Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://youengage.me...

windows10-2004-x64

1

Resubmissions

20/11/2023, 07:53

231120-jq18daee54 1

20/11/2023, 07:44

231120-jk11esee25 1

20/11/2023, 07:39

231120-jg2sjsed97 1

Analysis

  • max time kernel
    300s
  • max time network
    297s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2023, 07:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://youengage.me/p/655498a68e2ad5010008a492

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youengage.me/p/655498a68e2ad5010008a492
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb115846f8,0x7ffb11584708,0x7ffb11584718
      2⤵
        PID:3016
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1760
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        2⤵
          PID:4336
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
          2⤵
            PID:3576
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
            2⤵
              PID:3048
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:3388
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
                2⤵
                  PID:3004
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
                  2⤵
                    PID:4000
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4504
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
                    2⤵
                      PID:432
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
                      2⤵
                        PID:1172
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
                        2⤵
                          PID:1504
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
                          2⤵
                            PID:768
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2360 /prefetch:1
                            2⤵
                              PID:3144
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
                              2⤵
                                PID:5068
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
                                2⤵
                                  PID:4608
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
                                  2⤵
                                    PID:2536
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13452713943380634487,7833325644177126366,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4932
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2304
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:5104

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      0629525c94f6548880f5f3a67846755e

                                      SHA1

                                      40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

                                      SHA256

                                      812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

                                      SHA512

                                      f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      408B

                                      MD5

                                      d049eb7daead73dc82c7735ce2817f8b

                                      SHA1

                                      4a9c86cd5911cb6f838d1563dc1d8469b810c537

                                      SHA256

                                      8bfff93ea459db0b7540391ded421c4b1694228c9665e01d227f7f48f6f302c7

                                      SHA512

                                      e0936dbdf27033eea7c61d71dfd10fe943fd2b7b1578385b8ca669c89fed07897e9a22375776078281f59bdb5cce5b7d5023ae8333c8134d054d7dd824d13e56

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      240B

                                      MD5

                                      678dcc7bb31f6d0ff467073d7f1a2987

                                      SHA1

                                      7e5071844dfae562df5c694b222f7a9b08ed208a

                                      SHA256

                                      6f86e150680163ccc5268ae5b8a5e322e9c212efd679dff924eb98bec716ba1c

                                      SHA512

                                      ae331f78d8d6e3123bf525d309351498321492137eaae2863b25b97ee141b032fc04540f173ac57a5fbadfc03bd016f8618c427cd0c49ee861d40da038b52ada

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      bc521a9d27a891f0d72ad7ff4eb4b4d0

                                      SHA1

                                      4f97370d27fb78e9a51bb1e222253283f3126423

                                      SHA256

                                      36706cd92df6745828cf849348c8fb5ab12f816159a1cae89e7d74201e45fcda

                                      SHA512

                                      439e2258e4211310a6c51336360d92529a7ddfd37f8e50c7a8c30e941c9e631d6511fc0197758ad3530f21a28f93f481e15bbbeb2715b2b712d095d91d5b696f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      111B

                                      MD5

                                      285252a2f6327d41eab203dc2f402c67

                                      SHA1

                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                      SHA256

                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                      SHA512

                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      fe17f2153d5e3841ba2044eab0c4b1ae

                                      SHA1

                                      b1a9c92b6b90e1ccc804717c380dfed425bd1d60

                                      SHA256

                                      037287e1f9f2d8832da748180ce2a150ef868b64878459c0a1feaeafad73d064

                                      SHA512

                                      dd06d85f5dab5074c4d074204d91e8bcc71507c21e465cd3f1362cb95bd60bcc104c8b6c50adc0528390eef463cb95c7d6c0320cf20f4316df32ae19ba6ac9ad

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      4e794946d728471d00967e219e87d06a

