Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
60s -
max time network
61s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
08/03/2024, 11:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cutt.us/premium-user
Resource
win10v2004-20240226-en
General
-
Target
https://cutt.us/premium-user
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-399997616-3400990511-967324271-1000\{151EFA25-7522-413C-8588-2963156C7955} msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2676 msedge.exe 2676 msedge.exe 1396 msedge.exe 1396 msedge.exe 4644 identity_helper.exe 4644 identity_helper.exe 6116 msedge.exe 6116 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1396 wrote to memory of 3372 1396 msedge.exe 88 PID 1396 wrote to memory of 3372 1396 msedge.exe 88 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 4320 1396 msedge.exe 89 PID 1396 wrote to memory of 2676 1396 msedge.exe 90 PID 1396 wrote to memory of 2676 1396 msedge.exe 90 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91 PID 1396 wrote to memory of 4996 1396 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cutt.us/premium-user1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1396 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbce1d46f8,0x7ffbce1d4708,0x7ffbce1d47182⤵PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1928 /prefetch:22⤵PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵PID:3464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:12⤵PID:5960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:12⤵PID:5968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3496 /prefetch:82⤵PID:6140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:5204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵PID:5228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:5516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:12⤵PID:5716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2444 /prefetch:82⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5736 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:6116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3461847259661154604,6756849050324415068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:12⤵PID:4292
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1608
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3028
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD547b2c6613360b818825d076d14c051f7
SHA17df7304568313a06540f490bf3305cb89bc03e5c
SHA25647a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac
SHA51208d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac
-
Filesize
152B
MD5e0811105475d528ab174dfdb69f935f3
SHA1dd9689f0f70a07b4e6fb29607e42d2d5faf1f516
SHA256c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c
SHA5128374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852
-
Filesize
6KB
MD5309aa24e14d8291dcae18fe6125fe841
SHA1c725b6f56d4ff3f21dcde36472c05a3eb940f930
SHA2562f795168e402ae80fba917b30e8734e101d8c7d79ed772007aac5e129253b560
SHA512445f74f7bf27e3949faeff9044b4545ed1619831ecd8dcc2dbb33f9509ac69191b955899cbf82dccad40e3a9100e98b977b4e30dcad687637d2666c77eaaae16
-
Filesize
6KB
MD5c12c186e334a56c36043b0619d01f351
SHA124ebf87ee63043c7fbeb8cc8a4cbd7ab300da25a
SHA2569fc8ddebe4fe5ee9e9dcf7c20122303d971832a8503a4632b5ee5bfc426c9fe4
SHA512eb947ed13c15237fce04b72db12b0e347aafa709c8a656291121a354af538b8ef5d7ee2ca9625f9fbe22996bbfcc1c38f46541881d6612ef9e83de21abc50917
-
Filesize
7KB
MD52770077ebe424881155f79aa196c322d
SHA158ed915ab8f708a5222fed01ee314a781938ea92
SHA256ad58799f02e1d278e0fb54b42a66a647f7f98e9f2133a8b9a6057edfa82babed
SHA5127f21006575db0bb75f036fd6cc413bd01dbf69e0da62359ef8963fdc59fba0d2091d20eb0eb4014a69e9f6a06f12867d20528df520e085026a22922e5caf08e9
-
Filesize
6KB
MD5177130d4898c3421243eaacde89b9bef
SHA10b91929967a286ea72df4b940cb0906a185d3902
SHA256782ea36ff54414c95d69ab46ffe620669aefb64b6b6c70951226650ef6d136f2
SHA512d8b98559cf7d2cdc27441ac3fe657419cbe40d63ef347a630926038a1afd2722769593bd713b5682032a4c0fc3d83273bdcb802d419a564312a77e59c14d5a9e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD554489fbb4da1e28dffd4b83fa64bd94e
SHA1c5a08982124252bf4084575e5877a03298e00fd6
SHA2563b5406700eb72c9e08bd0849339033a51d978d4179ca8d7849f952037142c8d6
SHA512a376eb08fa6babf69932cacd5c129ff022101b1b629d6d15bbc1a729a13666de56226fe7dabb13c522c96aa1e552dece58a4a8ab7f49955a5854e64c73f45339
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84