Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1681s -
max time network
1691s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
21/02/2024, 17:36
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240221-en
General
-
Target
sample.html
-
Size
18KB
-
MD5
9942c502136e7b038e802f83d20c3ad2
-
SHA1
ef09bfaa7f7791eb66d238dbe5603a99519c006a
-
SHA256
5e74098c5293e636855b8af94f944a36e810ef492be60dd92dca12af5b3ba575
-
SHA512
0b937548f1122e1ce3314d41a37f13cd49ad325a3051b549389dad63527896b6f0b90758b317063e1e8c23cf0dc16a49e23e6f6450399132aad25f415d3bb767
-
SSDEEP
384:rnSaDpmReVoOs4fN9ylKeGMvU8HhhbXmQ75SN2weUPNVJCBXQL:rtBVoOs4fryI1MXBhbWuzIJQQL
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4428 msedge.exe 4428 msedge.exe 536 msedge.exe 536 msedge.exe 2828 identity_helper.exe 2828 identity_helper.exe 3708 msedge.exe 3708 msedge.exe 3708 msedge.exe 3708 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 536 wrote to memory of 2216 536 msedge.exe 82 PID 536 wrote to memory of 2216 536 msedge.exe 82 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4956 536 msedge.exe 84 PID 536 wrote to memory of 4428 536 msedge.exe 83 PID 536 wrote to memory of 4428 536 msedge.exe 83 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85 PID 536 wrote to memory of 4536 536 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffcd45a46f8,0x7ffcd45a4708,0x7ffcd45a47182⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,15258145791666869077,5086940255086635392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15258145791666869077,5086940255086635392,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,15258145791666869077,5086940255086635392,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15258145791666869077,5086940255086635392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:2748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15258145791666869077,5086940255086635392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:1212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15258145791666869077,5086940255086635392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:82⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15258145791666869077,5086940255086635392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15258145791666869077,5086940255086635392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:2144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15258145791666869077,5086940255086635392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:2580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15258145791666869077,5086940255086635392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15258145791666869077,5086940255086635392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15258145791666869077,5086940255086635392,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3708
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3928
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3472
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD591746379e314b064719e43e3422d0388
SHA165f1a2b5a93922d589142a6edf99b5b35d986dba
SHA2560b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7
SHA512a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808
-
Filesize
152B
MD5ccf8b7b618672b2da2775b890d06c7af
SHA183717bc0ff28b8775a1360ef02882be22e4a5263
SHA256ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420
SHA512eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97
-
Filesize
6KB
MD5c65c8a8703435308f91cfc7033b0f1bb
SHA1d61463851d0488d2278a637a93f75ab106db04da
SHA25671abddbce8ec3c124d2fd92c0ecd1c09d5694560688584f2ef7bc889e692f88a
SHA512f9064304b130931a7e33fad7e0f21d85471f281da5a9bb09de9517ba87604df023e4cc0b537436108a399667679417f6cbdf283b764218f842f07dd835ca97bb
-
Filesize
6KB
MD5cfdfecc1ff5d6313c2cf9f553aedc4da
SHA1675026f52b1f61c067d3688b29c2f88521592562
SHA256b1b2df4413fff3e851d91cb81a2b45a401501f43bbcd6ef7b891f9e79ab3ec06
SHA512de9442ee59c2aff288b0c4b26daad3fce65cf08d42e1015065be4ca6ce26d47f93eb84c623be9daed5325cf28b955e66eb77e762d4686663c3bb40cab4d714ff
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5cc2bcd23e5f1b4b6f793270e9532b0f4
SHA1d055cc67c4795aba9ae3f82ea65ae463ca7afe7c
SHA2564410935c0c077ecfed7c5e0d84c982b4024a478fc3d5be84025349cb863d24c9
SHA512408ab0b90f589a37a94b26c02bba0dc20e7da64b850977962848bd2e65bd1aa127a039f414d9b48b13c024e7a9c69446d10cebdca953df0eb6022ada5a846f87