Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
18/01/2024, 03:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://t.ly/Al1dD
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
https://t.ly/Al1dD
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
https://t.ly/Al1dD
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral4
Sample
https://t.ly/Al1dD
Resource
android-x64-20231215-en
Behavioral task
behavioral5
Sample
https://t.ly/Al1dD
Resource
android-x64-arm64-20231215-en
General
-
Target
https://t.ly/Al1dD
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 2848 msedge.exe 2848 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4596 identity_helper.exe 4596 identity_helper.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe 3160 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4776 wrote to memory of 3644 4776 msedge.exe 85 PID 4776 wrote to memory of 3644 4776 msedge.exe 85 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 4880 4776 msedge.exe 87 PID 4776 wrote to memory of 2848 4776 msedge.exe 86 PID 4776 wrote to memory of 2848 4776 msedge.exe 86 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88 PID 4776 wrote to memory of 232 4776 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.ly/Al1dD1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4776 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda0bc46f8,0x7ffda0bc4708,0x7ffda0bc47182⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,9734594947293193571,5141935656589255185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,9734594947293193571,5141935656589255185,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:4880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,9734594947293193571,5141935656589255185,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9734594947293193571,5141935656589255185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9734594947293193571,5141935656589255185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9734594947293193571,5141935656589255185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:12⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,9734594947293193571,5141935656589255185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:82⤵PID:4696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,9734594947293193571,5141935656589255185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9734594947293193571,5141935656589255185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:4256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9734594947293193571,5141935656589255185,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵PID:2832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9734594947293193571,5141935656589255185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9734594947293193571,5141935656589255185,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:12⤵PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,9734594947293193571,5141935656589255185,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5872 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3160
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2424
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD55e77545b7e1c504b2f5ce7c5cc2ce1fe
SHA1d81a6af13cf31fa410b85471e4509124ebeaff7e
SHA256cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11
SHA512cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5e8d9a9e916e3adf516dae61a9bae970c
SHA131a061c2f86962bc753cebf9a01a9c83fbb04b45
SHA25668fd6d8bbd106a388136b79d7220bcac848590cac3b7842eceb149441fb1e0eb
SHA5121edf0f203bbd145c6a4660cfe3fbb718d4fe23b54e9ea0441a25b882b9a029a8115157fbd417d231a8b3f4f758535550f4e6b76929b3d113889b26c59c9f0678
-
Filesize
531B
MD5d1c1bbd4b61a1540dfc064a648c8396a
SHA1fa289ccbd039f657690c72101ec4c4742d4474c6
SHA2563a87a60f5c083394679704d48939ae093017d5fcebb02ecd2a4a6288807369ba
SHA51214eb40be5ce77363082b14a53c67b926167c5035f73a1f2d15b0fb2ea784b56fcae2c9dff3123d28533c6f0385e030e0ef04b8eaf318011302610086a160de20
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD52eb0fbe0e3b57527f7c97166a9dcfd6a
SHA17a2dc6d177f09b976aa5253f825fba84a9d7ed95
SHA256041d08d98a8d46ea1657d890e09c40c7cfa2d743f328cbc12f98fdf1c1acd7a6
SHA5120663d7ab4aaf20bce177d22daf311b324e359de53290e51491d07bcae83fe6c8d4b38c9846100d6a94a010ebf7fac223ae8c6cb952af19fc1a6c929333287391
-
Filesize
5KB
MD5bbc00dd1e14c4472c2bb6d14eed34aec
SHA1c6e8feda163a78753e2dc404cbdb2153efb07518
SHA256af26f68c07407d295ec7c2da4d9d315b56c6f95ee7da7321d4b852ac06080a6b
SHA51207ed18aab5a37f54fb3b38b0ba65fc3e974ee7bbbd33124a6bda28bee89c0a8cb3227326889f4411b57e95983937ecb6b238d875298ab03b61cf6cbe6184630b
-
Filesize
24KB
MD56db2d2ceb22a030bd1caa72b32cfbf98
SHA1fe50f35e60f88624a28b93b8a76be1377957618b
SHA2567b22b0b16088ab7f7d6f938d7cfe9ae807856662ce3a63e7de6c8107186853e4
SHA512d5a67a394003f559c98e1a1e9e31c2d473d04cc075b08bb0aab115ce42744da536895df2cec73fa54fc36f38d38e4906680cfacfbf4698ee925f1609fbb07912
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD528612a514795b54cb565fb7726012332
SHA1b336b29d887bf6f6e5aa12c017b01f771bebcb1f
SHA2567f6541cb4d34e06cdcbf844b1f8840e6f712a7e151f66e22b7763506aa3da25b
SHA512891079e92400778c7f0f40f06958ca9c2ba5587eca60b610a378a5759c21087cd126425c56ecc670796ca43e26b597abcc4af81b70a73ca14a0338d4b9a57a62