Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
22/10/2023, 07:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://t.co
Resource
win10v2004-20231020-en
General
-
Target
https://t.co
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4552 msedge.exe 4552 msedge.exe 5108 msedge.exe 5108 msedge.exe 4232 identity_helper.exe 4232 identity_helper.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5108 wrote to memory of 2524 5108 msedge.exe 87 PID 5108 wrote to memory of 2524 5108 msedge.exe 87 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 2412 5108 msedge.exe 89 PID 5108 wrote to memory of 4552 5108 msedge.exe 90 PID 5108 wrote to memory of 4552 5108 msedge.exe 90 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91 PID 5108 wrote to memory of 2988 5108 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.co1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5108 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff15c746f8,0x7fff15c74708,0x7fff15c747182⤵PID:2524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,8714915581033687258,10017666893699128877,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:22⤵PID:2412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,8714915581033687258,10017666893699128877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,8714915581033687258,10017666893699128877,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:2988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,8714915581033687258,10017666893699128877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:12⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,8714915581033687258,10017666893699128877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,8714915581033687258,10017666893699128877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,8714915581033687258,10017666893699128877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:3640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,8714915581033687258,10017666893699128877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:82⤵PID:4140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,8714915581033687258,10017666893699128877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,8714915581033687258,10017666893699128877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,8714915581033687258,10017666893699128877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,8714915581033687258,10017666893699128877,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2796 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3264
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3192
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3732
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50cf64697fc2784c9847420986e1640d9
SHA1529a3599e6d0a45784825f82b0aaaf914eac613d
SHA25698c2d1ecdee4883a243dc1160d6a613c15b980b28739b012392d50fa2d1033c5
SHA512040600746da1fd99bd624e9748c00c9eed74b6c99b02b22a4e99f7b4d7bc28b53c88224ab16912b7cc58193725d4a2f0cdd7461145bd2a97aa3bad9cee03d96a
-
Filesize
243B
MD5a1661f0ff161d9965320e7a5f991ce5a
SHA17f2743ed67df6e94240ff80d1ed27e5b83871f5e
SHA256fb097949e631e364f7d11248098c2038ae5fc30e33789397393fb720009c713e
SHA5129e43cac37472f10e9b1c2089ccf2ad21dbfd12d063e7e44b9fe6986036ff7c864588f3c9b605e8cbf25ac949173fd25c8506e031e9bc28adc320e38b66a5761d
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5e7ef31cf0946fd8dbe1e02e1c15d5af1
SHA15e68208530efac8ecf5784c3c5ae615ed2590de6
SHA256e553df6df0f3b006c25a0e1eebc27c0f1682e6c3688b0192ed52361f36858906
SHA512bbce8b5da948c965ac58f260c2c62205e2851c9fdec2ae4f3271aae58d54ea1c7f90cbdd9bfff3fc829447a4d6497b94c935593da3e21bfba06383b8e0a4145f
-
Filesize
5KB
MD535b1403b5fa749ed1bd69283ac8ac4bc
SHA14ee0b2809768baf5004888e55efd1a1cb8164ef6
SHA2568fb117700394b01955053f6b1e6cf5f1ef6a11569a077ee46b494753d756de6d
SHA512a789c7a700f4098c7875473e40983ab9854f0d3bd3bd8bcef25dcd1426a56a469d3a9577c78e3e6fd7984420b1d3ba783c6a30c02d8571c422174dd69fc027e8
-
Filesize
24KB
MD5f35a0be8995cc98feed95b67c8457fa2
SHA1c1d3dade38e54b303cc8a62cf5f486be9bf15be0
SHA256d3b9788d364980bcbedb5bdd823ead098f151ee6355f1c14dd5719ccbf2126d9
SHA5125711cdd2aa0252d2456bdfaa5953c512600dea31907d36fd869abec97f8540f0bfcf8a407602b627a23e3f5f1101e8bcf055233ad9ac1026e5df4c6591c45c24
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD56160d7733404c11f0337c578fcb749f1
SHA1bc3c2cd0f658959143dd9eb90ec9959add3ce193
SHA2562284f3475f8e2cae03eb1a6578a5f74618406dc8abfaa7e4d823293a52bc5b9e
SHA5125c474ead1aaa337edc3da8ba569f97f4dc1d9fdcfa01d6f3bff3e069a94c63c89540816b416b0318543f8fd353ad1c87cad5aefd6bdbd1df0858280dd3c976b0
-
Filesize
10KB
MD5fbeedccfca429e3d5df0cb1f8d5886f7
SHA1ef81a8727691d677ce0e2a1c00f663522732a56d
SHA25620ef2439f331a15ef1ec57a246aa2c2c20cfaaa5723a62c14e50be3bc310db4a
SHA51291151f677655c8dc280c80e1b74ae262469f3bee4b8e659df21f6a23c2c33839abcf7c250ffad41cd14ff8657c49e1dde386e817021f5516575de874cf94264a