Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
83s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2023, 01:27
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://manuelfrancodonations.org
Resource
win10v2004-20230915-en
General
-
Target
https://manuelfrancodonations.org
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 940 msedge.exe 940 msedge.exe 960 msedge.exe 960 msedge.exe 1972 identity_helper.exe 1972 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 960 wrote to memory of 2588 960 msedge.exe 88 PID 960 wrote to memory of 2588 960 msedge.exe 88 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 1556 960 msedge.exe 90 PID 960 wrote to memory of 940 960 msedge.exe 89 PID 960 wrote to memory of 940 960 msedge.exe 89 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91 PID 960 wrote to memory of 4728 960 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://manuelfrancodonations.org1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:960 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dc0646f8,0x7ff8dc064708,0x7ff8dc0647182⤵PID:2588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17844830807617982039,6998743626820792335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17844830807617982039,6998743626820792335,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17844830807617982039,6998743626820792335,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17844830807617982039,6998743626820792335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵PID:3608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17844830807617982039,6998743626820792335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:1792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17844830807617982039,6998743626820792335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:12⤵PID:1140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17844830807617982039,6998743626820792335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17844830807617982039,6998743626820792335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17844830807617982039,6998743626820792335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:82⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17844830807617982039,6998743626820792335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17844830807617982039,6998743626820792335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17844830807617982039,6998743626820792335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:4960
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3628
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1372
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2852
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bf009481892dd0d1c49db97428428ede
SHA1aee4e7e213f6332c1629a701b42335eb1a035c66
SHA25618236c88bc4fe576f82223cca595133aa3b4e5fd24ebac9fd515b70e6f403ab4
SHA512d05515ff319b0b82030bc9d4a27f0432b613488f945d1dae8b8dfe73c64e651eb39f4141a5d2e157e2afb43dd1dd95b6611c1003ac4e2e80511e6c5cd7cfdf11
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3902a09a-18f4-47a3-89b9-48fd03286c92.tmp
Filesize637B
MD510a46f22c29ce2ec35056b0b28f592eb
SHA1d8dbf2ae2b76d03c93508f416218f86e9ac2d516
SHA256d03a58d76b403f6ed82a2207a23dee38ae4f0ec9765978ac2b84e4bc48cccec6
SHA5127841ffcd5003ae102cf17ae0fd118c1eb9b1e110ffd3fd94c602fc423de22c46226b318d8c7a3fc6e68918addb32c70361fb381db8978b59f1c5f95306c70a9f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD5a9c005b88b67bbe62f296cb7c9f87b0e
SHA1493bbd76f4e5621e20d8157416f72defb2f46756
SHA256b584d8ab5d9c7ec7f5be63018eb6fd93018d5f94653a79c25622772d934826d5
SHA512402b6168ebc87d76032b2636795b3ad3aaa499a4eb7a12f46dc5472f0ac2d1f5df9bab5484da8282caf5c111f8cab628b87652513f810791c3e6d61648dbca63
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize552B
MD537b2309b704268dd692624d2cadb3617
SHA1675cc57510774659a6449badc297aa61dbebebdf
SHA2568f0b049190432b479781eccbc7c31b46108773288b05639bcdf4bfc96c0defd5
SHA512978b1549ade6196db555ad1555f128c2aee2215edef648c5f4b970b27ad2deb6782c2a760247eef4a44a126b5b60928185476ee5f537755454bcc7483380ecd0
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD55f9f889dc6cb0ae82dec5050da875734
SHA14e154267cf349ba0294b7867f7fc31ac3877d4cc
SHA256d0cd640cdf0f1ecc6d5326416ea2aa8b529356cba95fd600cf8fc317bfa330be
SHA512f245c59b2663b40daf926bf70547dd7b4e74062b0db2fa3b2587bc0a110f8fe048f69253c1eea19aa94c5969801975c0bae6bee9ea15a1eb3521bc9bfc195580
-
Filesize
5KB
MD5d6ca658a8e4343c870d4f8d9e7c25472
SHA1d0a45aa26a21a9c94ebb38fd6391b1b6425b3fc6
SHA256a23ff587661ca8259774980736aa232ce72fcb32ed16fb2d2a928b8961ce400b
SHA512f9efb9d0f28200c3bef41bde22d889c6949597c34fcf0b8b6761e8df4a7cfbc547e3c5e287aba7db7ba7e24e50ece05da24523d9129dd99c2db1582f7182a2cc
-
Filesize
6KB
MD5ef85502b69ce598846131adc67a7d137
SHA12166614058db0ead288e5533e92b0a8960d74eae
SHA256c249165588ff802832ea0e37be00259728f4c810bdf792f6e1dcfc35bd7327b4
SHA5129173993ad7f56d69c37fe364b566702c0d175f41b271302dec1fc37fd50b459ba79a9aac723093c9d052da1095d80b943b9495459ef27fcd579303a7059fb07b
-
Filesize
5KB
MD501d2d8f8f2bd3f17e5e318ddd2103280
SHA17c78923f3c691bb47646c95f650126662f40dabc
SHA2568d3a256d9faf3b14311b04c6174135cc2affc5363fcf003dd4803eda2a216484
SHA512d03a3775d16d4246fac5d686a5ba3e68a06ceddc7f70748a52f5015682dbed89f4581ccd2c8873a6510bcd755175b518fe11a11465cc0ae5184824ebec4c0729
-
Filesize
6KB
MD595ecd201deca038dd232353190829e8a
SHA11f5d1ac358fd837c162f9268e1b48ea2392132de
SHA256231e0af2f86f773a7eebfe3b179c4ad9388807a0f8e62df38f1e3123276fe76d
SHA5121321161e7108ae123c001590ab9cad2ef9094aef2dd50ffd749b8ec6f0220c79d938192d4e6ec1662a04c3949d29c0471eceada0b5d19edeb85deb0388546f45
-
Filesize
24KB
MD525ac77f8c7c7b76b93c8346e41b89a95
SHA15a8f769162bab0a75b1014fb8b94f9bb1fb7970a
SHA2568ad26364375358eac8238a730ef826749677c62d709003d84e758f0e7478cc4b
SHA512df64a3593882972f3b10c997b118087c97a7fa684cd722624d7f5fb41d645c605d59a89eccf7518570ff9e73b4310432c4bb5864ee58e78c0743c0c1606853a7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5aee01ff777c06a445b7a6b6afe921f7e
SHA121b1cc94d8848b40aa2fff165241b87c01a47174
SHA256e8066b0b8473e86c217a1d3a57cc0d52462ac8df9882c30615ecab4582612c79
SHA51236ec734e951e77f0671ad97f57e2424f8d2ff39e72d08d4b7535904a25fc674badb805feaeb63ae36b6df8bda0d1a238eba86887a339ecadfe0d52461e7ba392
-
Filesize
10KB
MD5afebd4daadca1d49c18b6c64d7939410
SHA1a67b3ff33d888c5d9db1291bf241d14b5ee2e4c2
SHA256ba44c67f872bbacf595136d972c24dbc0ef61912a2fa651ff490adc240b9b9d8
SHA5120c23ac9fee906549164a832f989cf9bc0d448b05081bfcb4e4ecec024b7786bf94995966a30fb603101c0148b7383d9cfe28280338b8a0767142243985045faa