Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
24/10/2023, 10:23
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://thirdbridge.com/
Resource
win10v2004-20231023-en
General
-
Target
https://thirdbridge.com/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4436 msedge.exe 4436 msedge.exe 4200 msedge.exe 4200 msedge.exe 1160 identity_helper.exe 1160 identity_helper.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe 2008 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4200 wrote to memory of 3352 4200 msedge.exe 38 PID 4200 wrote to memory of 3352 4200 msedge.exe 38 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 3160 4200 msedge.exe 89 PID 4200 wrote to memory of 4436 4200 msedge.exe 90 PID 4200 wrote to memory of 4436 4200 msedge.exe 90 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91 PID 4200 wrote to memory of 4052 4200 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://thirdbridge.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4200 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7aa746f8,0x7ffc7aa74708,0x7ffc7aa747182⤵PID:3352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,90263765382175723,18390952041733300431,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:22⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,90263765382175723,18390952041733300431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,90263765382175723,18390952041733300431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,90263765382175723,18390952041733300431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,90263765382175723,18390952041733300431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:1580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,90263765382175723,18390952041733300431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2260,90263765382175723,18390952041733300431,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4228 /prefetch:82⤵PID:4672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,90263765382175723,18390952041733300431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:82⤵PID:3792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,90263765382175723,18390952041733300431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,90263765382175723,18390952041733300431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,90263765382175723,18390952041733300431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,90263765382175723,18390952041733300431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:3908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,90263765382175723,18390952041733300431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:12⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,90263765382175723,18390952041733300431,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2008
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2180
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4648
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5088
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4c4 0x2441⤵PID:2096
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD584df16093540d8d88a327b849dd35f8c
SHA1c6207d32a8e44863142213697984de5e238ce644
SHA256220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA5123077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize720B
MD5aaa3b9772edf4cc97d6fda0a3cd97c77
SHA1cd2c9549bd3a794ea3fc0c962130268009dc8f6b
SHA2568f9f127577ac67e88bf112c9cbf29050d90228be90ddaedd446488ae836ccd24
SHA5125307ca1708bf4a86fa63c788272d812eac14a87bf65afc48cd1c719a5980c93469c7b87ee39306fbf26aca2f0e8af959b2eb1af501f68a77328fd7281c8fd29a
-
Filesize
2KB
MD5a1e37b1e2c59d3496673db20b251ae66
SHA17d23c2083ca37b269516cc3b62a51e223e657e49
SHA256ac71a66b5d372913c75ab9cda7dade25283524627c44ace309636fb8c3f2dbf9
SHA5120175f7f55ccf8e6d83d2c6a4026d273000e952e3767b309b038ae5b0cc79f2503919efbb883c9dbcd7d205c3c6cc9f3547acbd397b517b75c728767761b6c256
-
Filesize
2KB
MD592df6207bb528c44fc99b735c5a43699
SHA17f6b3eac1fc87e167208e61f0f7e2465b5b203a2
SHA25641edd86d0803590942619429bccd500f57dc797119b4ef16a2e05dd5a0a5f2bb
SHA5125602fe4a35c1d4f8699a87f9fb736cb172da44eae308131ba1021674df3af7b5ea66636afdb917075e428fc432f2f074c1542a058cb36d88efe6ec342064d992
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5155faf567eb0a4bb5bc640b162343d76
SHA1251972e340c7804db22669191b5240dd5fdf3749
SHA2563e6af43a70c4deed73b94ce5fddec195117a15c911608ad39854e7c710fc33a9
SHA512ccd60b2b868ae2689e2733f5388d48e782c7f1abe66e4dae7e0ef16ec223bb40ddf329905874544b459959b59c1897ec7aa142fb9b841cf736aa8649eaea8276
-
Filesize
7KB
MD5c72cc8866573c059e27000caab265d70
SHA18f739e2a2992aafb67ec8dcafac2c0a942066736
SHA256a0035727f9e349c917762312eed9feac31c1e71cc80576d3d79472b1b5f055af
SHA5128afdcbbb7fbffca64656fefc84186c4db5982e9522cae8f68dc1c9fed9ba72c6dd49f7f95bec23b8a5f1f4f21518be553e1d48011e8a98777e9b268b5bb7d439
-
Filesize
5KB
MD5a7f6cb93da82d78fa998e1be96674f73
SHA1012b9872ba4366959f8dcef19baf29ce090ccb43
SHA25611c6438105f168950cad6aafda74767c68a139e3f4d410fef6a46a27b7b852e7
SHA5124193a0d2da8ce10a1d755b7eeccc871ccc67ec96d30fc944bad78a066a7cdef4875a3690f637d7f6fd96e95f58d5ce591236eb3f7d44bcb6dbcfc3b28576c0ab
-
Filesize
7KB
MD5fee9ff45f487e31c05e016754065d315
SHA11c108f945383a155f9b7713d1da3a1efbc930065
SHA256cdb40fbb53ed5f77fa752cfb8e5bb3197aa41a3ee257095773dc250442269b61
SHA51257b9d4a0dd95d8365aea3016439f7fa2394df998b8fe83ba1383ed53782a97dd354345739565a7a0814b81080300db49e2562724a9d716af4dd7b9abab49e5dd
-
Filesize
24KB
MD5918ecd7940dcab6b9f4b8bdd4d3772b2
SHA17c0c6962a6cd37d91c2ebf3ad542b3876dc466e4
SHA2563123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175
SHA512c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD54dd76ed237094c7a8894d93fbd1fc477
SHA19abd48f01bfc15e8221d500cc2f54033b34a7c81
SHA256e1031b6602fd3eb4a2e16db3caedcce9c051ffdef1ab3419da042ba48202a42a
SHA5126b08a5cf8c5df56baace0d93bd3fb4f1166d80a61dad43a67d0ae69ce46dba690dc0a515b20c8a695cc4252f6e9d83e0075b19a764493cbb1b3140670033f594
-
Filesize
11KB
MD54e7d500a08254f8523364a10336a571b
SHA16d2f0effdda9029edb18a483c1796c772fcf6ff4
SHA2566e81fcc432416235fcd24cd71a2ab524428111a549e6849086a6fa7af81733c8
SHA5128cbebc60fd878695560a339cc4aec1cb99907dcbfd80d775ab1cc437b437fd9f354d1fc3c739f77c41311ef9aa80de79a50d732bf0ddc4d698e42c5bbc28d313