Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12/02/2024, 21:19
Static task
static1
Behavioral task
behavioral1
Sample
97a0fe50a5be83ccd1b29e396c928f91.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
97a0fe50a5be83ccd1b29e396c928f91.html
Resource
win10v2004-20231215-en
General
-
Target
97a0fe50a5be83ccd1b29e396c928f91.html
-
Size
43KB
-
MD5
97a0fe50a5be83ccd1b29e396c928f91
-
SHA1
b39c5c2fa35a016b5ddea56b5c6b5808a9dde12a
-
SHA256
37386acd02d4a875d46c29c5b7462e82e33e16e823047624a19e72b32d554e2c
-
SHA512
04cc4e78816dc463e7ae77155fe62f39d23aa9e3c7c73cd55bad4314c4c0ee2c92496eded861d71bb61635c7259a91e1116ec29f82ac7c99eadf61e82b2465c4
-
SSDEEP
768:pIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIoKZgNDfIwIGI5IVJ7SI1FP:pIRIOITIwIgIiKZgNDfIwIGI5IVJ7Sqb
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1696 msedge.exe 1696 msedge.exe 3364 msedge.exe 3364 msedge.exe 3564 identity_helper.exe 3564 identity_helper.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe 3264 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3364 wrote to memory of 4952 3364 msedge.exe 84 PID 3364 wrote to memory of 4952 3364 msedge.exe 84 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1180 3364 msedge.exe 87 PID 3364 wrote to memory of 1696 3364 msedge.exe 85 PID 3364 wrote to memory of 1696 3364 msedge.exe 85 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86 PID 3364 wrote to memory of 1888 3364 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\97a0fe50a5be83ccd1b29e396c928f91.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfbeb46f8,0x7ffcfbeb4708,0x7ffcfbeb47182⤵PID:4952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,12295473619190033606,4913804034074758901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,12295473619190033606,4913804034074758901,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:82⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12295473619190033606,4913804034074758901,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:1180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12295473619190033606,4913804034074758901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:12⤵PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12295473619190033606,4913804034074758901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12295473619190033606,4913804034074758901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:82⤵PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12295473619190033606,4913804034074758901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12295473619190033606,4913804034074758901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:4724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12295473619190033606,4913804034074758901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12295473619190033606,4913804034074758901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:12⤵PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12295473619190033606,4913804034074758901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12295473619190033606,4913804034074758901,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3264
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1012
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4020
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57a5862a0ca86c0a4e8e0b30261858e1f
SHA1ee490d28e155806d255e0f17be72509be750bf97
SHA25692b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b
SHA5120089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe
-
Filesize
308B
MD5f27237ce0be181f095193131439304dd
SHA1c0c92a9d5db31aaba054b46783d34c400f2c16a8
SHA2567d92d022517f9c73068ded0fd6c4699dc6ec589b7cd0879239304689d5c20749
SHA512d240923374f85291543933012023cc9925cab2e35d7d6df8a1c26621488e39b7fa5f73bd3f0c44d842ac8ffec5a743a5f858cb76916612045f222041f41b5218
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD549ca905be01ec389387b071b269f0cae
SHA1a36fbb702fddc78187ef2da38184c605edc1aeac
SHA256012da4580e8b322e8561d9730c46506ecce855b772cead53ecee678d2d1d14ca
SHA512cfcfba17da3aad418e53c1a9f71afb8fd121c465b865dc3022988fd6f637fdc2af5cdd63ae88c1f075f174699088d36ea9e2af8b576ed5ec311ad61c69d55244
-
Filesize
5KB
MD57ecb97a155c54dfb311cfe3e784129cf
SHA18d7072b4a9fae8dbc6f91690e18255c08972f9c8
SHA256211617885b6faf34fb8ee95df396246c27360e9b07a1e5f3cd55ebc2dfc672e6
SHA512a6d755e04e693c8f320dea6e3fb13a5fec800b2bae5e49f103d699fa21c21d4efa413c528d160a7575c0f9f14ab621f8c7111345beaeeaf7379c3884b7beaf16
-
Filesize
5KB
MD53543dda6837df305f04c9f63b89c81d3
SHA14657ff749ba68d8f872746fc85c07a839153d5a1
SHA256615d6099910f59cf44097fa55f63f736ca01a3837c458f651ec2282976f75b18
SHA5127b5f949825ee50db1f4a0a17e6a5c666077949400b3be29aea348f9d758edb01a3d0febb2aee4f9778051635f37c7021c19a9887319ea7c3bc459005a9a574f4
-
Filesize
24KB
MD552826cef6409f67b78148b75e442b5ea
SHA1a675db110aae767f5910511751cc3992cddcc393
SHA25698fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb
SHA512f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD54ca5e6304ae23eeac18bd82c693ef3ed
SHA1d143ce0c969abd111e6875762ab67ff797ef0b14
SHA2562a117efd4108d09f284a1952969bfd88f420aff3583624d73ce2ce71b1a2aa1e
SHA512efce3a1a6fa9e0d2895588bd67895f6baba9972afe48b8354c2d32c057074b43fba0abc622fffa4dff32c1e56f837d9e1715ec8a62ad7252874510294b3ab54c