0cfed4b482c1098200cccfedccc25ad51bd18ff2914866be25bb

                              Download Submit