Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
35s -
max time network
41s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
21/08/2023, 18:39
General
-
Target
https://captcha.amazingcontent.site/?tag_id=59223&click=0
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://captcha.amazingcontent.site/?tag_id=59223&click=01⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3b7f46f8,0x7ffc3b7f4708,0x7ffc3b7f47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6848 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4456366648468989555,10310802293083370560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
24B
MD535a6c3b4fe838413993c88d9db65c73e
SHA1fbc0f9716fcdc03c7fcf908fed2c5ed73a5452f6
SHA256da74921979c4034fb77f61a6295c7c4d9a2196c831760d546e36ad959f240d23
SHA5126aad96386a306afc8dfe170b4a84b7591e2f98f11fbeb5f81456e9ce806d3a7734b962f174e6b1904a23ce395f69c5809ef52b851bc0b5b207cb21bb974158d6
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD544d2a4053983e9971bbdd75f565b5df9
SHA153a20e7d35a202b9ec7913ddbbce78cc615364c4
SHA256255438c1f2e64eb0f989b8af488c0adbe431746f134cb48faf03c6718b28b82c
SHA5124f76a91c6d31c5ee7b4cf7b3110622aae059cc36227f165d5f8978bbcfd180908b4a2bf0fcbe3b43f8211c20a723fc09140ed341b1b388a55914c9bcd0dbf746
-
Filesize
5KB
MD572791284bc030d26b529efa5c8a5ccf5
SHA1c2a8f68e64879dc78e089694d451c886fa39de67
SHA2563b462f2a265516991b56e94c5354db2a6df313ef2a45c0788ad094dbef52f31b
SHA51242cda86c5569cc81c88213dd12ca2363c3f0bb2f997934e0c8ca37478b06620307b5b7cdba9300104c33c2bd36966984a1e7c0a84bb882d69fd59309671597d5
-
Filesize
6KB
MD536dfa4603b49c8f2881182b22b8ba968
SHA1f10c6fb7748925ba9fefd7e8f976f5f463f20aa0
SHA25695b62e89058d515321aafc115c98d8ed6aad294268d444ccb0782ec877074234
SHA512401370c417eb842e0b31ff0244bdccb0035d35b50afe551130522e4db83145b033a0779bad1d53e6db234e40605990b3fc78ff418630841b0d306ee02f82cd9b
-
Filesize
24KB
MD50e78f9a3ece93ae9434c64ea2bff51dc
SHA1a0e4c75fe32417fe2df705987df5817326e1b3b9
SHA2565c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68
SHA5129d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d
-
Filesize
168B
MD5275b1c153d80099d231fa32156cc9e59
SHA17b570a64f9fad67231ef315573a362f06971af0c
SHA256d15606c7f582bf255a75dd3db83cc94827f58f338689a16f6b4ff240118348a1
SHA5121da8fe10255b97f5a13e6bfe3e095ec63bfdec502cfd6f0f47eab0c83d32126c483aa4dc66ea17adf5d5030ee87915203d03f206431924d871e95c96ef90f1a4
-
Filesize
107B
MD50ab2b2f2464cfc50eed0273fa0c802c3
SHA1df661a2b1f4315dde1d6421917ab57f553eb1cf1
SHA256892adb3a19104b082d20a98222238f399b38b5c62daec1973397f635184a8fe9
SHA512f365640760115cd93b1483877a1036326c860ce89531a2c7cb8273eb5771b9d9ee20d9f00d5405faa10781de731e1c8c6b039b40e0092afa69bd44238b37f23d
-
Filesize
96B
MD562ab886e43684b8651e86965a16c742d
SHA134ca7bc55b2d2022cb6c725df9461952e63b4b92
SHA25650267dfe6a055d7a8a1c6a714ab2dbc8af030c4b913f4b1e1804692df504a70b
SHA512e4bf83ad20816102e32819f7ac3db7bc3586d6e06eebd083e5f899321fe8d062cff07a3498aeb9daf7e8f2ec010f5233a39ed34b2735dbb6a442b8ed00fcb6d4
-
Filesize
48B
MD5bd350614f32b53bd7bfb3917a8b076ff
SHA1e0e06e455f9345f2a23d7687a4a60a578aece12a
SHA2562375e0ac5b0e465618414d8117a8a8da7ecae28e130b8be2b30501205a0c201a
SHA51294ed740ca22f5c08cdb1dbef43ec99625e01762f5b54a88217817118a555de51095428fb6685470f85110cd6b82b52ba756e479d508bbf70d2d59e739fba681a
-
Filesize
876B
MD518d4d367cd0d3c12051bac003130f0ff
SHA1f9c9649fb8a5c38234a7c3e07949e91f21d40243
SHA25660b5325dfbde2c3f91187459f03d925a486ea276d47b85b69bea0b2fa7292ac4
SHA51262c0d54536c2c3e64700df840a5a5e8c2a1b7a759fb97a90c521784af0a862a8887d609c5afce64ebfe7b51348b9a0740882d6c7b1436f60fe568913384979c1
-
Filesize
540B
MD5a1e257317f72283fa955413a0bef6b8d
SHA1eef882b521a306206325e3eb9e2c04e05f9af9f4
SHA2561f8e69705f7285fecd08ba649c83dff4fcef61fff2eb81137cb46538fbab8737
SHA51223b93a8ce6c36e1e5d7c24d4463420e6b08f12ba33c50d4fe88753e097f81f1cb8f1bf5ebc263adfd4be7617e2191cdba8d91cafdc46176d5d66dd07b5f3e48f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5b3996df92d03a4b828fd7d70a63f2b0c
SHA12e0f678a772f96f9d574a070d550f1c525bdfcac
SHA256d82ca9081699255bd612950ee72a4b78c37aa770702475c20777409cd6373af1
SHA5124ea8504a15d7f5e0280ba5f1982f4e5a12d2844923413b28d8623309916ac3cb031931c3ea765fc6d9faddbd1a83f43db82b00b8c75f3411f9b6fa0c4bb20f61
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84