Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
08/03/2024, 09:09
Static task
static1
Behavioral task
behavioral1
Sample
bade073cbb25e5a0ab71071850859c31.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bade073cbb25e5a0ab71071850859c31.html
Resource
win10v2004-20240226-en
General
-
Target
bade073cbb25e5a0ab71071850859c31.html
-
Size
90KB
-
MD5
bade073cbb25e5a0ab71071850859c31
-
SHA1
7f5412655cd5175eecd84fe7b4dd551035be14ee
-
SHA256
965636a5456eeece242b461a5c7cac34279dce1ae182fdcbd0d1d658207ef842
-
SHA512
a831e2f5994e7f49838a9727c998e5cbe1f81f2da13e28707d2265823cadb6b191e7f026a97d56439184c2ddaeff3824271f16f0f573769471e304a8832b58fb
-
SSDEEP
1536:A8jMLv9KqSJkXg6UdreYLX47BiWOXC+XbAEYLiY0POiqxMNEW4MN+ZB:H4Lvm6UfLoti+0AxDMN+ZB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4584 msedge.exe 4584 msedge.exe 2360 msedge.exe 2360 msedge.exe 2780 identity_helper.exe 2780 identity_helper.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2360 wrote to memory of 3232 2360 msedge.exe 88 PID 2360 wrote to memory of 3232 2360 msedge.exe 88 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 2800 2360 msedge.exe 89 PID 2360 wrote to memory of 4584 2360 msedge.exe 90 PID 2360 wrote to memory of 4584 2360 msedge.exe 90 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91 PID 2360 wrote to memory of 4640 2360 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bade073cbb25e5a0ab71071850859c31.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2360 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2d6246f8,0x7ffc2d624708,0x7ffc2d6247182⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:2800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:4696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:2868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:12⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:82⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:12⤵PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:3688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7401943683058820922,17386884992155484378,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1304 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4456
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:876
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
Filesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD569a3832cc90c292597fbc5daf4ef8e52
SHA1449071ba6181f7e6f3e8a8d02a8f9fbaa1da05d5
SHA256ae659c14cf1aa98d67521e8d878ef7bccc6c47cfe76dfb0d97089000dfa26fb4
SHA512a2bda2a0a1c01234c2861ead2188d565089b25aa40393932e1efe7daa749e979796063339e364530b74e690f078821f253aba2c3e2d9fd9cf45d325b0eccbe52
-
Filesize
2KB
MD5a9e7040eb20b7b35d803e297768a8f97
SHA16e76b656e09048d82eea180d3069a6858efa5bc8
SHA256a120cdbe98185ee5a0b3e0b99dddd80e0ff32a4d60668d281d4dd8a46cf79057
SHA5127e1776b66cffb9461fc8aca02ee07d51d38766deff042ef97403a3ba3cc0c5fbfaf48b5679f9676681b05b0fe7465aac547693ffff57e93876d1d4711d3abe1b
-
Filesize
6KB
MD5f48a8124a46fb536ef20ebd53925e869
SHA1a23abc4f93db29ea7327bb3623635da7070afc69
SHA2569aac85a539e73c05022073d26c672418e9ec467d00a97b10c720428c98275ef6
SHA51236f90af762c4545133851be616e3837d588eb93eeef0514bc685750976ac88e8689937deed399a4ff8223fa05ec883f1cde644677ebfe73552699b4b3bff118d
-
Filesize
7KB
MD5373cb2f038d3a70b93a706110da165da
SHA1f510692da96c0c2748d4d77f5edc9542d77350a7
SHA2565bfb3ba465583a938c2f5101b580225050e8acfd895b1b01675524eca34f1097
SHA5126d05503e805411aafaada2a4486590a2ea601c357e375e7950f2228266013443f8ee25f03af7544af2949dbfd17ccb7ad1e8ec7510d4217b876e57b5fb759826
-
Filesize
7KB
MD5599c203276e78b79393d26415a38b76e
SHA1981ef218c37e7ce969374318a1d96532f1e9e691
SHA256a73e86cce78ae4a7fdf22cf5377e727ed9a542bbf5f3f4ebd8086e626a667dc1
SHA51279d570d3f666831e58d2694d1f9866082ef57f424958f4b4103d6dc8fc06c5fd5653ef1fb5f0ef20d571e49c1b47f46e05ae8797b0f5d5b1d36a40ceba0ed206
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53d58b40694b068c4764ff2783e45b7ce
SHA15111223eed058961be604651ddddc9378af1482a
SHA256b9aff199a9be6822fb9c16f13eb55c9ae4f0a02c4a309c2e2256a9633ba4d46e
SHA5129419612422239e1d33892faade723db87c24e5b9dfcc80dc9b18a44895f3e2bc3cbe9d73086f0af5e33f6a8779c60a448efe7429550ef1730525c07ba6b2db0e