Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/03/2024, 05:23
Static task
static1
Behavioral task
behavioral1
Sample
bff39a85f9f16d88e615cb2821247c3f.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bff39a85f9f16d88e615cb2821247c3f.html
Resource
win10v2004-20240226-en
General
-
Target
bff39a85f9f16d88e615cb2821247c3f.html
-
Size
90KB
-
MD5
bff39a85f9f16d88e615cb2821247c3f
-
SHA1
fde535b69f673e3ee9d9c614980073e56f35d9e7
-
SHA256
f0c2d2562054ad92e6604e944a72a3ebeb57c007893f74812eb6c29984f5c558
-
SHA512
f733216e477ddffc9cd3e128058de35143b82fb256066a33ecfa6605679224a2971316127ad24e73b5b5528eb06604d5fa3bd7398122205a198d28f5b083db4a
-
SSDEEP
1536:EsVNrizhWO5B5qI4Kb1qD4uWibfmaWWfiw7u/m9LofuENlx9TV6Z+T3VopklvQDH:EsVNrizhWO5B5qI4Kb1pzYf/t9s5vQDH
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1652 msedge.exe 1652 msedge.exe 4556 msedge.exe 4556 msedge.exe 228 identity_helper.exe 228 identity_helper.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4556 wrote to memory of 3532 4556 msedge.exe 89 PID 4556 wrote to memory of 3532 4556 msedge.exe 89 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 4660 4556 msedge.exe 90 PID 4556 wrote to memory of 1652 4556 msedge.exe 91 PID 4556 wrote to memory of 1652 4556 msedge.exe 91 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92 PID 4556 wrote to memory of 1840 4556 msedge.exe 92
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bff39a85f9f16d88e615cb2821247c3f.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4556 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffd5a7d46f8,0x7ffd5a7d4708,0x7ffd5a7d47182⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11279291470511096781,12438137951688408703,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11279291470511096781,12438137951688408703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11279291470511096781,12438137951688408703,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11279291470511096781,12438137951688408703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:2188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11279291470511096781,12438137951688408703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11279291470511096781,12438137951688408703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:82⤵PID:376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11279291470511096781,12438137951688408703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11279291470511096781,12438137951688408703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11279291470511096781,12438137951688408703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11279291470511096781,12438137951688408703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:12⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11279291470511096781,12438137951688408703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11279291470511096781,12438137951688408703,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5320 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2768
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4796
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:768
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD536bb45cb1262fcfcab1e3e7960784eaa
SHA1ab0e15841b027632c9e1b0a47d3dec42162fc637
SHA2567c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae
SHA51202c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456
-
Filesize
152B
MD51e3dc6a82a2cb341f7c9feeaf53f466f
SHA1915decb72e1f86e14114f14ac9bfd9ba198fdfce
SHA256a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c
SHA5120a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a
-
Filesize
349B
MD5fd18ac3bd5c697f815a070fe1203681c
SHA1687c64b11b50cd8d3a9866f8ef89d9f899608ef7
SHA256f359c3fd64bc72bad3185aa2b49039806a92b19fc5c28b61486485baad1f7305
SHA51281eedc49644e0cd3353b9d234e3a7981b82b4c82f8d15396f43d898eb41e423371f8fcc53e965a37e023259a020f72d38765f8b2d8f5c616bb5641ac89a83160
-
Filesize
6KB
MD5523e21d724d81382e87974a2fdea1fb4
SHA17afd870d361eabac7a13b82e69df3527277012b2
SHA25633239c2a8bc5cff7d9da56763ce4e92981015507569b7cf228464eeaf5a118c8
SHA512d14d873946c8ed9798ae14942eab06e26a62c5dd1843b99ab48af4974af234f5f6e8908a760369e71526a0e1969885a92e949d89109e8e6be3ae2f4135fb4afc
-
Filesize
6KB
MD567d81c4cdd911f6a4e00cb0f786dc44c
SHA154a204c2035a7badf93e49c09321199e433ac4e4
SHA256a346900c4ab7750c1ed8736841d90afba6f2e964ee76853690ca639397dc5688
SHA512718680bfca8cef438688ea255eeaf5ffc83e19fb4b4e1b9601094c021edd178d0eaa27f1ba2708e44e41fb8cc79562da0230f25355e96b77efa2f513c0a5c57c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b212898bf76aff025521edf929c9cd11
SHA1b7d3580b62d538feef3b1ced2b5d2a2205608b68
SHA256977a3e9bbe7f4d593e46d5daf36d7fd2f91f8a6efa592966fb01e30404efb8a2
SHA5124cfa5d0d4c10984481b8aa00017163d52043867dfe140a8695e51a139f174d08324aa678a5d9c0a9775ff586cfe6f3ef9d0c948b8745db3fa09ad906ed91f722