Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
22/08/2023, 10:33
230822-ml2vwsbg23 1Analysis
-
max time kernel
159s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
22/08/2023, 10:33
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://kinrus.ru/vviizink-pt-public-home-login/
Resource
win10v2004-20230703-en
General
-
Target
https://kinrus.ru/vviizink-pt-public-home-login/
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 900 msedge.exe 900 msedge.exe 3964 msedge.exe 3964 msedge.exe 1588 identity_helper.exe 1588 identity_helper.exe 3200 msedge.exe 3200 msedge.exe 3200 msedge.exe 3200 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3964 wrote to memory of 720 3964 msedge.exe 81 PID 3964 wrote to memory of 720 3964 msedge.exe 81 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 2088 3964 msedge.exe 84 PID 3964 wrote to memory of 900 3964 msedge.exe 83 PID 3964 wrote to memory of 900 3964 msedge.exe 83 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82 PID 3964 wrote to memory of 1432 3964 msedge.exe 82
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kinrus.ru/vviizink-pt-public-home-login/1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3964 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffe322646f8,0x7ffe32264708,0x7ffe322647182⤵PID:720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,18340296241990473328,724531102969521673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵PID:1432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,18340296241990473328,724531102969521673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,18340296241990473328,724531102969521673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:2088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18340296241990473328,724531102969521673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:1212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18340296241990473328,724531102969521673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,18340296241990473328,724531102969521673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:82⤵PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,18340296241990473328,724531102969521673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18340296241990473328,724531102969521673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵PID:2292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18340296241990473328,724531102969521673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:4104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18340296241990473328,724531102969521673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:12⤵PID:4100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18340296241990473328,724531102969521673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,18340296241990473328,724531102969521673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3200
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2444
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2772
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fc99b0086d7714fd471ed4acc862ccc0
SHA139a3c43c97f778d67413a023d66e8e930d0e2314
SHA25645ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96
SHA512c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD524f9750abd85814e4fba7f305d6394ad
SHA19954efffd303cec827bfc62c77aeedc3e2fca728
SHA25600e2d2d3993af6dd0657482f0752f17e6eae0a7ae162c9b9abcd6c613f528096
SHA5125d581c015caa2c3043780b86e82e18aff4bb406255a055f3a6de3c1706789fd230de94a3270315ac07da439ee4aa07d63a938a5f38547f8a234cd222dc0ece54
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
254B
MD52bbf6ce9e105b0f1fc2d498c3fd15985
SHA1447cc92315e7ddaead7e988327f0bf45b5a3a3c1
SHA256e5067f52f1da35b387a8781fa3f8a092c4cdf6eb18697a9ecf89401a2ae5485d
SHA512f8127af9353b5ade2f7fe849d349d134bce608c29c1199e613ab30b047583b7ea81cba32e8f1391f07b4b2087f15d4bc1389143102389b4a94b254913805d441
-
Filesize
5KB
MD5d1eb27d1141780d85e14166c43bf000a
SHA1fe095ca964adf142e3319ca40b903d6d2eb1fc0f
SHA256edca956f2e0f220b38f614719b3b693372e5a30bdb0efaa6d489b8cb6c1856bc
SHA512d01d15d32009d0f806f7ab9dc16cf5c68dbc3de44e4faf02fb06c5f4a66f377347c416be796ece6b23ebea650c0f8265d30d0ba618e0e5d0fdc1a1e4a1fe4c73
-
Filesize
5KB
MD5e0b3678591e50100793ddc287e4d7956
SHA1590d56031f7681f20ce179aed9a14c748fb01465
SHA256df8ab062ed25b327843d0dce3fd48d7f0d527695752db6b82c9994e81af9bbbc
SHA5126ca3cc7d13d0ecf86850320e774da8b221593524edc3469b864da88d58df499176a271d85254b3543c4eaf5a011c05a852d370048e487007962c9be13c72bcd8
-
Filesize
24KB
MD596f00bbd6a174879c58220f95f0115f5
SHA1d3d7f82b0bf27daf1b3903bfe050c2d05422050f
SHA256644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107
SHA512e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD599c7a1da41a30b6175c32fe209231ca2
SHA137e97daa4e71a6af95c9eb54f7f28b9bbc21c118
SHA2562d081abcb32b03d2e76a478f514d717297b16cb0e5d18fca7c754311b1c0e3b8
SHA512d830fa90831b939789ba91e4aa2d92bc3eb8031efa309def2cbba3be32052f51128e740dfec94eb32c4280c45ca170f9a62cb9ba2798d970a82c9e457e68a335