Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/03/2024, 19:07
Static task
static1
Behavioral task
behavioral1
Sample
b57397c68a89429f4099157661ed67bc.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b57397c68a89429f4099157661ed67bc.html
Resource
win10v2004-20240226-en
General
-
Target
b57397c68a89429f4099157661ed67bc.html
-
Size
42KB
-
MD5
b57397c68a89429f4099157661ed67bc
-
SHA1
8f39251857d80408beff31befb0403b3b43da937
-
SHA256
d0bb96d80b7592b6d9ea58c51c0fff6815765dcd4cbc39a34db8c46e644205e8
-
SHA512
fa03ff7533a137cdc7d544d5c2927a03393d23642014373f2c38aeb75c7108b228083c93ab7643928cf4b03f16becb6193d7ed790a993fe5fa9ff7c98b768dfd
-
SSDEEP
384:xQ60hakxPX8EpXqA6hscEtIqHY8a4pacp0SUeVEq0ryZP9YooS3wnDc+UT:xQLa8MyI8Facp0SUeVEq0ry59Jwn9A
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1812 msedge.exe 1812 msedge.exe 3940 msedge.exe 3940 msedge.exe 1708 identity_helper.exe 1708 identity_helper.exe 4960 msedge.exe 4960 msedge.exe 4960 msedge.exe 4960 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3940 wrote to memory of 3652 3940 msedge.exe 88 PID 3940 wrote to memory of 3652 3940 msedge.exe 88 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1068 3940 msedge.exe 89 PID 3940 wrote to memory of 1812 3940 msedge.exe 90 PID 3940 wrote to memory of 1812 3940 msedge.exe 90 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91 PID 3940 wrote to memory of 1124 3940 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b57397c68a89429f4099157661ed67bc.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3940 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd7c246f8,0x7ffcd7c24708,0x7ffcd7c247182⤵PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,11209637897922034357,1678619487303337357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:22⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,11209637897922034357,1678619487303337357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,11209637897922034357,1678619487303337357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:82⤵PID:1124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,11209637897922034357,1678619487303337357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,11209637897922034357,1678619487303337357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,11209637897922034357,1678619487303337357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:82⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,11209637897922034357,1678619487303337357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,11209637897922034357,1678619487303337357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,11209637897922034357,1678619487303337357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:4672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,11209637897922034357,1678619487303337357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:12⤵PID:5240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,11209637897922034357,1678619487303337357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:5248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,11209637897922034357,1678619487303337357,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4960
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3328
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2836
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD547b2c6613360b818825d076d14c051f7
SHA17df7304568313a06540f490bf3305cb89bc03e5c
SHA25647a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac
SHA51208d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac
-
Filesize
152B
MD5e0811105475d528ab174dfdb69f935f3
SHA1dd9689f0f70a07b4e6fb29607e42d2d5faf1f516
SHA256c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c
SHA5128374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852
-
Filesize
184B
MD545996eb12c5b1a531a2d9a3f56b913ff
SHA1c61935c0ab773fc8ca70f30b06620bd6e304c092
SHA2569f1f531b5d1eb3c957e2a57f0d59533bd7bb5da6f59e230b70b1e942e6dcca33
SHA51206455d33c060be6c22db298dfd4585f15d853d471e7ebee67e35c7fd2526261e400ca536cc3e3b3acf32175ea3b8ed41ee1c0e5bd3fa811e0217d1a078af42da
-
Filesize
6KB
MD591a4d89e22c37b0620fd568f75b62014
SHA192d2aad8d7c6f237995d9ad089334f4039578a58
SHA256776627fa492c5fa1a7499ee0267588550fe586e3469aaf14210b5fc739f887d8
SHA5129e79db92f11d2932e0e7454a0daf470d1b8df67a48f87da86635ed163083e60ee2a00f81c332e2bd15a0a6d3e51c9e3ca8690d5e3fb4518da9c699af1cdaafd4
-
Filesize
6KB
MD5c03818b49b5384348fff87ffeb9f65b1
SHA1c13ddc3372b117cc7e6346a8770b21a6d5fb5034
SHA2562b6464ed267385529da465c502d7a42017a0aecb8a339e3818bbe41bec1bdc19
SHA512434475e6e490d623e255bd7f801ebb56a29e174bcdbb1f4eff83c6144db816a2215f8de2603a1f3d049fccd16ad6b683bdaf44e4aad0749042b67f3f1bfe40e6
-
Filesize
6KB
MD5a89223e6b29aae0d719bf1a5c7e84b9c
SHA181ba0b6932552b4096fab3481f587de135a45576
SHA2562871da3b1fa6f33ef15d43656aed6c3ebb509f3703d2875cb5a37bf85bb0a739
SHA512e0c1c0944f386132a386135aa9090b04d7d0228bf072a4adf4f0906be784a215a7b8c67e9e10916f4bb6b8908c10c49c99f6c678fe16d76fa9706ea5af41a4d4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5017aa7df068e73fbacfe1cc964ebf3c2
SHA1da7f99104f2c67c1de7527cd20952af55c2da6c8
SHA256ff4e5c361ffaa86383e8fb980e4dc7723f738e75e08825765af3c40344a1b7c6
SHA512d79d9dfe0d40c55a8a6188a159da2fbafa7b574d040e9d286a1597b8e7a640bbdd34e762d5ed32f8292211a4d70c6fa26cd13438101b164932f3d54703ea70c7