Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
75s -
max time network
81s -
platform
windows10-2004_x64 -
resource
win10v2004-20231127-en -
resource tags
arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system -
submitted
28/11/2023, 09:57
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://a.storyblok.com/f/99263/x/d124ddccb6/reporting-hotline-poster.pdf
Resource
win10v2004-20231127-en
General
-
Target
https://a.storyblok.com/f/99263/x/d124ddccb6/reporting-hotline-poster.pdf
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4716 msedge.exe 4716 msedge.exe 4756 msedge.exe 4756 msedge.exe 216 identity_helper.exe 216 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4756 wrote to memory of 3800 4756 msedge.exe 55 PID 4756 wrote to memory of 3800 4756 msedge.exe 55 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4328 4756 msedge.exe 85 PID 4756 wrote to memory of 4716 4756 msedge.exe 84 PID 4756 wrote to memory of 4716 4756 msedge.exe 84 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86 PID 4756 wrote to memory of 3392 4756 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://a.storyblok.com/f/99263/x/d124ddccb6/reporting-hotline-poster.pdf1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4756 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff814e346f8,0x7ff814e34708,0x7ff814e347182⤵PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:4328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:3392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵PID:1276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:12⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5252 /prefetch:62⤵PID:2704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:82⤵PID:4188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:2412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:12⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:12⤵PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:12⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:12⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,4071724071360326110,896794659689144253,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:12⤵PID:4412
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2544
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4764
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD5255dae2fc592ab99497db057a72ea965
SHA1e93e12bb1efce138115ddd150790751dd0c49fbd
SHA256eceddfaf2383a3148c782fa0c491f1452d0f8484a2269d6f1580030ed7563f33
SHA5121f93ac674506d948c6cd0637e59cd392bbc197f8a6a933a90510ef2cbaadfccf3ebae3c2c40ce28163bdb797c11d73116806fd36e54d35c2513c17f37cd7cdb1
-
Filesize
152B
MD5a556bb6f129e6bd2dcfb5e29b7483f3c
SHA154f04d95d772d4837334739544f6871c10f24110
SHA256c88e30f34c1dd579de34700a10a25c92e55f09b47be34ef7742a01aea47f222c
SHA512405908519a2b51c42c380ebb160557fb551bbec0c015c7a6fa61acc01eaa32a6ae20895aeaa1879a4aea3b0cc6ec1754d30610a3e343105a0ea4350156a6fb2d
-
Filesize
183B
MD5a1e8b926b04dd153da9ab8ac33654ac9
SHA139c59505d245689a71c00734a1d1d80a3198569a
SHA256bea9598cb7046158289b11c5854bc57ee60ccb5cf702d17596a5d560fb58a6c2
SHA512a587137fdcfa83322fa7e53fc81a5c3b3d0cdc99045540314368ed3cc447e420572ac6e22ba38f5f1c2e699749181495e50fd565d08416d540817dffcd9c10a3
-
Filesize
6KB
MD5d27bf4b0085a6c58c1fbbe2ffe25cfca
SHA1d301f1b0af0efdc0bc0fb2f0d2e857bac8bb7e9d
SHA25696c75d4ee599d9df02e34e0cf99d9a2a8ec51b1cde22357a23c6470ae742baf3
SHA512cf655012b3c61de03d225282f10057869f7c19eb22a653f9465a3fec32b27560fa0c37b10be688c441ab65c035c5f1c33ec32a75472feacbce594e72b8c9b6a7
-
Filesize
5KB
MD569c6e877777c69f3d5265a6c3ff799a6
SHA1c12efdc3801dac19e548ecceebe91ace16dc6fc9
SHA256c61062a6310272cff7671ce3a391a5b2c7ba47c1d85f5b1cbfa56b6b9d58efbe
SHA512b7f061d1abcbdcebd519e59038b9d5d2696b118992e6efd77383d1b9e3f40b886e0d6bcf66c5743d168626dd0914d423d06f0c2545df1cdee29e9276189edddc
-
Filesize
24KB
MD586d84b827f2234a96b50b01e2d6d9aad
SHA19a78ce94f5752de4c213be946e6e396ba8251354
SHA256adf071bbb8fbff2e6d8ffe3101d4adc5d49412715ed14879e1159217bc374a2e
SHA51218675045e063a09e2262611273554aa219dd17bef9c6ccc97d567bbbfd1fa6f1eb5db773b258b5f15d3dc34f233cc6d19a0e87b0b1496400bc717acba1cd0258
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389