Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
13/10/2023, 02:22
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://dockaround.com
Resource
win10v2004-20230915-en
General
-
Target
http://dockaround.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2976 msedge.exe 2976 msedge.exe 884 msedge.exe 884 msedge.exe 3736 identity_helper.exe 3736 identity_helper.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe 4488 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 884 wrote to memory of 4700 884 msedge.exe 82 PID 884 wrote to memory of 4700 884 msedge.exe 82 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 4640 884 msedge.exe 84 PID 884 wrote to memory of 2976 884 msedge.exe 83 PID 884 wrote to memory of 2976 884 msedge.exe 83 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86 PID 884 wrote to memory of 1684 884 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://dockaround.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:884 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb900746f8,0x7ffb90074708,0x7ffb900747182⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2506783904148812318,3632359261304879704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2506783904148812318,3632359261304879704,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2506783904148812318,3632359261304879704,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2506783904148812318,3632359261304879704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2506783904148812318,3632359261304879704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2506783904148812318,3632359261304879704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵PID:2764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2506783904148812318,3632359261304879704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:82⤵PID:1420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2506783904148812318,3632359261304879704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2506783904148812318,3632359261304879704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:12⤵PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2506783904148812318,3632359261304879704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2506783904148812318,3632359261304879704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2506783904148812318,3632359261304879704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:12⤵PID:2184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2506783904148812318,3632359261304879704,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4488
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3732
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1460
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54d25fc6e43a16159ebfd161f28e16ef7
SHA149941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4
SHA256cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5
SHA512ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2188e6d5-116c-45ed-a035-153f0c34f346.tmp
Filesize5KB
MD534c9bebf99ae43f60c7c3468a7386ac9
SHA1a697aa791052eccad6ab1a0810e9ee240e28a6ab
SHA256e90fed128de4577bb0d3b31c3ac1007a1ff6ff2fcba869e2cd09fbe4f3b58064
SHA51244c5884495bd8a55bdcfa52db5febbeee251e2b4e75778fcde126159c3514cdf64ea7f5a053d07bdf79fd2d49609dfcf38f4da59e49d5aed3eed1e25a48f891b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD535cf7cf7c20c75b6683df42a5666a116
SHA138056d709f4b86da8d8c09ef632b0f2ec0be4dc3
SHA2569c1d7f0099291e3e338f6611297dd401a5488b1b664f0546997e7ff75f4839f1
SHA512797f54bd76b512d4f2a489af541aa5d1f94b28bc81ad0cf6cd515191b0ba8c1aec8ccd9055a26f04131c50b9ee67524f2431ade76415c9a07183b72afcea92f2
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD521f27c0737777ca7d332531ebc7aebf2
SHA19f37ce9054f56202b3760adf2df1a0e2099f5f3c
SHA256ee8d6ddeeda28c0a329593543701f21301818b6d825f640f1f56a8b9625ad251
SHA5126a53fd4cba84bbfe42b14ddca8e01131a75cba144ee5f7db89d4282d69947c717f9f94e66de0d1c4a124972160ef02b22de2ef657013865d3eca546f49573f3e
-
Filesize
1KB
MD531a9772ed730b799d69ac5ca2b8db4ae
SHA17aebbdee7a450bb83f17d08a3b63ebef7df4d3ef
SHA25687e16112048a9e63680572bbf14e3733309608ca6338fa3cb96a0eaf8adedcce
SHA512e9ba28d4ed8eb836c8c1589103e9f272077502e8f34b982e30e4f5ec1469a6af4f0923b6130f734419068dcc6afd9e733e08e47c3579c1f88f373dd78db9c3fc
-
Filesize
6KB
MD571145eb7e41ff8f1d3fe60186ec44bdc
SHA14ba4254fb687fc040b3c2cadf116ba1db40b5381
SHA256b0da18601c4e356e499dbcf19e42874b9a526cf7156493956e30cc0114820c43
SHA512d854fb064f138ef4c306a7b88f16ecb487ddd09e4ac9c87cdffc258af0282320d933a240ab91a63608575d2303827242dfc691f61c266ac777002ce6f424f8f8
-
Filesize
6KB
MD55d5106854ec8e593358a6a9742ec8aca
SHA1cf784514ad30a7b7d429530fd266cd47cc162da3
SHA256a3fec9a01ee72624604147a2826eabd9e7e76bd4085e925a1c760c1b8ffe1644
SHA5129e9ab372d558945994aa0a5df8ee6c5167f3cf3d356743d34101912e810990b53116e486e9f3171e284749ddebf054dd44dc244eb8b0c78da81b5a08f7669d68
-
Filesize
24KB
MD5d555d038867542dfb2fb0575a0d3174e
SHA11a5868d6df0b5de26cf3fc7310b628ce0a3726f0
SHA256044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e
SHA512d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD56d48c1bc60aaa9166a985756f1f02c40
SHA196554f32de55ee875f5a43e6dfa8de6b6bfd0222
SHA256931d9852d83e97058a0606555335f30106c93c4d73872bc0c04745a340b805f4
SHA5120c09d51cb36f5a2d639b7b427ade5298c58846532af0ca76a2ba46e22268d95bacdca6b223d262d5e2c727379c275ffb1a03c15c9a1896141baf48618050f568
-
Filesize
11KB
MD56574f58b496d74b0ae33a2b90a9fef98
SHA1b8a7eea726bd9e2114284f139863e241facd7025
SHA25637fc0b68b6c5c3872ab1c5e4946ec570fdc5b5b683ef0c7ea11c6dabcbbb77ad
SHA512d4d1feee362713f203825390cb03f3e0b7854f818d8d9c171079df87e10b3b9c9175db1a9004bb52508a2114e697ce1c687420fa3be05bc52bc2218db7461a86