Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
21s -
max time network
25s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
16/08/2023, 05:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://myato-secure.com
Resource
win10v2004-20230703-en
General
-
Target
http://myato-secure.com
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2700 msedge.exe 2700 msedge.exe 664 msedge.exe 664 msedge.exe 4992 identity_helper.exe 4992 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 664 msedge.exe 664 msedge.exe 664 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe 664 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 664 wrote to memory of 5104 664 msedge.exe 84 PID 664 wrote to memory of 5104 664 msedge.exe 84 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 1016 664 msedge.exe 85 PID 664 wrote to memory of 2700 664 msedge.exe 86 PID 664 wrote to memory of 2700 664 msedge.exe 86 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87 PID 664 wrote to memory of 4936 664 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://myato-secure.com1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:664 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ff8ce9d46f8,0x7ff8ce9d4708,0x7ff8ce9d47182⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:1016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵PID:3104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵PID:3412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:82⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:12⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:12⤵PID:4496
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4912
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:668
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize330B
MD58548843423a62f364da4d2a4abe8b5f6
SHA1a355947412f8d0463b02c535576b7b5f24b04eee
SHA25660e9296e65bfa7650a6a05f82f674162e7f722843fd7236d67e448fb9213d7fa
SHA5124ee7da80235ce3de5fafe9382a8bd92206e5e1327f9d022937dc73a3ee058d5f0ed1a33cdab5bc2c617fd8b5faa2ba52c9b930c1f6933dbb64a4a870791f2312
-
Filesize
152B
MD5f6f47b83c67fe32ee32811d6611d269c
SHA1b32353d1d0ed26e0dd5b5f1f402ffd41a105d025
SHA256ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc
SHA5126ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD59f64d517209e8e9612912b0d7d7a7853
SHA14912aaa547735c1ba3e9065e7d17faf70e2ad910
SHA256121998d053a2b7d88a2577026cc2220b8b384230e118fab42bac91290d5b3043
SHA512eedebe58863e51834b9fbff4ff94636fae748608ded5c285dbcf25941c4f7eb95732b7c42cdfd5d83346576a0e11e004e46fa26685e9142e6848610b31bd5ae8
-
Filesize
5KB
MD59dbbeca2990d00881b720b3929aef517
SHA1c03c8985397c74bc00da71d55e7cd1aaa8a487ba
SHA256ff5af601e6725219329536e7574f5b1267a4e9664db25b32444021ab36399fdc
SHA512b3c2e19854149fd2f0ad982433461162653a0d18d2d32b2656314990149606c1e2cd3a74a2f01fda76a2420b5b227dd5594ac4e695af12a277c8837b3a91ce33
-
Filesize
24KB
MD55544c64f2a8f49dabc19eb84267b1c9b
SHA1c5b78d63a8bab1c7b985f7ea2f268d0d7809071e
SHA256a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f
SHA51238c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD57670ad15e83bde3ee4bec7c5643d23cd
SHA17f48b1322aba1a4720e87d9004b43298070e8728
SHA256745f4dc913ebd1a8307178fa6ced79a8da3ae6cfc6a71e3a7e11c1207c512d13
SHA512ba075f40f99cfb8cae0161bb721e414e74d6821a54f06b8049c3849a5725fb619eb686ec9062dbbecc460c6ddd8662f29a92c8107a54c2ce3153c969e69cc21d