Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
587s -
max time network
598s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07/03/2024, 18:16
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/o6d6l9f711xfxg1/Image-Line+FL+Studio+Producer+Edition+v20.9.2+2963+Rev2.zip/file
Resource
win10v2004-20240226-en
General
-
Target
https://www.mediafire.com/file/o6d6l9f711xfxg1/Image-Line+FL+Studio+Producer+Edition+v20.9.2+2963+Rev2.zip/file
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4356 msedge.exe 4356 msedge.exe 4248 msedge.exe 4248 msedge.exe 1856 identity_helper.exe 1856 identity_helper.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe 4100 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 5444 svchost.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe 4248 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4248 wrote to memory of 2700 4248 msedge.exe 88 PID 4248 wrote to memory of 2700 4248 msedge.exe 88 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 1580 4248 msedge.exe 89 PID 4248 wrote to memory of 4356 4248 msedge.exe 90 PID 4248 wrote to memory of 4356 4248 msedge.exe 90 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91 PID 4248 wrote to memory of 2396 4248 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/o6d6l9f711xfxg1/Image-Line+FL+Studio+Producer+Edition+v20.9.2+2963+Rev2.zip/file1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4248 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff875df46f8,0x7ff875df4708,0x7ff875df47182⤵PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:1580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:82⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:2604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:82⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵PID:5348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵PID:5356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2008997448591722072,17864720122908581376,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5076 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4100
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2560
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4924
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:5644
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5444
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD547b2c6613360b818825d076d14c051f7
SHA17df7304568313a06540f490bf3305cb89bc03e5c
SHA25647a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac
SHA51208d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac
-
Filesize
152B
MD5e0811105475d528ab174dfdb69f935f3
SHA1dd9689f0f70a07b4e6fb29607e42d2d5faf1f516
SHA256c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c
SHA5128374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD58edeb42786e85931a905069058e08876
SHA183ca9965f265c7eb8d917ec6a9d69aea0d58f36d
SHA2567c7862af8cd8c1feed112e13a160f3a5c6851ef830934e10fd71239ad02cae44
SHA512e30ed8d4d8b7977153ae1fd85f274f0c13a70629b0b290ef71fac87227e8ca17d3c8de20b458a839c2ca084493511df1204e17d049c7dd9ad9c4334d9ec1416a
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5318ff2b5f8beca84855cc53b792659fb
SHA1b3a88412dee4cff64ea4e3ade44cc2472c6a47f3
SHA256765b2e30e4237a22da175548b6307a64d9bc364d4b929f8cc85ab6b977ec04e7
SHA512306c347264cdd79365145c420161e46128ebb9c62834989dda27bbba84f8338181e8b8f25d0952a2cbe647ff67e222ba8d820315a8191b296269c54307a40000
-
Filesize
6KB
MD51dc8fd5dc82129ad00577471b5820ab8
SHA1913dcfbaef419989685014b823da0642494eb6d8
SHA256284612ad0106dedd1b82b78059a6cc79d2fffc6110317e9988a0a9909cb30a70
SHA5122228d28be6cf29ac13cf0635e891ca94d2fe02f4f25bd98c82e3abf18e34720823b644cef59ccdf609c28f4d4f43250dd2f8d9febbd17bd6a3264c1de7582573
-
Filesize
8KB
MD5ca50aed274739185eec5ab8d1da056c4
SHA1843f248e8330d3e503abfd228e488032522d93a9
SHA25693a6c44a3b1e0a65827c49e7380af3993fb2e0309d3deba0536a3cdc2fba804d
SHA512a78427e15822405c01431202f051742a63b9e9d8d9ec095a7fc664c73ec34d93d66b1393a0e99c8d45168c12198e78832a7ffbf15d0497e53bc13516fa816936
-
Filesize
8KB
MD53f28e044cdc0d7a881661f887188399f
SHA1cd069db3be22d0d4d5bc6f07a182072de1351f00
SHA256e8189e608546028e7c9dfd06a5123d6e1590a601197c0e8e8f87a588db45f2c7
SHA512fd57b66fe4f19b8fad74044e928a4448583242af240e28f7bc8b1f571e3daf369a3904f2801b9ca7e9f287f1691c902303356014cf96d9512db99bd9051e67da
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52f04bd86fa5a29c091f480b5a0ab8449
SHA117ad71001216c59bb20bf7d423391fd86436f6e0
SHA256f95ed5f54a4c4fcecc0be25ab2ddfb50c32158ed7fb691d7c7dcee67f75d48f8
SHA512787305a751fddc32f6d4f698ca7431fe41f9bc874445eb4930e94cd015c868a911c82bbb3f07e0ca199b9ad4cd94add0ca5632caf23f526e63f506d0ef7fc4a2