Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
158s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28/02/2024, 15:50
Static task
static1
Behavioral task
behavioral1
Sample
ac421e5cdbaf0f31a68776078632c156.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ac421e5cdbaf0f31a68776078632c156.html
Resource
win10v2004-20240226-en
General
-
Target
ac421e5cdbaf0f31a68776078632c156.html
-
Size
30KB
-
MD5
ac421e5cdbaf0f31a68776078632c156
-
SHA1
8a2602f39fe8b2aaf37dbc6910a7350b8a23703d
-
SHA256
1938f47374c552929158341f4dfcb0b958f15e88011078d44f172a6ae1595822
-
SHA512
25630e65b7eab4c005516aa4c21d88cc03f1d3ccb4346e61ba512a7f2685d614c1d43ef009e1bd8e9aaf66ed2be9c8a59722e0086032df865fc55a489ee48c03
-
SSDEEP
192:Fz/OpfGfTWNRn69utcL07FRRyBH4LWHOVtE5hHKuxQJ6PgSeeDA2wUmlmTbugX3S:FKRn6ItUg+HNHRHiJ6jzD7hbugxNq
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2504 msedge.exe 2504 msedge.exe 5008 msedge.exe 5008 msedge.exe 784 identity_helper.exe 784 identity_helper.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe 4872 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5008 wrote to memory of 4288 5008 msedge.exe 86 PID 5008 wrote to memory of 4288 5008 msedge.exe 86 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 4848 5008 msedge.exe 88 PID 5008 wrote to memory of 2504 5008 msedge.exe 89 PID 5008 wrote to memory of 2504 5008 msedge.exe 89 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90 PID 5008 wrote to memory of 3588 5008 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ac421e5cdbaf0f31a68776078632c156.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8419946f8,0x7ff841994708,0x7ff8419947182⤵PID:4288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14173225295181612015,2707533701679961779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,14173225295181612015,2707533701679961779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,14173225295181612015,2707533701679961779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:82⤵PID:3588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14173225295181612015,2707533701679961779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:12⤵PID:1332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14173225295181612015,2707533701679961779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14173225295181612015,2707533701679961779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:12⤵PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14173225295181612015,2707533701679961779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:2932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14173225295181612015,2707533701679961779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14173225295181612015,2707533701679961779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:82⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14173225295181612015,2707533701679961779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14173225295181612015,2707533701679961779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14173225295181612015,2707533701679961779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14173225295181612015,2707533701679961779,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4872
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2440
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4548
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD546277dd2db050f81fffe8c2df799cf7b
SHA1af166b42a35d5a0aaef9087739b73722c5ea3176
SHA256a2730fc00d9e213540cbce86e90690cf8be1187ee2693c30ad7a5a21a5001ca1
SHA51272895aa9b34873657e10bc7a5f227389ffaad4059d53d780d3d715398a8c7d1b864ea6add60817ce2591305fa9ef341145982e3c27f79fb3d287503f9371c7ac
-
Filesize
152B
MD5fd7944a4ff1be37517983ffaf5700b11
SHA1c4287796d78e00969af85b7e16a2d04230961240
SHA256b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74
SHA51228c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b
-
Filesize
152B
MD5a774512b00820b61a51258335097b2c9
SHA138c28d1ea3907a1af6c0443255ab610dd9285095
SHA25601946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4
SHA512ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1
-
Filesize
6KB
MD57a92405fbeb6ee8a7c4c16cb3df66b2a
SHA133d68fbd671f54f5a9e323d622d45ff93289213d
SHA256906d3ed7bf42db03840e79cb92f424b4b01d9f2db7b0b840536ea4cb4e007c0a
SHA512e6edc3e8e74b940931fafd8f88327205521c2b034fa4a24daf9047978440d4df1a7420f53028019a2feef48f671f3f0ede6179eedaf526d4f7542d173ec7e63d
-
Filesize
6KB
MD52268fcf7e8a0128887ee95d9ced324e7
SHA1cda43ca8434dd312f8567aa9829be9ba3bef11ce
SHA25660c6567a8d7489d06dbe3df55c6de4ff995849a3039d47bab2e038b2fc499a4d
SHA5128b8ae2a1a26c622af3a622b9412e074bbb9b6712e0afdef1c8bf68a67adc6c385a0a3956223011de2063ea59ec49390eeea8ed523f0a6ddbc09eef9f8412a786
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5fde80a3a972bef4b6738446c916e7aaf
SHA1e44181a825417c05e3dfff9bcc8a9732ce080e89
SHA256ace6e3009ee2031f8d874f5ddafb7ed9b494d03b88fe68e35592a2d4764935e0
SHA512bba61d9d9d597d562b1652f8f7e8703a4e6d0e22e084097aec7a55ba5042ef5fb393161abbbf4ee6e729b518aba6a143edb672874e1405fc8e82e77ee40273c5