Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28/02/2024, 04:23
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://h/
Resource
win10v2004-20240226-en
General
-
Target
http://h/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4012 msedge.exe 4012 msedge.exe 4296 msedge.exe 4296 msedge.exe 3396 identity_helper.exe 3396 identity_helper.exe 3452 msedge.exe 3452 msedge.exe 3452 msedge.exe 3452 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe 4296 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4296 wrote to memory of 1072 4296 msedge.exe 22 PID 4296 wrote to memory of 1072 4296 msedge.exe 22 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 3656 4296 msedge.exe 88 PID 4296 wrote to memory of 4012 4296 msedge.exe 89 PID 4296 wrote to memory of 4012 4296 msedge.exe 89 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90 PID 4296 wrote to memory of 3056 4296 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://h/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4296 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff980ab46f8,0x7ff980ab4708,0x7ff980ab47182⤵PID:1072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:2852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:12⤵PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:82⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:1724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵PID:1088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:12⤵PID:2192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1616 /prefetch:12⤵PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:12⤵PID:2868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14363379625645466350,12318689470890731216,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3164 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3452
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4404
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
Filesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
Filesize
6KB
MD565e6fbdf610347f64399af1f2fb90cfb
SHA1577f05815a622188eca63835e75738cd13d6ab3a
SHA2564699b67ac373ef4c87dda4245a29f6904af6b192f05d8e0b50b0faa3f6e004b6
SHA51201f4ddce816d39aef0ba94a2ce8e5c08c188cad10d10d2a818e78230d8057b447d03edf97b6fc3adae11075b99e9a7ab98428703be5dcf3664df6423c7689ce5
-
Filesize
6KB
MD567d8a8ec52380e7271b3685390e0ab0e
SHA1dc5624ca7da3adb85413350bd0f529ab02284364
SHA2563d900d48e3f78499e45a4f9a916de34b6a475f120d747313b8af10c6471f2898
SHA51276373db9544d33a3084917786614c145e8113ab50861b2cda371f2f9cea64a6b259f7847bf50291d49182f46322306a0a8dfbea6b70f034f297afb7411ac904d
-
Filesize
6KB
MD5b28b673b7f1ee2ddc567a47539ee7419
SHA1689d8f2dcf75e9dda19ec1aa93e1d22874789bed
SHA256c249a994edbd038b1f3d8252995611d54efe77e86b347cf7d6d4e54ad8c3c569
SHA5129671943bf40a17afd1cd065c52bc6af7235b5f5dcf83839d8cded080c6c0f6c2205acde6c101286dfa7be5981f435f6dacae95c3e3d558689e87f734aa5f45d5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5689ef830ca91683738560d9fa5d71dc9
SHA1d74866a6e1dcd112b9350f6701aaad66d836c454
SHA2566d7e976778024d06627e25bff675c17fe456c7c230946f268071c3b9a30f4ca9
SHA51208891cecb09f661d135246fc2578649f4a8f71021e5db0ea4ab7b5cf55ddeb57f1bbf5dfda8da92e818d9335f6bd02bf94422d21993ae30363902f0365ba4a17