Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
198s -
max time network
200s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 17:04
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.a193gradeb7.com/specification/images/footer-bg.png
Resource
win10v2004-20230915-en
General
-
Target
https://www.a193gradeb7.com/specification/images/footer-bg.png
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4044 msedge.exe 4044 msedge.exe 4124 msedge.exe 4124 msedge.exe 1444 identity_helper.exe 1444 identity_helper.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4124 wrote to memory of 4328 4124 msedge.exe 54 PID 4124 wrote to memory of 4328 4124 msedge.exe 54 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 3280 4124 msedge.exe 85 PID 4124 wrote to memory of 4044 4124 msedge.exe 87 PID 4124 wrote to memory of 4044 4124 msedge.exe 87 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88 PID 4124 wrote to memory of 412 4124 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.a193gradeb7.com/specification/images/footer-bg.png1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4124 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ae4d46f8,0x7ff8ae4d4708,0x7ff8ae4d47182⤵PID:4328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,18020036336181382618,3326565350033857858,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,18020036336181382618,3326565350033857858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2828 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,18020036336181382618,3326565350033857858,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3148 /prefetch:82⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18020036336181382618,3326565350033857858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:12⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18020036336181382618,3326565350033857858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:12⤵PID:1548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18020036336181382618,3326565350033857858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:2488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18020036336181382618,3326565350033857858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,18020036336181382618,3326565350033857858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:82⤵PID:4024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,18020036336181382618,3326565350033857858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18020036336181382618,3326565350033857858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18020036336181382618,3326565350033857858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵PID:1784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,18020036336181382618,3326565350033857858,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2660 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3236
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1516
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9dbef3f8b1f616429f605c1ebca2f0
SHA1ffba76f0836c024828d4ff1982cc4240c41a8f16
SHA2563e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1
SHA5124eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9db2a031-1eef-4606-95d2-4d4fd71d337d.tmp
Filesize111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5fad785b3556a7cf2ea54ea290467c719
SHA107577e9bf460d4ea7842155a5ca4edc62f2b11f2
SHA25615cf21d61dd57eeddf2c19a132c8e8e3c02bead4c57a8a957d72843e049c7789
SHA512534163f76b230cc52e36eade12590c9f6888c10053b54305d3dfe26970c41d5e806456d73d6c8dd6b8d355bbf5bdf90b057288a157aae7126bd3d3698dcd028e
-
Filesize
5KB
MD55c670f6bc05f6306089591d5b4d23e27
SHA15e4e08c298770375e8c1e5a2f6f18ed98f233493
SHA256100225856d00764861e33719cca2e611e2aa8b707191985ae0bc2c589839fe88
SHA512d8c1c479075a3cfe5a127d8af11c710af7ad798b26550db7c51988ec4bb267ff75204270280ea553d403cc8ef115198c8f13c5c1a049be26251eea7a6c893f64
-
Filesize
5KB
MD56039f86e67abfa799ac42956a9146140
SHA160ed85e1e43e67387887fde5fd03c34872ffd264
SHA256de994ef43164c62fe8a5053bc46e239726d6f1456fd9e931e702952907656b7f
SHA512177a014ffe3470057be22ab41b64762a188ce94a1d1572a8d432ce374de18ffab43f507ced402e788f663519fd18976a657d1954a4fc6371e1825cf9b8245806
-
Filesize
5KB
MD56d45091f36026ac4a9a6f1cc2561bce2
SHA19b9434513881f83534cb735076f67257cdbd07da
SHA256bd88ce0a2774edd8fdfd28151888fc9eb69514299bf01f88380406c78df1545c
SHA51294c454170a930ae8a4c5c07a392160ffb8d5de6fa279b8a0b88edecd10075b2d67f745c388e3a8c8da177c52a6595e6d27ec98270aa313b86845794ff65c2a31
-
Filesize
24KB
MD56dcb90ba1ba8e06c1d4f27ec78f6911a
SHA171e7834c7952aeb9f1aa6eb88e1959a1ae4985d9
SHA25630d89e5026668c5a58bef231930a8bfb27ca099b24399a2615b210210d418416
SHA512dc31807eaeb5221ac60d598035ca3ccab1dbeecc95caaff5e1f5a2a89ba1c83ef0a708ee0b8ed05b588ea5d50e360032a534356f84c89d3791df91d419daeff9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5a47e1342cc94dbe1a69a8d5856f2f074
SHA10960693906053a8fcd3c38007086abe617b9a217
SHA2562360d62556a7f8ac48ce914d580230025365e07e2ec36fa809d09cc7d30c78ab
SHA5129a647ccdc317809c4abea557f67ff9a6da364b0aa58154b6c35a022ef48987ba4a5f2eb9f14b811f9d1a1db73682dd11453e2d9f6e87cf69c020926ec23b626a
-
Filesize
3KB
MD55b8e50b96c229926a1c619a38ba12a29
SHA11aa723edfd1b340602e30072df077addd7a2b664
SHA2569b31afcf699feb870895182f3076ad405c67111a5a8c4595048bc7aef42e0381
SHA512651bd4b5ae03b2940ca06b69e803d3300e838cd38cb1717a0acd3f06ec22f12fd3fcd370a4ae353297f372d422192feab20aa7fcc17a95c1895a93bad7ec16d5
-
Filesize
10KB
MD511913c4282f68a7abfe46288770fe204
SHA12699b5c3906ac502103925034e006b3f4aae64db
SHA2562a51cf89605f80ddd52a18f5fdbfb27ab08aa61715c4ed0a84465701e8d53a8a
SHA5121eebf0464717d505cd41ee8d2ce52479c20542379dfacd4513dc212e83940cbf6ea78a0e66e5546668be57ed7cd890abc7600f4448108f8c5320d885b2adfbf3