Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://wfc2.wiredfor...

windows10-2004-x64

1

Analysis

  • max time kernel
    32s
  • max time network
    44s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230831-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230831-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    04/09/2023, 08:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://wfc2.wiredforchange.com/dia/track.jsp?v=2&c=hdorrh%2BHcDlQ%2BzUEnZU5qlfKZ1Cl53X6&url=http%3A%2F%2Fmywizinkatoun.s3.us-west-1.amazonaws.com/doka.html

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wfc2.wiredforchange.com/dia/track.jsp?v=2&c=hdorrh%2BHcDlQ%2BzUEnZU5qlfKZ1Cl53X6&url=http%3A%2F%2Fmywizinkatoun.s3.us-west-1.amazonaws.com/doka.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4676
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb0db46f8,0x7ffcb0db4708,0x7ffcb0db4718
      2⤵
        PID:3980
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,473657435717629983,15383009841976782022,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        2⤵
          PID:1120
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,473657435717629983,15383009841976782022,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2828
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,473657435717629983,15383009841976782022,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
          2⤵
            PID:2092
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,473657435717629983,15383009841976782022,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
            2⤵
              PID:4484
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,473657435717629983,15383009841976782022,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
              2⤵
                PID:3488
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,473657435717629983,15383009841976782022,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
                2⤵
                  PID:2684
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,473657435717629983,15383009841976782022,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
                  2⤵
                    PID:3744
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,473657435717629983,15383009841976782022,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
                    2⤵
                      PID:2532
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,473657435717629983,15383009841976782022,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2792
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,473657435717629983,15383009841976782022,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
                      2⤵
                        PID:632
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,473657435717629983,15383009841976782022,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
                        2⤵
                          PID:2612
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,473657435717629983,15383009841976782022,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
                          2⤵
                            PID:3992
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,473657435717629983,15383009841976782022,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
                            2⤵
                              PID:3264
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4028
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4904

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                184c5c7572a6b42b329aae4e94e9b801

                                SHA1

                                adc61339fa23296b5271ac2b7e0de1d7390c4e12

                                SHA256

                                ce44f115c3b1677a95d69195266225da59f4dd8cd9d57fd713df35b91cc564b1

                                SHA512

                                692f524f7b95da9ef6e247772dc5e949fa3aa34a61675fa5c59698583c1708f0aecf454a06f8deb8bdd7690fce5bc9c76bd2a544ea6354fda15a924480eee820

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                72B

                                MD5

                                bdb1915e6f23f81abec9cdfd60cccdb7

                                SHA1

                                8937e43143dee5117389695a0e1cd57ecf4e5b7a

                                SHA256

                                73ea188ab110d1356291fca548116139e78e882d5fb0e377466c9e48b57918f6

                                SHA512

                                e1e696d006656406c565022116618c3cc9276aab059f84fa2219de93f0fefdfaaed1b79d62794f5263fe475a585098602a5aff5d471d4b9ebdfc41440e988a27

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                111B

                                MD5

                                807419ca9a4734feaf8d8563a003b048

                                SHA1

                                a723c7d60a65886ffa068711f1e900ccc85922a6

                                SHA256

                                aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                SHA512

                                f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                8acc89de38630170ccb74e1890c17075

                                SHA1

                                3910b1057e957829ad71a86452d1bb689f48a814

                                SHA256

                                4476619188c2e0bf38cb30e351b0d57567bb4171f400aebaa5f5a5759fab0671

                                SHA512

                                77bdfbd64c4ffe12186b0a7ede8e7828da83ba45c2dd5b65c5c56389e146ea63a249a818da9717f57463829146a6fb8b841c60e668ff967a54035c47a0408e0e

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                d5f64f6f227c80f1a618d64467627a31

                                SHA1

                                7bed827aa69d93ce0884da2f5c4100ad9b99e3f2

                                SHA256

                                d515f382320d77de4408273155d5f733d7d51c6b236c0ae946832af1e19d75a7

                                SHA512

                                8e70370233911df3c17b03cda2f8fbc36061626ffcd5d0e80dfda3fcc31403f0b968dc8d4b0b3daf7cde3d0cb85600a2d828e045692d72ab8b058a63693d8608

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                6232c6011cbc7a8458c824627f2d09bf

                                SHA1

                                6b8a324aee339316e3b4026f80c9f6b16f1256ad

                                SHA256

                                65b4d370cbaf9915211a7d854d27646120ae19a10dfe8007ce72644c60c3e1ab

                                SHA512

                                f09add5b566af037af2bac30ee4256ddeb3c935ba582c8d2efc606d9ca0f23ea4b10e3ee7c695432932b782f16f91e57f38086fb93298c4b213deaeb86ad9e51

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                Filesize

                                24KB

                                MD5

                                2236cc12bac28f32727898f8e798ea71

                                SHA1

                                60b010388e64c9c6b7278329c25ef18895c2e4ce

                                SHA256

                                fb27de22688cf0240d03864dcf317d31701e0f0da97f5bbe6e545030f5830d77

                                SHA512

                                df522872bcf008bd11e85c5155ead36c0bd2e33a0d44bf3c2ac7f52e6e0df3dcc3067165869509a1ac7167919509672fe7c961619a9f833e8a92a59de456ced6

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                11KB

                                MD5

                                8482c2faf5d5a3e83971bfb4bc9ee04c

                                SHA1

                                aa99c581579189ea2beb340b722e57cbec83d2bc

                                SHA256

                                d9f05c91f7cd0d62426137ab420fa0cb3d4a44619c506bf70789347a41522ab9

                                SHA512

                                80dd35d37487157285701b97c16907da0759d6b0c9ac3f6aade87631d9794003d878113d966ab6404e149e5a88fd4d0adbb92a7fed30ec364237d06eda25dd3a

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c9e97db0-7cef-404c-b8de-cd7b46989bb6.tmp
                                Filesize

                                11KB

                                MD5

                                7ce72fbde3262f6bb648448ac3872a63

                                SHA1

                                153e5672be18c7b4760d4111ec7b8bdc5b7e4131

                                SHA256

                                7a323b4cc45ffcc54fe6fb693a0898dca835cb758ab775860772486f5f38ac8b

                                SHA512

                                cecdad62ebdfd9ae11e96c085c48203b8a6a0b6481d6fd33e68f368cd7a82e7d8e9004eeda499f86a338dcb7db8148bd5f224754a86da9ead36de58d85a5498c

                                Download Submit