Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://www.elianelec...

windows10-2004-x64

1

Analysis

  • max time kernel
    56s
  • max time network
    61s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2023, 02:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.elianelectronicsrecycling.com/

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.elianelectronicsrecycling.com/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:368
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff458b46f8,0x7fff458b4708,0x7fff458b4718
      2⤵
        PID:1244
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1072
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        2⤵
          PID:4200
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
          2⤵
            PID:700
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
            2⤵
              PID:1016
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
              2⤵
                PID:4632
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                2⤵
                  PID:4936
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
                  2⤵
                    PID:2996
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
                    2⤵
                      PID:1792
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:672
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
                      2⤵
                        PID:1820
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
                        2⤵
                          PID:1364
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
                          2⤵
                            PID:4628
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
                            2⤵
                              PID:4120
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
                              2⤵
                                PID:3400
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
                                2⤵
                                  PID:3404
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3902214653338884999,2043624272216431955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
                                  2⤵
                                    PID:1480
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:1376
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:2500

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      f95638730ec51abd55794c140ca826c9

                                      SHA1

                                      77c415e2599fbdfe16530c2ab533fd6b193e82ef

                                      SHA256

                                      106137874d86d602d1f4af7dac605f3470ec7a5d69b644b99d502bb38925bbd3

                                      SHA512

                                      0eb01b446d876886066783242381d214a01e2d282729a69b890ae2b6d74d0e1325a6bd4671738ebe3b6ecadc22ceb00f42348bad18d2352896ed3344cc29f78a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                                      Filesize

                                      19KB

                                      MD5

                                      837c6299f7c8654d88b9fae757317fb1

                                      SHA1

                                      190dc56ea7b567a6fd6085083014d6666bf55495

                                      SHA256

                                      56f11d0abb777171ee4cbc6e9a15bc2da13d39aa9165322efcdc76bda6b9debd

                                      SHA512

                                      f2ed13a7a258c348debd21f77740b28cd5cb580b38dfc79ae07265a6b1897ab64045d3430d39763aebb0dbe3030f36e31ce035eec0cd669812d7b45ff8778f10

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                      Filesize

                                      37KB

                                      MD5

                                      b147c09d942d9f688348ba5f20375967

                                      SHA1

                                      191ce7c51750885b27bc6b8041a434b94f658336

                                      SHA256

                                      173267ca2309a3e81cde532a3f65ba8ca32780aeb9b3f5cbf89b1aef169df02d

                                      SHA512

                                      44120040819a402272f9a51cb97effe1b4b3c58e56492f03d36ca94c9bd6872cdd355690a75ca9dfe46e780789632a78244340817634d13e819d58c6b207a554

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
                                      Filesize

                                      35KB

                                      MD5

                                      c88aca3ce8fd7ec85ff55d835e476dcc

                                      SHA1

                                      66f5f5ddcff30e3b7425ca4995c27ab19fee025f

                                      SHA256

                                      c2c5ce710d0420daa825ffff8ade4628c84ab0dad9c066d356e91c47f5dec485

                                      SHA512

                                      1d059824aa1f4ab45f8ebef50ed1b08c8973d0e3671f31837fc849604fe27e3166ea8cbf56ac781be1e3d2542c6ee1be8c65a59723b9e172559db524bb7598b3

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
                                      Filesize

                                      24KB

                                      MD5

                                      9661f391f69ddbf1e8bbf879c1c69660

                                      SHA1

                                      60e78567cd82d5dec158be4ae4d365f45412fb36

                                      SHA256

                                      59fe3fa5daacb2b18c734a563d4e8e9df1f51eb24672249ca4962f3132149191

                                      SHA512

                                      dd61b2a9827be092d779b36dc1c4f3983e78cd42f3b6bb07d61758502ef0eedc2fa562ec028374d072e1ace9d82c2c816d2bbb742523f43cf5a6371b79064722

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      1KB

                                      MD5

                                      a1edd5ba62c000c85bb08cba60c79769

                                      SHA1

                                      fbba7f53c83a90ef7a77f0b0d3b286dd178c89a7

                                      SHA256

                                      d49f213716942fafaeedcfefa36735c00445a353e7433a99421fbabf55af57a6

                                      SHA512

                                      d93bde8637d0ef27dec5d37f3822fee04b2cd4ba026b7d515ca9285975cd32a4dfe39acf1657998508f3a29b9e2d69c3cff46ed8e931a53670f722d9c5057f41

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      111B

                                      MD5

                                      285252a2f6327d41eab203dc2f402c67

                                      SHA1

                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                      SHA256

                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                      SHA512

                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      824d482c3bf07559b8822bf487e03ca4

                                      SHA1

                                      9605307c7ff09f1ea4b235ff4df54055f72f52e1

                                      SHA256

                                      20ca4583b2397989d76ffa7076b0682bea059e4cfbc2123a002fb434f8ba25f1

                                      SHA512

                                      05d70453fb709bc2088565834a13b55f24fc7bd0c226426c5aa123b83af5e2855ad809c42c6298ad74d43a1d599f0304ca973d85d78bfcf9fdb564a541159e87

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      150f9eef68a27de57e4b9e55045884e6

                                      SHA1

                                      ad04f1cb038cf62bf9adbffce0c4aa178804f8b7

                                      SHA256

                                      d0152e65c037584789cf267b510204cc2657df4ec913d812e8217cdcceb347c7

                                      SHA512

                                      be033777d7ad3c42eb21e6016a576e55f622ff989e2de7980b1925098214de968f33bdfdd64a8fb3edf0a491cf05d34a63cee83a2bb42f08bcd1f57b1b028635

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                      Filesize

                                      24KB

                                      MD5

                                      4a078fb8a7c67594a6c2aa724e2ac684

                                      SHA1

                                      92bc5b49985c8588c60f6f85c50a516fae0332f4

                                      SHA256

                                      c225fb924400745c1cd7b56fffaee71dce06613c91fbbb9aa247401ccb49e1ee

                                      SHA512

                                      188270df5243186d00ca8cc457f8ab7f7b2cd6368d987c3673f9c8944a4be6687b30daf8715429bd1b335391118d0ce840e3cb919ff4138c6273b286fb57b2b6

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      f809ee02d3e3aec877b90280a4a6a085

                                      SHA1

                                      617eed5a552b931c3360f1b05c44568e4ca43c91

                                      SHA256

                                      a389dad80d744fcbbaa3221c2fc4a5a73feaa78d534dbb20e068834b79b3274c

                                      SHA512

                                      b5acd944de35cd2d814ba057b6165ac44c8668c99cebc5d41ae99e1a78075d908723ded2f5b0104410b3ff110286875233c95d7aca1ee8d74951c2e37be18506

                                      Download Submit