Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
07/11/2023, 14:22
231107-rpw62ahb4w 127/10/2023, 15:55
231027-tc2bbshb96 123/10/2023, 16:49
231023-vb2fdace66 117/10/2023, 12:22
231017-pj4b2sbh51 116/10/2023, 18:28
231016-w4t3fahg73 116/10/2023, 17:48
231016-wdtzrabb8x 112/10/2023, 18:50
231012-xg4h2agh7y 1Analysis
-
max time kernel
1819s -
max time network
1726s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 18:50
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win10v2004-20230915-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3324 msedge.exe 3324 msedge.exe 4652 msedge.exe 4652 msedge.exe 2176 identity_helper.exe 2176 identity_helper.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe 1380 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe 4652 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4652 wrote to memory of 1032 4652 msedge.exe 85 PID 4652 wrote to memory of 1032 4652 msedge.exe 85 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 4672 4652 msedge.exe 89 PID 4652 wrote to memory of 3324 4652 msedge.exe 87 PID 4652 wrote to memory of 3324 4652 msedge.exe 87 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88 PID 4652 wrote to memory of 4152 4652 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4652 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36b346f8,0x7ffb36b34708,0x7ffb36b347182⤵PID:1032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,4830092035268241384,7421045857127267264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,4830092035268241384,7421045857127267264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:82⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,4830092035268241384,7421045857127267264,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:22⤵PID:4672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4830092035268241384,7421045857127267264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:3704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4830092035268241384,7421045857127267264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:2092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4830092035268241384,7421045857127267264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4830092035268241384,7421045857127267264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4830092035268241384,7421045857127267264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:2232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,4830092035268241384,7421045857127267264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:82⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,4830092035268241384,7421045857127267264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4830092035268241384,7421045857127267264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,4830092035268241384,7421045857127267264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:1508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,4830092035268241384,7421045857127267264,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5140 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1380
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2588
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4564
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bf009481892dd0d1c49db97428428ede
SHA1aee4e7e213f6332c1629a701b42335eb1a035c66
SHA25618236c88bc4fe576f82223cca595133aa3b4e5fd24ebac9fd515b70e6f403ab4
SHA512d05515ff319b0b82030bc9d4a27f0432b613488f945d1dae8b8dfe73c64e651eb39f4141a5d2e157e2afb43dd1dd95b6611c1003ac4e2e80511e6c5cd7cfdf11
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize384B
MD54c8184dd1d0fef6596290dcacf079c04
SHA18466c0685bf6fbf99c752a3a1ea265eb3551e72e
SHA256a403f3d826278d4418626ff6792ff01573cbcdf943c903856fd2c536ac1dd61a
SHA51259e90e53d8b78cb8891154e84486a8632ac54e8b4294b8b1dd2ed046172e9fb97bb34ffbd7292eeb87764d06816245f6c05fb5cf138d85ff04d9a6706d5c3022
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD57d2dec3e89a45b87dc86348336c18426
SHA12b682fe22fe277168de888095db523405d97c5c8
SHA256b7e9a01fc38e4d796d051ec7607722592732a5383a640434ed56b4ed05f3e35d
SHA512e9d494777ba1a48eae4f110f3dd1a4f4a517fc6aaddfde793372868202b6f5483635ce732c8cb73ab4cba2f9d7295b7049208bc36672229bbf71dfb6f11feca9
-
Filesize
1KB
MD5e29886e429d209e8a28be5975db14994
SHA140c7da854ad474353f48ed0daeff51780f7117e0
SHA256e989ab465ef3bc309f84afe7dd63ff758c7ec8686b0698567350cc89c806b697
SHA512ed8b7a587767847c5bab7b3eef2c411570c81dde2b4b135f370538fe42139c622a9268a088016f274d0e430e74e4e0f9c1b3dd9dd75cbe59c53298f3b73dc5d5
-
Filesize
6KB
MD590d918c0be7f70305adadb816094cefb
SHA1b42ababb7a39cb1febd2bbd9900c1be386bc192d
SHA2568e67e5cc226f98d8c2808c6cd39c050582987427f09e99a1023b5dcc31e6adfa
SHA512a6f7b3e96da72fbca01ba96d0a50626852cd53e7913f824717542fa0480f539a9509dea6e3642cb861ff14ffceb682b2a25ccfadb9a687670190d02493a54166
-
Filesize
5KB
MD51080371fb28a13d08542de558ed676d8
SHA1f78bb2095915a2a3640f68c22265d96c5c2a0dd4
SHA256abfb5cc9651d97b91520ea65fc02565c23e3d440854bac54a2c10e34a2538749
SHA5121090286b8f70c3a898ec1397f511d37a5a79a12dd61b9c3e29b1f6e8eb431be5caf80a17aa81238e3bd2c68b4354217f2c7e9cbb094753126aeef4238c8fd612
-
Filesize
24KB
MD525ac77f8c7c7b76b93c8346e41b89a95
SHA15a8f769162bab0a75b1014fb8b94f9bb1fb7970a
SHA2568ad26364375358eac8238a730ef826749677c62d709003d84e758f0e7478cc4b
SHA512df64a3593882972f3b10c997b118087c97a7fa684cd722624d7f5fb41d645c605d59a89eccf7518570ff9e73b4310432c4bb5864ee58e78c0743c0c1606853a7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5191c74dc29b8a00b461ac566c6570ffd
SHA1311a1875d293445ec3f647eacaa8f81977db6c22
SHA256cb10e083519e14f1caa45564b5606ae22c6d2ab06fb97f53c7a0e7e94ddea8c0
SHA512d50905575085a253a78b9650e3742e39a43f4c6c315086488e934f5349c1e16739b59cc388b2be7dcd2f8ebbd0bd6a6f6393155094a2f3acb286f7dff3fc0e94