Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://go.activatra...

windows10-2004-x64

1

Resubmissions

26/08/2023, 05:27

230826-f5f9zaad2w 1

26/08/2023, 05:24

230826-f3y21aad2s 1

26/08/2023, 05:18

230826-fzmjssge76 1

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/08/2023, 05:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://go.activatrade.ca/openr?email=redacted_email&fvid=darsept22open&r=darsept22&optinpage=6CheapEnergy&subtype=stocks&subinterest=general&dlcode=&dlname=&trtype=

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.activatrade.ca/openr?email=redacted_email&fvid=darsept22open&r=darsept22&optinpage=6CheapEnergy&subtype=stocks&subinterest=general&dlcode=&dlname=&trtype=
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa227f46f8,0x7ffa227f4708,0x7ffa227f4718
      2⤵
        PID:2964
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,969342744268549493,2713717996792395817,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        2⤵
          PID:4472
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,969342744268549493,2713717996792395817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2212
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,969342744268549493,2713717996792395817,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
          2⤵
            PID:2624
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,969342744268549493,2713717996792395817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
            2⤵
              PID:2784
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,969342744268549493,2713717996792395817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
              2⤵
                PID:3884
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,969342744268549493,2713717996792395817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
                2⤵
                  PID:1792
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,969342744268549493,2713717996792395817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3492
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,969342744268549493,2713717996792395817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
                  2⤵
                    PID:5092
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,969342744268549493,2713717996792395817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
                    2⤵
                      PID:2648
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,969342744268549493,2713717996792395817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
                      2⤵
                        PID:1472
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,969342744268549493,2713717996792395817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
                        2⤵
                          PID:4052
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,969342744268549493,2713717996792395817,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4256
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:5008
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3660

                          Network

                          MITRE ATT&CK Matrix

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            b950ebe404eda736e529f1b0a975e8db

                            SHA1

                            4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

                            SHA256

                            bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

                            SHA512

                            6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                            Filesize

                            168B

                            MD5

                            366ae0febd0a4f34b9a8c7720007bd3c

                            SHA1

                            d008d6b0ebbadf3402f620aef47dbe7bba175562

                            SHA256

                            ce8c07a1933b159e62934950e74241291c6c3f79ddbc27007e4e5552b749ded8

                            SHA512

                            a28f789060363aa5e38090b4d660db3b3ed1f0c4164dbc8bd9b3e899c128c9b1c6d5590f82faee93725a95b1b53215153f32e808f24778c69d809e08f5dded20

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            111B

                            MD5

                            285252a2f6327d41eab203dc2f402c67

                            SHA1

                            acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                            SHA256

                            5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                            SHA512

                            11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            304d1739d16f700cf82647a26ab52027

                            SHA1

                            63b47461411748ce999b67b0d102ee6b12649d64

                            SHA256

                            e41e0e6b861062760cf5a93131301fe0ccc02592d92226976c79832ec31841cd

                            SHA512

                            d42b6fe9b7e8298cc11fe9afa59dd820e2050b47f94498cada1dbd65343c376fe938fbeb5de1e968b57a1357d655366ea7300ea091c6704924922b3277dc2e4a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            634805cff08e9671079744c5a10d43e9

                            SHA1

                            76096193aeaa4981cf5e52580e0f89b5a53bc395

                            SHA256

                            9cb508c2d48ae21ca4b33059b4b0a5860998e752719f819a92399f431ba88376

                            SHA512

                            5d471465c8500ce5861cb7ed4c68ff442a3753212ac7bb2228878636e0c64eacae63a6ca6552d5420b84ae9e0252a4bda1fd8214cfa92a313d59352f28a0c769

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            9abd7c990345c375e29e12ca72066815

                            SHA1

                            797bcaff0e56fdfd2c416d80ccad66f07d8956d9

                            SHA256

                            2f1c13eab626d90f2c2e0896f861afd8a270f45422294c712f582b732654668e

                            SHA512

                            92f8d53da4ff58efe22e8f9b77474ecf411aeff522f54feaf17b45dfd81062679976e5cf236ee6a59a79635fd8f897d70674050a7ac6f0d17be23640078541e4

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            de2a8a376dd700390af23136055ae5cd

                            SHA1

                            bce4cc868b6c760072b75301b7121f87b7422f73

                            SHA256

                            9194d164a1ef4bf2e89b64f32ef90c9a0488eb72754c34a6d2e090a665f2c838

                            SHA512

                            49f58b8201694c707414e418da8b89e00b46d8d34a326b1107196f1d7be0e639955a19ef8c75bb16a3b8ac93cddfecaf972aff462941227a653374b769167b4a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            17374ac5b5169280218f156697d8ee9b

                            SHA1

                            fb3eb04032c79811be10d9e1833e8bfd71e239fe

                            SHA256

                            5787c593ee823952a460a8e44927c3b9fcb92884252bfee494dbecf00070673e

                            SHA512

                            30ff1b959ae75d05a08d53b5d47fe7f3c0a9a8092a78823eb85c42ead32c00d518132235e9bd813fdee1b9ef174f1b85600a0b071989c3437205f9ebbb5adaf0

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                            Filesize

                            24KB

                            MD5

                            ca36933e6dea7aa507a272121b34fdbb

                            SHA1

                            3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

                            SHA256

                            fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

                            SHA512

                            5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a84d4f1c-d71b-4630-ae62-8db1ada6759a.tmp
                            Filesize

                            738B

                            MD5

                            4b6ef78567c7eb670fea6629caad9943

                            SHA1

                            ae700ea155293c04480f5b399812ad872781d7bd

                            SHA256

                            3b65ffbb383456db807f253726358fe56e87a078bc4bc20e3f4a91baf3051b4d

                            SHA512

                            d22b3328f2c98c4bff65b812a1941179600ec2f17c21b65be4844f4b324dc08c2594e4c2f2a83c5110ea8a09e8ca8731ca5c26d3737569313a7be5ceedda1350

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            e40be8b41b0941ba25c60c67a135fc80

                            SHA1

                            9fe9b8473c4b04aee26a7ca84742e3b5e1d4ac60

                            SHA256

                            8eb383fe1a53d40076be0aa533e9e819551d2e13c1fb68d38332bb206c95755d

                            SHA512

                            c0acff7c6b95e3b143c15f8f5de2ec9e7e5a1dcc1f97a81351325aa07ba39f7fca0bac121849ddea55f438bec8586bc55c413821488cc2c7358dcf8f2f6680ac

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            d5c766421c26fc0a9013a55b8ff32f11

                            SHA1

                            a1cfb08ebf71af588d474b3a7bc018e5a4a953de

                            SHA256

                            551dc2b9783053a818eb847eef3b35d673861943a87292bbf93418177284eca1

                            SHA512

                            67511f0ca8c16a78ac2bc40dc0cf6acc3c5bb2169502d8a502f4b41eacdce9a857c26339c37a2133e0423edc3baeea6795e162e93f955f08340dba2e2ed0d937

                            Download Submit