Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28/02/2024, 13:33
Static task
static1
Behavioral task
behavioral1
Sample
ac00a5935514195e12ebd75b237725a7.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ac00a5935514195e12ebd75b237725a7.html
Resource
win10v2004-20240226-en
General
-
Target
ac00a5935514195e12ebd75b237725a7.html
-
Size
3.5MB
-
MD5
ac00a5935514195e12ebd75b237725a7
-
SHA1
73dacbc556489141bf40df2c988afa426afcaeef
-
SHA256
fb8ecd1fa023705c96e6ccbbb8f0218a93cf09257d2f9dc952ac0cd804140e60
-
SHA512
84b96ebf0e8e9cbc4f84f9b69a568681cc9da8ddc8df90a00629ada373b2203ea0bb67e4d8aa2d53f8f1f35c93a6793dd1ca8f704b9cbdabb7fd58b2711dcdbc
-
SSDEEP
12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Nbw:jvpjte4tT6Bw
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3592 msedge.exe 3592 msedge.exe 4908 msedge.exe 4908 msedge.exe 5068 identity_helper.exe 5068 identity_helper.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4908 wrote to memory of 4732 4908 msedge.exe 82 PID 4908 wrote to memory of 4732 4908 msedge.exe 82 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 1224 4908 msedge.exe 87 PID 4908 wrote to memory of 3592 4908 msedge.exe 89 PID 4908 wrote to memory of 3592 4908 msedge.exe 89 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88 PID 4908 wrote to memory of 4488 4908 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ac00a5935514195e12ebd75b237725a7.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffe9ca746f8,0x7ffe9ca74708,0x7ffe9ca747182⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8612739753215159267,5587702472541109721,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:1224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,8612739753215159267,5587702472541109721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,8612739753215159267,5587702472541109721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8612739753215159267,5587702472541109721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:3728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8612739753215159267,5587702472541109721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:3900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8612739753215159267,5587702472541109721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:82⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8612739753215159267,5587702472541109721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8612739753215159267,5587702472541109721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8612739753215159267,5587702472541109721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:3324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8612739753215159267,5587702472541109721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:2456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8612739753215159267,5587702472541109721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8612739753215159267,5587702472541109721,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5324 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4360
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3692
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1400
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5cbec32729772aa6c576e97df4fef48f5
SHA16ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0
-
Filesize
152B
MD5279e783b0129b64a8529800a88fbf1ee
SHA1204c62ec8cef8467e5729cad52adae293178744f
SHA2563619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA51232730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b
-
Filesize
981B
MD5d2c881c5a35da7854ca8db3ac44fb295
SHA199e3453a5feabcbfcbc75b90e91bbfe339fcb6e4
SHA25672ab4711d64e237571f1fb706e2a817aaf7ccbfd8929990d7828ea5c2ec1fab1
SHA512be7296ad92c4c36deeacb7fd8b29829de2a9f41cbf25929afe9aeb6d4d89f0c9e863765634a9fc6d5540fa7a0aad93b3a871c29356dd9a26647d73e2192cfb73
-
Filesize
6KB
MD5ebb9612f110b0fa2dc28addd1a5e9492
SHA1aa64051f818732ad17ce2db3a2a9b41dc9aa4eed
SHA256739a4258d27c0296d68f6242beadbcbef7d0e2172d679ae1f4e90c71d5e9c9dd
SHA5128af5e7c5a3afe8b9bc451dc2847180e5fd81f41a640b8b0726f325f51aace06f11f7cc899d69d9a6709065c80f14b0f2629dc738501d5d8340aec74010d87c1b
-
Filesize
6KB
MD508c1aba0abed96bb7c5c20e9b6fbc681
SHA1e0696aa2d422deded55a3ed87f8d8123675f333b
SHA2567952f24add34b0d03525b9a565f9b55a3618b0ca5c81ce9dd8ce6535e756fb70
SHA51220407fda16f1f518c825c951fbf85a1fde50c39d8b1530ca27e960a5b201e483745563d8b3d83d3337ddcb7d18a497dcc88018aca30e8921993057f06a680287
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD578da0f00557052a2593b74fbde899cac
SHA1e7a098315679c942d481037944217520e8408551
SHA256c637151f9d3b33c5aeee73cd0526548a01811d6cba237f6571c6f629ca264376
SHA51223139be4af2a34133bd0831dabd2d46d2a5b99b0c8e83e59080fe4d9da94123f8c7e876dd966a56ffc704c2025be565b30c7ac42897b73692df46df730a284a8