                                      SHA1

                                      ffc6e37111ecc4102bb481c9f6f358c2b696eeab

                                      SHA256

                                      d55cbadbfe003f7ab08e8f0aa2beeb02e502ff11aaaca945d11003a2524c9aa7

                                      SHA512

                                      c0330ab94de8d556f60b256b5c24938887e82484552639c1a8af6df9046e3129fcedd3664b773d418fe885f185614b662ecc20ce08285fe3908ff008e6a9c731

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      d6b14f1aceab4a025353b5705ac4ea30

                                      SHA1

                                      5b4d96e5a28f0bf099a89327d884587ee755c7ae

                                      SHA256

                                      633d8e55dcfe7a757cedf6e56cb43b167ea03b8ab4b6603147fe41f3c5ca50bb

                                      SHA512

                                      d86c8a609070ace43650e02269c9d7dbda203fc6a448bc15f23fc336bd8c2019c010bd5ce69cdcf30fb51f49a0d181bfd073ab3cc2bc31354eb76dd903c5706d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      a60c6a133236ad5f5c21b218fedb0730

                                      SHA1

                                      94a28c01831d193f416dfee88b6f008951a32d28

                                      SHA256

                                      ecd4a1528a5dbc91e9f8af0b5a4ff59197ffc261ada94e3d2d4b85fbd9c058c6

                                      SHA512

                                      a730bb78e8dda2fbafa089ed9c06337ab6c8142d6695544449eb9117b76ae17d1c40382274be551505390bd73b5341ae0e00f3a1cec7e03b3e22d01da45547ff

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                      Filesize

                                      24KB

                                      MD5

                                      fd20981c7184673929dfcab50885629b

                                      SHA1

                                      14c2437aad662b119689008273844bac535f946c

                                      SHA256

                                      28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22

                                      SHA512

                                      b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      1KB

                                      MD5

                                      dfa15deac32ad91998b7bf7221db8ddf

                                      SHA1

                                      19cf39fce9c03716cabb1ddab99a98bbe568934f

                                      SHA256

                                      a210ed8187496f10a3c8dfb4be1f84918a254ea0a43deaa640c766c802e58f9c

                                      SHA512

                                      d602b71cb84ced8a05d05819a81a16f18ddd58dab23dae11a70e0d56c340a9e16fd808c0317b20c97c75bf52f50122175583a18ab82799eb3aaf47b8f045a0c8

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58756a.TMP
                                      Filesize

                                      869B

                                      MD5

                                      540faeb9bc6a04ef52237b869e666930

                                      SHA1

                                      16faa62a07059391e56de1af78f2c07edcf4a11b

                                      SHA256

                                      3b0d21b3ed472bf88d4cb5b742825abd6295d92df11947a8696644226b3230fe

                                      SHA512

                                      f63a27914ceb98264a72a673bf9ae7e28a11d071a9278e98c24fa2575ad1482552d5a8f7acda516b14539128621257511986948205406977a2f6a680bc70a913

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      b52d2ab7c07f9a9d92cccfa87e602c84

                                      SHA1

                                      d31fe32470bd3cd68579678ccf2e46f19a32a5a7

                                      SHA256

                                      53c549c7ea12de4d4ae3e8937617547ea4b6374fe482c0471fc531e74d66d8c6

                                      SHA512

                                      488be3413c81080d85c2deedce3b16153764ec96db190a04d77f7ea1b65c17c4d38a16978ef2ef48831a6c94bdc12dd7122ef41d80620e4c52432e1211cc3091

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      e67288be04afd611cf795ddcbb9c878e

                                      SHA1

                                      30792c118c76c9f3d79bb417c7f557ffe4095a8e

                                      SHA256

                                      7edb8cbf899b14b5af0ef5847cecfcbbcc7cb57472949da1063331eb2e7f0cc3

                                      SHA512

                                      ea24331f3e039eb843f49a51005b31f29af7c41f96f67395002860da9c5486b0cf67d38e1b761cd270d098e2f04193eacf9cc911f1af089cc8d54381c1807961

                                      Download Submit