Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
56s -
max time network
56s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
16/10/2023, 11:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://portal.azure.com/#blade/Microsoft_Azure_Health/AzureHealthBrowseBlade
Resource
win10v2004-20230915-en
General
-
Target
https://portal.azure.com/#blade/Microsoft_Azure_Health/AzureHealthBrowseBlade
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1792 msedge.exe 1792 msedge.exe 516 msedge.exe 516 msedge.exe 4180 identity_helper.exe 4180 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 516 wrote to memory of 3020 516 msedge.exe 82 PID 516 wrote to memory of 3020 516 msedge.exe 82 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 3388 516 msedge.exe 84 PID 516 wrote to memory of 1792 516 msedge.exe 83 PID 516 wrote to memory of 1792 516 msedge.exe 83 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85 PID 516 wrote to memory of 4192 516 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://portal.azure.com/#blade/Microsoft_Azure_Health/AzureHealthBrowseBlade1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:516 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb561d46f8,0x7ffb561d4708,0x7ffb561d47182⤵PID:3020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:3388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:1900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:1780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵PID:1740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:1040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10211636285101558530,970092283941345996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵PID:4276
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5072
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2064
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53d5af55f794f9a10c5943d2f80dde5c5
SHA15252adf87d6bd769f2c39b9e8eba77b087a0160d
SHA25643e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764
SHA5122e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71
-
Filesize
113KB
MD5dbd16570d3d47c9fec8b5fa5dd0abbf6
SHA1a165399a3ba12fb5251058071203777ad683b925
SHA256cb3992b9d7fe6bd81f809ebe3ba25e4534189f73bf936848a77e307ba542487d
SHA512b4dfd4cad4479bcb7e0658d13483c45f05ae2b505a8c5e36b52cfc0da9cee84b3dd0eb43b50d4ff9c5856d3970ffb9a37cf6f91ebd9806c5f05e2d5235d9adc5
-
Filesize
59KB
MD5c1e82bf71add622ad0f3bf8572f634fc
SHA16ca863d4cab96669202548d301693b3f5f80b0d5
SHA256ba48af15d297db450dc4870242482145addb2d18375a4871c490429e2dc5464a
SHA512820a7f8a0c8ea33a8fe1e90cdc35f45dc1e143e836b0d8ea047e1e312f8caec72cdee4e7db54760a4d749cd0acfe103a27e39a9a56eb2d704e448a67b0d0c079
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD55c8799ba3358ab1903dce0054d85d8b5
SHA1a374beaaf91df78d47521bf059d66f1eefe55b1c
SHA25618f752150eacbd85dbf02c1510a11a2717e21b3fd4cafb1cdff9d2812cf01a5e
SHA512c3f1cd6aa34f6b3a866315ab2ad710e2bacc47bd40fb15da83e70377e0b07c8f08e1b69c92cf23a991b738f4ebed17e0f5eba58085a40dd31f4af10f3f770dfe
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5d7f34afceaa9614c29568e74f82166e8
