Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
38s -
max time network
44s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/03/2024, 12:39
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://balt-go.lv
Resource
win10v2004-20240226-en
General
-
Target
http://balt-go.lv
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2348 msedge.exe 2348 msedge.exe 2112 msedge.exe 2112 msedge.exe 3836 identity_helper.exe 3836 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2112 wrote to memory of 4516 2112 msedge.exe 87 PID 2112 wrote to memory of 4516 2112 msedge.exe 87 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 1864 2112 msedge.exe 88 PID 2112 wrote to memory of 2348 2112 msedge.exe 89 PID 2112 wrote to memory of 2348 2112 msedge.exe 89 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90 PID 2112 wrote to memory of 4816 2112 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://balt-go.lv1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c8fb46f8,0x7ff8c8fb4708,0x7ff8c8fb47182⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,13528789144912835032,8167488268651881110,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:22⤵PID:1864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,13528789144912835032,8167488268651881110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,13528789144912835032,8167488268651881110,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13528789144912835032,8167488268651881110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:4020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13528789144912835032,8167488268651881110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:2916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13528789144912835032,8167488268651881110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13528789144912835032,8167488268651881110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:2524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,13528789144912835032,8167488268651881110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:82⤵PID:4484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,13528789144912835032,8167488268651881110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13528789144912835032,8167488268651881110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:3064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13528789144912835032,8167488268651881110,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13528789144912835032,8167488268651881110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,13528789144912835032,8167488268651881110,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵PID:1380
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2988
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1972
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57c6136bc98a5aedca2ea3004e9fbe67d
SHA174318d997f4c9c351eef86d040bc9b085ce1ad4f
SHA25650c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2
SHA5122d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada
-
Filesize
152B
MD55c6aef82e50d05ffc0cf52a6c6d69c91
SHA1c203efe5b45b0630fee7bd364fe7d63b769e2351
SHA256d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32
SHA51277ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed
-
Filesize
194KB
MD5f5b4137b040ec6bd884feee514f7c176
SHA17897677377a9ced759be35a66fdee34b391ab0ff
SHA256845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6
SHA512813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize768B
MD530f8b7b8523c7fd1f15e1aceb6ec0dcb
SHA16fbdf1fb943993ee9af722e68d330d4e46f2c15b
SHA25640db9d1deb886678545ac5269f0f4ee3e2de2a82a722af9f5f718e86b4514f8a
SHA512577f5aa59d635586f560f565dd0c9329ef384a7d72e049e49ff73737b680a3350c628dfd5f4fe071c4904e2d9e41a1848f8c14582ed7fd47fde91a6e24a18682
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5ab16d8482b98c64d8114c32e523e6f44
SHA13ecdf2b5b576931aa7a96eb2b518cb50a82c8cf3
SHA2560e7d0f672676e25a167796e55b6888c2f173ce179b99d6f6bbf8a36469f01e05
SHA512138e410d9be1748d0cefb6cca7f752635c7834d739d0395ffa7121e980d4df33a3e957c74b8117554ba26a38d8b7fdc49b6d785c4d9f65917a32f232bb83c21a
-
Filesize
7KB
MD53e3d9c420b28efa8f50dac7cc2d4333e
SHA1be4230876eb9568b21075398e1b31c513337e634
SHA25634a7ad543c0b76b8f7b16b1bbcf1b759b3f92781570bb3e49770a8c0e7bfe657
SHA512be35440db8388600916dfefe237a54a362eab0e9100a5b3f27597f530689d3b297420ccca6957367eeeb0bd0c2e0e3e0cfbeb1ee70e553183cd80d5451d8ef2c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5cce64383b5814936f044717fdeb20fa7
SHA1c1e297163cc76b6319f3fa4b34382c162197eab6
SHA2563897e429c37e7e57167f1ace2da2253b22f085f291e72800d51d82af9e6c4273
SHA512402e72d068aac0f570f19976f722958c61a2a90d4430d1bbd0e1eeae969fdea604fc48b92cf47a216c5913030a1c73e8957096ed901a1e5a34a0158f13d2e81c