Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12/03/2024, 06:32
Static task
static1
Behavioral task
behavioral1
Sample
c2b05f9522131e64f63cc94bce4fb91b.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
c2b05f9522131e64f63cc94bce4fb91b.html
Resource
win10v2004-20240226-en
General
-
Target
c2b05f9522131e64f63cc94bce4fb91b.html
-
Size
43KB
-
MD5
c2b05f9522131e64f63cc94bce4fb91b
-
SHA1
4f04cfd3f95a55f2e578572091a09fb6eb746a89
-
SHA256
036bfa25ea040bf22bb7b2164a7d0331b7c332d4b2075c7c605e5ab99f1d67db
-
SHA512
986cbca8774a626df4a9af372a8bbf031e08868e8df5ceb3d09d17df1890591e9c9a8ff25f3f0fc3232a31492fa8e454e08d4ff46c5a7be190df037556505def
-
SSDEEP
768:vJBNgWuHNOACfK+XNXXbQgTGV5DjVfZSS1XjQsPtt8urQH6kxV6UXKG1y+7BGu5W:vZCfurEe8cvWUqTAJy
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 1960 msedge.exe 1960 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4308 identity_helper.exe 4308 identity_helper.exe 4352 msedge.exe 4352 msedge.exe 4352 msedge.exe 4352 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4480 wrote to memory of 2164 4480 msedge.exe 88 PID 4480 wrote to memory of 2164 4480 msedge.exe 88 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 4736 4480 msedge.exe 89 PID 4480 wrote to memory of 1960 4480 msedge.exe 90 PID 4480 wrote to memory of 1960 4480 msedge.exe 90 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91 PID 4480 wrote to memory of 2328 4480 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2b05f9522131e64f63cc94bce4fb91b.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb31f46f8,0x7ffbb31f4708,0x7ffbb31f47182⤵PID:2164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:22⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:3604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:12⤵PID:3976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:82⤵PID:700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵PID:1296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:3564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5296 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4352
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4024
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4896
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fd7944a4ff1be37517983ffaf5700b11
SHA1c4287796d78e00969af85b7e16a2d04230961240
SHA256b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74
SHA51228c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b
-
Filesize
152B
MD5a774512b00820b61a51258335097b2c9
SHA138c28d1ea3907a1af6c0443255ab610dd9285095
SHA25601946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4
SHA512ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1
-
Filesize
6KB
MD588824b6907c160a1adc9dac0f9fab366
SHA1092151a607b3e0a1cebd2dec9db245ac90fba4d6
SHA256acd1747fef8bd790428533ddb13759242aca1474f2a694056a8a07ea25279ddb
SHA5120cff4a36446b5f4307e4b48fbe4e6194c865359da3ea0f55481356aa17895cf4d6e8b96e71e0f044d30b389963143889af1783d3fbcb436d87e418a8ce0c165d
-
Filesize
6KB
MD5dae203c053ce32a4ec9d19e57ea0f1c2
SHA114a3c80bcf8581637df2c757f2087c810b278980
SHA2560032b3bf2ee2a7811b9b8563e3fb16352bc3b903ac477587990e96e1da59efee
SHA5129ba13d2ce15425b5dbc47e68dde944a2f2364f0e78e3a56bd57e2c5aa039eb04c22ef3a12f5e568ee568d4ddaeb1946d7a5363795b5030e02a5cafdf386aec7f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD59cf565933a25242c70385f81181e78f3
SHA18e7ae6d63fd6d2a0a82a0fffa16d1b0c89294753
SHA25658afd332141767ec95602aaae1bbe0b6685aa39a63712da7cfbe079f346b8837
SHA5126765c0490c93d18df1602bb16a5983e46f4590460a000af425b43956470acf69208cf9bce3f1e45b6b7fa73ddc6bfac15e8f6efffee9ed49c7e41b060f954da1