Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
156s -
max time network
169s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
09/01/2024, 13:32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://jafisport.com
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
http://jafisport.com
Resource
win10v2004-20231215-en
General
-
Target
http://jafisport.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4580 msedge.exe 4580 msedge.exe 4548 msedge.exe 4548 msedge.exe 3932 identity_helper.exe 3932 identity_helper.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe 4580 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4580 wrote to memory of 4672 4580 msedge.exe 89 PID 4580 wrote to memory of 4672 4580 msedge.exe 89 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4928 4580 msedge.exe 91 PID 4580 wrote to memory of 4548 4580 msedge.exe 90 PID 4580 wrote to memory of 4548 4580 msedge.exe 90 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92 PID 4580 wrote to memory of 1392 4580 msedge.exe 92
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://jafisport.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4580 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff986e146f8,0x7ff986e14708,0x7ff986e147182⤵PID:4672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:1428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:82⤵PID:4880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:1404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:1692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3742495967403427897,7221886412074558752,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2524 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2100
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:816
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4504
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5efc9c7501d0a6db520763baad1e05ce8
SHA160b5e190124b54ff7234bb2e36071d9c8db8545f
SHA2567af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a
SHA512bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD510d8d903e2e96f4d93c771bc8b7b5224
SHA18a7385e93c9c84de1497af10240d8c7d2b72231b
SHA2569d26349c021d00f6b69d3ba7e8e319b6571f2ccb936b6f334a170cbb8fc743e7
SHA512614f36d4114ae09caa556addfa4b2c46bcb62863b0ee3d9b51b55e4a29c624a7f949e30cea55b80412fb1e957eb39f1a654f71fa29dc20d8a85332675622c850
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
649B
MD5f146c0219461185317c56a7a12bb13d0
SHA176ba1722dce7dbf3912f8be393001e191acb3e2e
SHA2563a7a1b37a30ac049be0bee403597652628a78208c3d4af190d9940579059fc4a
SHA512edb46f1c2eda2f252caa5443765c7dd33d8399835470726ff83980dc996c748733095207a20566548f49f9ec114eb349befbc38780be7d750c011dad3b829113
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
5KB
MD59076094c745917b368552c67f4f43b0e
SHA1246ee10da5b5f96c2e6fd66a698a02baa49f82ef
SHA256120e559f9307e44383f271d35edb4649bbe21a8e6b4a4c2bc633850ea8810226
SHA512d844ae781f841c25837d347b9bb3699421d5c06fa7f67b19a4605bf3ffea0f7445721f2760fbfda9fc769a4bd82f4aaa33643c315a544327efb06d90b863cb67
-
Filesize
5KB
MD5462349bffc83e78603cf64ee8c3b288c
SHA1a155e4a15b90900343a4b2477c558d17c373b73f
SHA25640ebefdbb9060853a8be2cf6808e3e495ca99b8b2038ad4fe1bad8944ce6df87
SHA51203538a272eb92295c93da55f5e88f26c63951746b74eb375799b816d62fd5f336ea7c68732a3346d65fda9553dfcb46fe3f042a271dbccd88568416503666341
-
Filesize
5KB
MD5c72b7a92aa92f448411bc63c0f7f9b43
SHA1aad51770c75cab75fec46c72ebae301e6ef964c4
SHA256feb93ca4075d35237248b723bda917f0f9126ab100f4ae9f5a1073c20fbd43ae
SHA5121f18e84d2707019f8b28c50980d3021145600cebc03e99f072f27361b8436ee0939416fc45b1a2ae34cbe26f1b8657689544808bd4e09ef31c249ff9a3ac94d8
-
Filesize
24KB
MD5121510c1483c9de9fdb590c20526ec0a
SHA196443a812fe4d3c522cfdbc9c95155e11939f4e2
SHA256cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c
SHA512b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c23334933872f03afecca9207a8cf0c4
SHA16982006e9193ae63801e231f467c321319cac483
SHA25680ebbeb72d77e394ef37e6b7c686b863c5c48d5a12084d7e55ca7e0e296e41a3
SHA5125a5359f90971c2c94a4f0c09f04137b7968534732824fa11402a8e9925a3f697d2c54c05e3e48c99bfa7da78863e280d19e94c2c00d0f3b3709b009bcd06aa06
-
Filesize
3KB
MD5f1ef69446e1e33ea7aa2a6ae51001c80
SHA142de0287825d76fd19a60a06906c1004e88f20d2
SHA25666366e82af425192e9b8b5c8a7cd1f0d465d52be897bf1f42049f377f6305561
SHA512acb18ebf5e6c087cadd259ec8a5573122407e4253be57790a9dac326cccffe6677d6e0069e795b5a59c31d66cedada5f06a4eea0eb0e489933d0caa9dca56eea