Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27/02/2024, 21:37
Static task
static1
Behavioral task
behavioral1
Sample
aa36bf2ccc41a27eff78098937f4fad1.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
aa36bf2ccc41a27eff78098937f4fad1.html
Resource
win10v2004-20240226-en
General
-
Target
aa36bf2ccc41a27eff78098937f4fad1.html
-
Size
42KB
-
MD5
aa36bf2ccc41a27eff78098937f4fad1
-
SHA1
1c17e4d97c0accb7f9179d783d84c6984e2db763
-
SHA256
f1f063601593952c872ed17f56c82e66cd746f4aed06c50c82c1820ec9d291a0
-
SHA512
d0a4a29cbcc43345e286ba6198822394ade77dbcb0d4258f737d23c1a857ee3f877d7674e8812cc494bff1a7474b1d26f9b8c3ae67e81dee2a159998142958d6
-
SSDEEP
768:YuIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7SZWK:/IRIOITIwIgIiKZgNDfIwIGI5IVJ7Sqi
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4848 msedge.exe 4848 msedge.exe 2548 msedge.exe 2548 msedge.exe 3348 identity_helper.exe 3348 identity_helper.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe 2548 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2548 wrote to memory of 2328 2548 msedge.exe 24 PID 2548 wrote to memory of 2328 2548 msedge.exe 24 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 3320 2548 msedge.exe 86 PID 2548 wrote to memory of 4848 2548 msedge.exe 87 PID 2548 wrote to memory of 4848 2548 msedge.exe 87 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88 PID 2548 wrote to memory of 2816 2548 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aa36bf2ccc41a27eff78098937f4fad1.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2548 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc40c746f8,0x7ffc40c74708,0x7ffc40c747182⤵PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:22⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:82⤵PID:2816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:82⤵PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:1696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:3276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵PID:1120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2616
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:388
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4500
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5cbec32729772aa6c576e97df4fef48f5
SHA16ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0
-
Filesize
152B
MD5279e783b0129b64a8529800a88fbf1ee
SHA1204c62ec8cef8467e5729cad52adae293178744f
SHA2563619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA51232730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b
-
Filesize
308B
MD50100acc40db8130a6768b36cafa3a731
SHA18e728373f956078b493a2e2c95b448f54b5d13e3
SHA256cd2678d1554ae7afd0a9568b6bf3438c8c57aca07c851dd34907be38b0ec52c4
SHA512f7852790e4f8d581cd668dd21f65a78004968514691aa993808125508c5e02f31b22bd6e881156ce50b21ad0361f6e18cefbfc4b3f209b132c8641b97b9e5383
-
Filesize
6KB
MD58e0dda8599a02b3e21dd1afde9232c11
SHA178a0260b699ba4a5b1a89485120c6562653694b4
SHA256a1de02717debd0d509a88b0d17e9cb2b6953f5f6bf47b251ed8adc2c82b6ed37
SHA5126dccf7190c1723c3310f140243d682b03cca555d3c4cf3b8668441674c5319ddaab6463845d947edc8187dc13afd8dee25391ea475567d41d56f485ded98844c
-
Filesize
6KB
MD50e6b914c69092f314d8dea2f7889bfe9
SHA1931c59412b68efe02e99e17e27e070496aa04199
SHA256c8ce0eb338f6402206501dc7d36cd6537533b52d8559a3a20312eee246a876d3
SHA512377adff1e32a25eabc96974a5289cc76837b4aa21df31ee836f558016fd623d950356b44980ab16ded04e9364951c2891f37b516073b215f85cd454ead31ead4
-
Filesize
6KB
MD57aefbb39876060a5d10985c0a6d79ae9
SHA1d4cdc22f858b1e15daf50d1fc2ed3f874db6b524
SHA256e63d034f30f8f878dabc7c28f8758ccd1269ad93493d0aeded3e2868a9c7a5d1
SHA512b7aea6c2e0b91323047d50dafff0750c6dbdb3470115931076a9ab02cdbe29b9e88412a12552397ac2462fca9506d8218d2015a9d48826fdb5586792c3e1b16e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5959353abe0b6f054f12444d41e5f9b40
SHA1588c54f6553419ba6351bb30b7663442c3449046
SHA2562117ab269bed76d64964a042762ec010ead6df3a8248d2e2f7d62e9ab8fcd8fd
SHA51240f8a175c4d804c9a37634255de13bb4c48a32be9fbb3b745222522024811d5279098536d53894276e17cdbcdf3164ee19ca77d6d5535f4e5056eb123e61bdff