Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
16/10/2023, 08:01
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://tdsintegrations24.online/8h63np7t
Resource
win10v2004-20230915-en
General
-
Target
https://tdsintegrations24.online/8h63np7t
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1872 msedge.exe 1872 msedge.exe 1972 msedge.exe 1972 msedge.exe 1368 identity_helper.exe 1368 identity_helper.exe 3792 msedge.exe 3792 msedge.exe 3792 msedge.exe 3792 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe 1972 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1972 wrote to memory of 4740 1972 msedge.exe 14 PID 1972 wrote to memory of 4740 1972 msedge.exe 14 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 3956 1972 msedge.exe 33 PID 1972 wrote to memory of 1872 1972 msedge.exe 30 PID 1972 wrote to memory of 1872 1972 msedge.exe 30 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31 PID 1972 wrote to memory of 1676 1972 msedge.exe 31
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc068d46f8,0x7ffc068d4708,0x7ffc068d47181⤵PID:4740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tdsintegrations24.online/8h63np7t1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1972 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:22⤵PID:3956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:12⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:4256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:82⤵PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:12⤵PID:1700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3792
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4560
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4924
-
C:\Windows\System32\Upfc.exeC:\Windows\System32\Upfc.exe /launchtype periodic /cv MneQwGPJKUW/0jDDPgG6FQ.01⤵PID:3760
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54d25fc6e43a16159ebfd161f28e16ef7
SHA149941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4
SHA256cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5
SHA512ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5294f4b7037c3af68817d9756233bbbab
SHA177c9d13e170e04a4cd1d2b2ce8e512fdd4a3994c
SHA2560101392e93340282d047416cb4487a5d4c96bda1c2495d02b1259e1e9d10b6dc
SHA512dee16ea9e52a960b892038d21fafbf739e6c2f12d32a62a5ce14f14ca8384beada2fd4fc7467e8c81b5425e76e6a2bd19ed3ef53d8b3ae9eb4b91135e9cd25d0
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
742B
MD549dd107bd5aeced613c06c788eb1b230
SHA12aad3a206b332e952d94b7044a535a55d050e816
SHA2568d62b6cf30a4143cb6a89819b272952fef7a4c5172064878ad81357888ddae22
SHA512f9478adb870104176e3f082f351eb6032b966666c2b309807d5a72a98419ab71ae72e3e9649230e2f7dbf1bf7ecfb11e2a90882c4762564706474a0e4b09df0a
-
Filesize
5KB
MD5a7fb070d6048af9d903b78a871e41d1d
SHA12a300c3477f20bd05e5aceb8840aa188e83bcf41
SHA256f6974ccbaf4be74dcdaa1c0febfd30df5c5c528ec3433e176ee931b374d821c9
SHA5129b7243883831b3f4b51c79325ee363770773f7849b9c7cd3b950633a6d0a990de142f639d79eae0f99bb650b297bfeea681562c2f6a6c88a3e34924f376c2e41
-
Filesize
5KB
MD579d31d86da4dc688b23402fc216a4c19
SHA196433d586e1074f4f655f998699c13d88b47ae94
SHA256987efdc9f97765f5c6864e621fd079dc95b345e26e627be7642085efc32d33ae
SHA5123671aa2af800a7b9ee58cb32c12a59d920efcb359ae0536ad623a750a753f023f489e2203d0bceb0f9e56a4e561d6e0412544d2fa91e040bdf59efd08ccfa5eb
-
Filesize
24KB
MD5d555d038867542dfb2fb0575a0d3174e
SHA11a5868d6df0b5de26cf3fc7310b628ce0a3726f0
SHA256044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e
SHA512d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD57d85c573e96d6b41b04d12acd666f9e2
SHA1fc196fe78a2cee70707660b01ff037e9249c80b9
SHA256e47a70e1fd25cf1923c4913afbf797557cc9d0b8d69edf774e2e7123e92685ea
SHA512807ed2732ae6e79c590b6ba5b81a88dc2c3d35c79ce2816e7427c68d71173666b0c5d4cf8f708d83bd8bd091edb1ade3b4f6a6ee437714c19079411beecf6b17
-
Filesize
11KB
MD5a45a9d061b7c1e0549927a328fc7902b
SHA1a97acfeca3e0ed83ffbdca8ebfa2c88033faf8ce
SHA256a3b98afa735170114be42c8a4bb438bcce2bc737deac14a19a9e7a2447cd96bb
SHA512778e4af322a563cea33abfe9b57fc687fd8c137645d9f454d878aaa6047295f4ff37eaa1dabe40e8568bf1826e8003ae1732e6d1d28594494698a2dfa803de1c