Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
73s -
max time network
77s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
24/08/2023, 02:30
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://url874.learnbrands.com/ls/click?upn=kWyqXjpRjHUmB496-2FITBxUrFxLhjstxhfUMZXushQbChArpMFla9KEiO9IU4Df2T6XfIsRyCo49uXWLpBismZwxcUsQABtKR2ASGNcOafPm4UsDRHq2F44Hb2QCIXaHdD2NU_YBdYmBkdS0QBb-2BZ70CSOWb9yjoSMALm7WqKyUZzSQIPJzhlFUbsTJ-2FCFtCm5VMyvQBnsE4FPcH6hDu5rRAXEho11-2FF1gSqyPCReliTJDYmifbTfb8HOjfz-2FHEoimMXxHEU8rEqxJYQWJaCNBzUk-2BMkbpKWCfrnmW-2FsnT8-2FT7-2F-2FhiayDdsW5XP-2FzPicQAEcSFyPzo3pBgXxyFErn48qMEOA-3D-3D
Resource
win10v2004-20230703-en
General
-
Target
http://url874.learnbrands.com/ls/click?upn=kWyqXjpRjHUmB496-2FITBxUrFxLhjstxhfUMZXushQbChArpMFla9KEiO9IU4Df2T6XfIsRyCo49uXWLpBismZwxcUsQABtKR2ASGNcOafPm4UsDRHq2F44Hb2QCIXaHdD2NU_YBdYmBkdS0QBb-2BZ70CSOWb9yjoSMALm7WqKyUZzSQIPJzhlFUbsTJ-2FCFtCm5VMyvQBnsE4FPcH6hDu5rRAXEho11-2FF1gSqyPCReliTJDYmifbTfb8HOjfz-2FHEoimMXxHEU8rEqxJYQWJaCNBzUk-2BMkbpKWCfrnmW-2FsnT8-2FT7-2F-2FhiayDdsW5XP-2FzPicQAEcSFyPzo3pBgXxyFErn48qMEOA-3D-3D
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2468 msedge.exe 2468 msedge.exe 2016 msedge.exe 2016 msedge.exe 2432 identity_helper.exe 2432 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe 2468 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2468 wrote to memory of 2396 2468 msedge.exe 81 PID 2468 wrote to memory of 2396 2468 msedge.exe 81 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 4988 2468 msedge.exe 84 PID 2468 wrote to memory of 2016 2468 msedge.exe 82 PID 2468 wrote to memory of 2016 2468 msedge.exe 82 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83 PID 2468 wrote to memory of 2516 2468 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://url874.learnbrands.com/ls/click?upn=kWyqXjpRjHUmB496-2FITBxUrFxLhjstxhfUMZXushQbChArpMFla9KEiO9IU4Df2T6XfIsRyCo49uXWLpBismZwxcUsQABtKR2ASGNcOafPm4UsDRHq2F44Hb2QCIXaHdD2NU_YBdYmBkdS0QBb-2BZ70CSOWb9yjoSMALm7WqKyUZzSQIPJzhlFUbsTJ-2FCFtCm5VMyvQBnsE4FPcH6hDu5rRAXEho11-2FF1gSqyPCReliTJDYmifbTfb8HOjfz-2FHEoimMXxHEU8rEqxJYQWJaCNBzUk-2BMkbpKWCfrnmW-2FsnT8-2FT7-2F-2FhiayDdsW5XP-2FzPicQAEcSFyPzo3pBgXxyFErn48qMEOA-3D-3D1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafe3846f8,0x7ffafe384708,0x7ffafe3847182⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1407250299930792251,4815720591838231816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1407250299930792251,4815720591838231816,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:82⤵PID:2516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1407250299930792251,4815720591838231816,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1407250299930792251,4815720591838231816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:1920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1407250299930792251,4815720591838231816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:1744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1407250299930792251,4815720591838231816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1407250299930792251,4815720591838231816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:12⤵PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1407250299930792251,4815720591838231816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1407250299930792251,4815720591838231816,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵PID:2148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1407250299930792251,4815720591838231816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1407250299930792251,4815720591838231816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1407250299930792251,4815720591838231816,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1407250299930792251,4815720591838231816,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1407250299930792251,4815720591838231816,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:4680
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3580
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4972
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b5f5369274e3bfbc449588bbb57bd383
SHA158bb46d57bd70c1c0bcbad619353cbe185f34c3b
SHA2564190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464
SHA51204a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5d1c49594c16b2593ea4e348dbc4d860f
SHA1b655a4b989ff12a14700755e6dea727e8f8db84f
SHA2564d1fee5257a4e08ed1b2dd05660d8a9c8d5eeb11f766b91cca79d7b6e51be8d2
SHA512bf4888aabe424faa6719c3a789b86e10ea3b8ae314f6e59ab724031f79681589b0e15f132e5b459a85779f8c8699f6e2d1e57100cd13b8a851ceddfc05010f5d
-
Filesize
767B
MD527e6f705ee8ecf6759ef771a4dc80c37
SHA1c83b8b4f7e29c3a87b38de06d6c769401bf4e610
SHA256f37ab8eafc4b1911b36837f7e2a884fe340d99b44efecedd9b00097f06940927
SHA512711af71caabafa0f0527fd7799a63a769396df0ad50cf230bde933e4ab976f36577c3c20211ed67037c7713904c490611f4271fb60fa66c67d90df9c8e502fe0
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD59a9a9e3137a63914171023c383b0edfd
SHA1ccf659c77c33beb01a8fb1edd98d325625e9c75c
SHA256dfe661bdcd6e285a34ed32dd6e3ba3c18c0a2c7c06e690819d844a6c3307b4eb
SHA512c00a37b1e071908d152ecaf011d828bad3c53e4f1d6d399ede9c03f90652248eea9e1d4a44a03e570a7978f11b75612e7c5f7252c7b84f556619b23afd92e06d
-
Filesize
5KB
MD5d1c78a4a1c907e169a1f582a63d8e089
SHA1713a05f5f2356e5976d213fa3f37771132dcb390
SHA2561c27b9bf96083640dba289a14d184d0bc783319c21713b6837a4d73b61e17696
SHA5120aa203eeb14008118eecd6425ae8ac69ab4ff8bbee064a3bab51b4d43599b4f562c984738698dcb5d051b54e10007cfd958370be8f19ee4c08430d87816daaec
-
Filesize
24KB
MD529213338df67d29d6454ee5d61ad3970
SHA18c69ca76a2e639060d5ce835a9600e6ea3764a83
SHA256d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51
SHA51214db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5d1356c13ec33cf811e3c5aecf68a6714
SHA158322d2198cf2696298ee8a7344371dc96aae86a
SHA2565176b77d9f1320a75f409bf09ab58befedacce59fa52f5ed15721a5a0fa1bcc1
SHA5128cae2ee01225339598e46fefd66b4d3193543e1911243187d41353dd98e73390b380f97fc5e4fae95898001777be021fd0e02fa13842ae4918c0abd73be2f877