Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
181s -
max time network
209s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25/02/2024, 10:02
Static task
static1
Behavioral task
behavioral1
Sample
a38086316f57c95c0fdbdf5a5cdb5ec3.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a38086316f57c95c0fdbdf5a5cdb5ec3.html
Resource
win10v2004-20240221-en
General
-
Target
a38086316f57c95c0fdbdf5a5cdb5ec3.html
-
Size
3.5MB
-
MD5
a38086316f57c95c0fdbdf5a5cdb5ec3
-
SHA1
1f99b0166e596c0934d121bdc45f280890d36245
-
SHA256
abc256a54944ce94d6f1be060b6171f8737250a80d82d78156d913051b5201b5
-
SHA512
e92f56e7c254a936ce9996eae0f1633b579e0ac38ea07369d8b765d064a7164b193d61ac9d0e3603f2a2837e0afcba97451115c1893bb91fc31a348ea637c161
-
SSDEEP
12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NS2:jvpjte4tT642
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4200 msedge.exe 4200 msedge.exe 264 msedge.exe 264 msedge.exe 2640 identity_helper.exe 2640 identity_helper.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe 264 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 264 wrote to memory of 2280 264 msedge.exe 85 PID 264 wrote to memory of 2280 264 msedge.exe 85 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4016 264 msedge.exe 90 PID 264 wrote to memory of 4200 264 msedge.exe 89 PID 264 wrote to memory of 4200 264 msedge.exe 89 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92 PID 264 wrote to memory of 1872 264 msedge.exe 92
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a38086316f57c95c0fdbdf5a5cdb5ec3.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:264 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9c2846f8,0x7ffd9c284708,0x7ffd9c2847182⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3032 /prefetch:82⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:12⤵PID:3552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:82⤵PID:4708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2920 /prefetch:12⤵PID:488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2608 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3992
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2224
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5096
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f4db60c9bb06ea5452df26771fa873ac
SHA1c118183a1315a285606f81da05fc19367a2cdfe1
SHA256f168242e74bfde18bacb9e18945a39bb447188eba916c7adf0f342ed8d82281e
SHA512180ed98f9d5a14a22687a099c4a0ba6b586610f7b8b4c8de89f3b91713b07a2ef3726fcd318cb4e270b1745213b898037d29cca4b490d0c91833b797d69ac406
-
Filesize
152B
MD5f5b0bf4edca2187f7715ddd49777a1b2
SHA1eb78099013d0894a11c48d496f48973585f0c7c0
SHA256562016f9159ef363fcbe62ed13ee26052b31d4f67dc5ea6d60864a7d5dfa50a1
SHA5121039b98cffd32ca4c9e37486b96e01b167d76b19dd8440a21da4932d677c463f4c5ce2260239e8337f59bd61ff3111905e23ab71d3ca5b20e7d2935fea7952c9
-
Filesize
981B
MD5e63154b268f331b54cc2a5f75e4aa57b
SHA16660407bfecf324fbeaee2cf917be753547ed821
SHA256f8098dd5b034be638bd2b7a26dfc11e2139c1a7ff2f4719f685005255209262d
SHA5125cdf17cb93fa91067b9a09f73a2be062a9242daad55f44236562a15d5090a7799bcda670076382712af2009389326d332394c59976529538b40076cf9f41ce1c
-
Filesize
6KB
MD57ef3a59aef9463ed88d88b77750781e8
SHA172b68d3a4d93418bd5b49cb7cc4c8e86e8ae5748
SHA256ec2877f65d36981414d51ebc73b3923fd624deb6484162491ee4f93710fb50ba
SHA512f4fd8caeb5d0a7a0cb37c074fb84f41f19b76711a01d06a6a048c7e896d2e35981756698415f32d085dc4ffc047fe940a5c5a39e5b3af427f1d7648e74c5e9e6
-
Filesize
6KB
MD5d9ccd25b6682facf82e3561b8eb1c169
SHA1e7188be2ecab814b67e6b1d22dcddaa4c0563955
SHA256cae84c16da6ab5ae6c6ad97eda3ae29bed94f4094904d64b7a91e4695174f405
SHA5124b487ed162ce975f8adc63f33e0365b30a190bb91a93f1c8bb660dcf9a34523a34bf0720eed2ef7e8293b09172f80fd3fdfa12945a7ee8142d59f212f9a3c9c6
-
Filesize
6KB
MD50a498347923eaf957151fb36b6bacae7
SHA1812ba869aaaac8cba27d2b280b04296bd6d1f947
SHA256218552cb4ba37cf6533d88e76dcadbad4add16c142f1cf7c2c4bc43207f4fe51
SHA51290fe7fec890d37ee76b6998c3d72daf1a678f3a2f40d80f77e46dedf5a01b7e142311861e1dfd1dca64a467bff943931e090254c6b9ea66a7f21c357b06a8452
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d7ddbd5fe27efcc52ed160093b9bb6ae
SHA177fb2e2d0614005c9cbfc35686dda4a2630b27f2
SHA25691cc27e68ba0e0d5ab0e5e49445475129155b7a151c4118d0295a01e2aca77ee
SHA5128d8915fbcc22029dbb4e66e18f506c03d01ddbb41321cdaca0f5cfd760c2b43046f69678d5ac5f1883b53cf2ff2a27e776d5d3855d98d2938f3b44795cc3789b
-
Filesize
11KB
MD5027f58bb91281e0924fc72d876cf7743
SHA14fc1af29399ad77d1bad281861a71ea8c0543ef6
SHA2569d931d69d33c233ad14a309a932dae0696e4a640a4e9c4bd800842bb8267f2da
SHA51276266bcb2126a9d718dc92e41dff68628d50913c8c0b8fd449238f0cd536c2d8fb3365796e72b1740f88afa80469c7eab912e95a70afffd08c6ce85e596346f0