Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
11/03/2024, 14:24
General
-
Target
http://sptr.eomail8.com/f/a/ZWQAVSR2M9kMQJyfLj5LDg~~/AAAHUQA~/RgRn0XEdP4QWAWh0dHBzOi8vYXJib3Jlc2NlbnMuZW9tYWlsOC5jb20vdW5zdWJzY3JpYmU_ZXA9MiZsPTI3YmIyYjkwLWFiYWQtMTFlYy05MjU4LTAyNDFiOTYxNTc2MyZsYz1mZDBiOTczNC1iYzdlLTExZWUtYjlhOS1iNzY5MjY5NTI5Y2QmcD05MDRlOGI1Ni1kYmRjLTExZWUtODZkZC03MzUwZGRhN2E3NDImcHQ9Y2FtcGFpZ24mcHY9N
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://sptr.eomail8.com/f/a/ZWQAVSR2M9kMQJyfLj5LDg~~/AAAHUQA~/RgRn0XEdP4QWAWh0dHBzOi8vYXJib3Jlc2NlbnMuZW9tYWlsOC5jb20vdW5zdWJzY3JpYmU_ZXA9MiZsPTI3YmIyYjkwLWFiYWQtMTFlYy05MjU4LTAyNDFiOTYxNTc2MyZsYz1mZDBiOTczNC1iYzdlLTExZWUtYjlhOS1iNzY5MjY5NTI5Y2QmcD05MDRlOGI1Ni1kYmRjLTExZWUtODZkZC03MzUwZGRhN2E3NDImcHQ9Y2FtcGFpZ24mcHY9N1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb48a146f8,0x7ffb48a14708,0x7ffb48a147182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1529984589939077348,5294196730265749730,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3400 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54d6e17218d9a99976d1a14c6f6944c96
SHA19e54a19d6c61d99ac8759c5f07b2f0d5faab447f
SHA25632e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93
SHA5123fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47
-
Filesize
194KB
MD5f5b4137b040ec6bd884feee514f7c176
SHA17897677377a9ced759be35a66fdee34b391ab0ff
SHA256845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6
SHA512813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40
-
Filesize
168B
MD57f4eb7819a787dec4f27d649ab4cc717
SHA17c767f7c39fe2863672184db6ec526c311586d56
SHA256259c74f9ea7b1e5f18aa83835b8ad9bf966a10a4e89bc30c02fb103010dff01c
SHA5122a3d73179e605f2e3f6118955e5e1611b42750df882603e9fd39d9f24ff07c6c5a67328444e77a0de50897478a5b44571942b6ca3eefc4f6c8d9b83668063e0d
-
Filesize
336B
MD590849a28038da3cf60e27b1de8d97452
SHA1078ef93ac0f5f25bc0ee98e2fa297afa8e332cb1
SHA256c6651cfc399f7df88f1ccb12071ed3f361f71524838d30326a1a75494e835a4a
SHA5129144147a5e2f006586b44d49b3fe262aaba2e57e0fa03350c69705721fb4a8cf80d39b8e2b2a073cb2286bd188b86e99a5acf189f152702369acae09ea567ecb
-
Filesize
1KB
MD55a9f0957210ac51a685ad81038c82bd9
SHA1b90ac705e6343e7eed1a6d3fcb1abb6bf8a15053
SHA256421a5790253592b09f79f73409b79bd30b4e1df2adbd340b29a2141014d83033
SHA512d564d359abfb9a8a80ad8d654d731043b6c4ec140edfa3152f7b1a1a3ff7cb53540d13ab3989052791e314a13d38e4bc870fe884290c8849def91cd185145d1e
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5fd039793a7dace3eff8290731fa6f3cd
SHA115ac491a54f3f590144b4ce8ebd7d7d512474f6e
SHA25672173cab3bc5690d5328687a83862200aa813a3d249066c16d9e1c6f912d6adc
SHA51286051e4dd2a36c52033b4c03024886c6188bed16d7ea6144ddef9c5386b1ad7bb1fd3cb576d802f519d72ebdbd6eba2e4a6423d4a70b1edadf3bac479ee28196
-
Filesize
5KB
MD579022ba430cb8d06caf1e94f29988248
SHA1ad440540234ec7a1769cb6a672dc7091bba6b724
SHA25605a76853f4d8419a2f8543ba04d30d9d71628a420697c1cdd6a8cb96fd6344f8
SHA5124e9694cd171b27e2b7cd2c7cc8514a322fa662bdb95a67d273ed6779b677b94d7a76da355942bc853d71db09e50b37d94518aa7f932c468b7c52caa40d26c5d2
-
Filesize
5KB
MD5f1d3a9daae3062e489c8d1b171fe8de1
SHA1ecfa4869e0745215cd1ddccb24dcea6646855365
SHA25624540cffdada4b1a972952abf2a87cf136ab3f4c899e7bb8c2aa4e43414c9d12
SHA512a7f6e66f3844221bfa36a45cdb8bf28032999c92b5f853ef1a9048fecde6cf05632c4a1e9aec2220ba82a881a046a4a1bde25de0c5378d345806c0ae439c0c94
-
Filesize
6KB
MD561af47a9f0f62f9db4023c74f0108929
SHA1bc257e0fa1c21bd5d67e38febd561636b16e6fd6
SHA256a997899a8de6121f805ca6abfa65ab4d2abc6c5deca2faa0b5250603281f49b7
SHA512d9d2ecee4404634db711ffb28bed807bca1e85e84c2687361642ef4cf71084402c2a3714b8d1ddcfa4efa9eb725002af2f058ca96eee55fb095c2432e131e5c6
-
Filesize
24KB
MD5c2ef1d773c3f6f230cedf469f7e34059
SHA1e410764405adcfead3338c8d0b29371fd1a3f292
SHA256185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521
SHA5122ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD58bc702ea86282000eaf4c73cf6bdfc5e
SHA1712bfc0c841eccf4efb476436301a6a4e58e8795
SHA256c5b05d71bdf57258871a1a2d00940ab3e883bcc3ec02bc6bbf05616d7a4f8c9f
SHA512ede40056873060fe23157dc290a8ce733d0142d11180a05f1ae02c6aa9ac413967b3cda3e1a62426decbe991d9792cd722d7f35b1e57c327c14fbf62d807c4d2