Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1808s -
max time network
1702s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12/03/2024, 12:32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win10v2004-20240226-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2096 msedge.exe 2096 msedge.exe 208 msedge.exe 208 msedge.exe 4080 identity_helper.exe 4080 identity_helper.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 208 wrote to memory of 1756 208 msedge.exe 87 PID 208 wrote to memory of 1756 208 msedge.exe 87 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 952 208 msedge.exe 89 PID 208 wrote to memory of 2096 208 msedge.exe 90 PID 208 wrote to memory of 2096 208 msedge.exe 90 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91 PID 208 wrote to memory of 3844 208 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf38846f8,0x7ffdf3884708,0x7ffdf38847182⤵PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,14139984865793709237,2989566132030619501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵PID:952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,14139984865793709237,2989566132030619501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,14139984865793709237,2989566132030619501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵PID:3844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14139984865793709237,2989566132030619501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14139984865793709237,2989566132030619501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14139984865793709237,2989566132030619501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵PID:3908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14139984865793709237,2989566132030619501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14139984865793709237,2989566132030619501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,14139984865793709237,2989566132030619501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:82⤵PID:3364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,14139984865793709237,2989566132030619501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14139984865793709237,2989566132030619501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:12⤵PID:616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,14139984865793709237,2989566132030619501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:3764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,14139984865793709237,2989566132030619501,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1032
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4468
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3180
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fd7944a4ff1be37517983ffaf5700b11
SHA1c4287796d78e00969af85b7e16a2d04230961240
SHA256b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74
SHA51228c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b
-
Filesize
152B
MD5a774512b00820b61a51258335097b2c9
SHA138c28d1ea3907a1af6c0443255ab610dd9285095
SHA25601946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4
SHA512ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1
-
Filesize
194KB
MD5f5b4137b040ec6bd884feee514f7c176
SHA17897677377a9ced759be35a66fdee34b391ab0ff
SHA256845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6
SHA512813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5a3518b8a9aeffd0307fb7ffdd9c64354
SHA11805b576e5e50b38063549c7fef4eae971182b67
SHA256d9061ff0083c2838fc73a8d523a58d3edf1175e4bc63a768a54d8c4781641003
SHA51222e572ca54608ca266d2eef682bb2548c30586933e584d1ec98365b911992196dceeea0a989092927cca95d7a65ec59b3465ff171ac5d01420297d938ed66179
-
Filesize
815B
MD5ed93fdb54bcb1ab84169367e8773aa83
SHA1c867eccbb36f0d60663c02857a59b4cad9fdc541
SHA25687447e70191fe0019ad3f00b2e8c18907bd602dd51229fa1cb3cb6ed25ad844b
SHA5122df39826b8ad53a91698e505246ba4dbf824c8e86080b87ccaf352bab02c0e6cb6353ade337b9b79d971855994b69455c65df18ffde3242a5f447a92406c029a
-
Filesize
6KB
MD5d172863ae5f7f15796d2a832f98a19b8
SHA1ca1d730a201c762350860bac310c8fdaf39bdd21
SHA25623b38bbe16194adfce945251aff6052b1d9f5e69bd26afde348292b715708661
SHA51231d33a8888c8251267ca9eec0b89bb9ac25cbc24d9a439d58101225d42bdf33286e2d6ee9f5eba062349efafa8a9ad3444f81ed358d5f28ff5154b90c22e4bfc
-
Filesize
6KB
MD5eeebb1bd7ba5d89805d0886138ab6130
SHA184a66d9529cfef713935049f375c1f3aa4b4a72a
SHA25672e8e891941d21c454c52fb676a76464b016e947d7c61caab5cff14a29794f27
SHA5126eabc3f474b139c6e2daea7e0d4bef490cda7b73cc76faaa8efd9998a92224da57694916b764266bf81e44375d103c0670e5dd6fc46e72e817ac102c39ce44f8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5eafc7cac9f5241cec9e620d7aa4aa37c
SHA192e8b1517313e7dc69e6855e8e9c61653e7acf54
SHA256afec9bdfa5c7c559aad39b08286d31fbfbb1e76c9b7b9cc7dc391e5ab30cbbee
SHA512d26e61a5d7f0a00de281f17ba74014961e744d06b34e977e016d307167c9f563c77e7be991f412dd2bf9920aa997ada5db204c50bec83c57d8d4a5ec7501e6b4