SHA1e5fe2ade153c00f81bb017767e577eae12bb81af
SHA256b249e79072ad304e75f6e0618b6e7230802a983c1b2a9bf6517aeb92dab3b074
SHA512c8b20bbf42ba861ae70de7b89e7d36bf3aaaefa7b99626de00bcb7d5c0e963366c08577e8ed780f233a6a32db4ca5a82518e41d945e34774a59d835a1ac26744
-
Filesize
6KB
MD539704cbd62be9e77537a8d4d5a0e4a65
SHA1a40c93d8af902bf2c552931cabbdc72e907ff12e
SHA256bdf770ec1bc7085dc9a05fc7ffc7e5e3937a8f21c7b264bd3b021b938319565b
SHA51255d655e1bb8d036afd0b7d9b46fb2ecde910960364e04c9347aa599a9f38c52aecc31f8f159426955baef8b1e9c7636c143cd39732701630c71063da1b5c77ef
-
Filesize
5KB
MD5cf13e9779535e8493ecbd42feb894934
SHA1b5587b3908f46cf2f7f4367825195192738a8984
SHA25693087ed2777e5e1a537c15d2f6ff6efbc0997c1c1a2446954d3fa4130dc5055c
SHA5122e53c985c088a004063dfe215559e22494b5f8db81017cd8bf5bf4f2d182e51535b6ec84986db00e7f37d035dad6c409871d8cec98bcb251c94b963aeb6a92a9
-
Filesize
24KB
MD510f5b64000466c1e6da25fb5a0115924
SHA1cb253bacf2b087c4040eb3c6a192924234f68639
SHA256d818b1cebb2d1e2b269f2e41654702a0df261e63ba2a479f34b75563265ee46b
SHA5128a8d230594d6fade63ecd63ba60985a7ccd1353de8d0a119543985bf182fdbb45f38ccc96441c24f0792ea1c449de69563c38348c2bedb2845522a2f83a149db
-
Filesize
538B
MD5c7aac2d9c7a49801d371528b0c1a47f5
SHA1b2b58e486f95425b3a864e53d10e93d4b95ff823
SHA256490b707eb39315d0b2d66a9435bf3f3a24083da8eee6254a3a870bd35c383c1a
SHA512419f5b375e54f9de23e4447247271d603057d115eb3ff7beb8fa43b534701eba204b174aa8aee27fcd7ba58fb9275b9d34be0b164a1ef6cdb28ef603e375f9ee
-
Filesize
706B
MD58c283a54d25d967c5d78498eb220e0ab
SHA1fe5ec44636b0d910addd1b3c2d2a5b079056faeb
SHA25609b36e215042798576073b8dcc8088732e79668b1d6df57bb8ca0e31c806a089
SHA5125d57b836118b66eb7f0d5e9d51c3409d2a5f7d7e5fd85554639a2f2f169e7172fe596c96d7cedcd35e33fdbfa815b1ac3d3ffcf6d32fe988dc58c06930f8ee23
-
Filesize
538B
MD5acf54b5f8447dc6327fc75ed009f0dbb
SHA12d340e2d3b51b0e352b4082bc8bca9eb582e4853
SHA256dbfbee837eed27481fd4771a62e1d7b043237e8e8e9c69e9851d788b9a7f255a
SHA512fac31a3d6fad167bad014a40dd270e9c7f8836cbcf7ba347a28940e79ea0ff57ed1da8307ba21430bb095494e7a673eb8e622d9fb6213adb3a8d22aef523ab80
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a4585e2e-04d9-4a22-86c8-c1e309c6e088.tmp
Filesize6KB
MD569258a26099bd5db1f617c1cc9c4597f
SHA1ed9b654573fe2c5c65aeae4e2d3558e27e61972a
SHA256d91c89d1aaf0d295fc8620886dc53f50122cefc0659c0e2f8434d86f6a1e2296
SHA51271e2e0664c279c8203d118d371e640f8ff8212c6e03347b6a974e2a1711c37bcb0490a787999a815782a1afa036586c480e55cc4b04b1f198e97fe7b06cbbe10
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD526384da9395379b81a544498884c806e
SHA100ddbbc3edbcd5fc17b21bf9d5bf725e0081cb3c
SHA25667d960086c2f4a6ff4ad13a3458d008d7af25c8190aef06cd829c6ea0c406734
SHA512c12d7e37796ab246bbb07568b1d4635402f7b36fe7118c109321535fe276f8b4cc64cb13b6df5922e966c169a484e5d35fe5b319de9c01c8d68d8d76d0e33a88
-
Filesize
10KB
MD53c39a6e0cd853abfa28fbd60ee5e8c6e
SHA1c98fd7b576c8a112cb831b59bd3a94cf9bc0528b
SHA2564fc06ff902fe08fb37578991ac3e76654d84a1dc32bfe8a1f3bc16157d4cb6e9
SHA51201679f943054614ca7176d15abce343cb5cb4fd7cfb2f599114618b7c10bf955ddf1623db76300b4a696a0d1ad58254505820f3135f2d23901d97e04794b3e0b