Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1758s -
max time network
1805s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
14/03/2024, 16:15
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/12owzpj3ucsqmat/Panel_Instalador%282%29.zip/file
Resource
win10v2004-20240226-en
General
-
Target
https://www.mediafire.com/file/12owzpj3ucsqmat/Panel_Instalador%282%29.zip/file
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2220 msedge.exe 2220 msedge.exe 4036 msedge.exe 4036 msedge.exe 2380 identity_helper.exe 2380 identity_helper.exe 2252 msedge.exe 2252 msedge.exe 2252 msedge.exe 2252 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4036 wrote to memory of 1624 4036 msedge.exe 88 PID 4036 wrote to memory of 1624 4036 msedge.exe 88 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 5004 4036 msedge.exe 89 PID 4036 wrote to memory of 2220 4036 msedge.exe 90 PID 4036 wrote to memory of 2220 4036 msedge.exe 90 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91 PID 4036 wrote to memory of 2272 4036 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/12owzpj3ucsqmat/Panel_Instalador%282%29.zip/file1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6fd646f8,0x7ffd6fd64708,0x7ffd6fd647182⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:3732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵PID:2516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵PID:3520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:12⤵PID:5344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:12⤵PID:5352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12870017573628088780,3584328227301724198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3108 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2252
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:468
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1568
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fd7944a4ff1be37517983ffaf5700b11
SHA1c4287796d78e00969af85b7e16a2d04230961240
SHA256b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74
SHA51228c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b
-
Filesize
152B
MD5a774512b00820b61a51258335097b2c9
SHA138c28d1ea3907a1af6c0443255ab610dd9285095
SHA25601946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4
SHA512ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize720B
MD5827c3ff4c02dde20894e31283bffdb38
SHA18f526a7495ba41ab84141807e72d3fd4d78345c6
SHA25637d6837a62e5e79a6b9d5a02efeff665a50fe35818dd82fbb2808736805410c5
SHA512ab55040b94ca8fc20b47e09318c6b4a4b00c01102b5d414293da3c2278d2b5b4786459075e5b741128ce411d86abcb830d16c762e85688fd721d5cb4b8c6d883
-
Filesize
4KB
MD5809ad064feb88a3b3038e9eeb182b390
SHA182724c7a649361bd42e27902a4e8859d21d2f471
SHA256a46497bee4de87b81526bedf6fc902e5937ce91fafdce191f74c115bd95d0be1
SHA512cbb9f40eb343dbc2e4775312c8e3b97d8c018171e3ade3488e8a3eb9ba01ba0821e7c14ca9e0e5acca31bc28e6d586b1903e7cbfdf826535a51636a6cdee1759
-
Filesize
8KB
MD5daea01b5652f4323a61a8b6da1774f75
SHA161e0ced66531ca901a5d9ed865537c3f5772eef8
SHA25608a6ec177d710d7c0779aa7591b48e5312649d1192b1e3be8a53d6614e79f9e1
SHA51293e7e7868349b52005d555d85f1fe44d936a10abb63b11669f9b9a16522c4f2f4f8b1ef03d4014745f8a7bc07bdec00086be6887efe4f820fa2498132353bcff
-
Filesize
6KB
MD55761cf4be8b76274bc65ab07e4d258e4
SHA1b9ff245e6f1fcc5411b1d19832a061196b8bd5e2
SHA2563964757b189f23cd2106d81c4b17a8138eab93bc8f3ca4e79350c792348c7463
SHA512cb7a710f924bf92264690a3df96b3ac902d8113983f93799287f55409b7341708a1b1098c3832c40414a0850008f14406e3568c0371c9cd49cd8f2fd9e89a102
-
Filesize
8KB
MD5b7909a9ff07b9dd10f7996c7a9a1ed4b
SHA1454a48969fcf001a488afed5e08f87c171539f6e
SHA256f3de410c159c57047ec6e209ac73d28c02f04eca6a6e2c5204c4ca1c99e817dc
SHA5121b77f63ee238bf92e5493e86a7f96b419d948a9da6fa07711b803b6752acddb33e8bd2219fbccf763e7678bacb4eadc87b270952665b940151e33efd7b20b2aa
-
Filesize
873B
MD5a674873ab5a10b780b47ec8435ea282e
SHA19e6e2a798d8142866c2ffd2099dc65d5b576d175
SHA2560ba04bc01c15c093f49acb1a96946e6068da185842629db56930d6fbd2e48dd3
SHA512bfd517c550ba3c34bc2cc2b3846cfe872c2393defda7e9fd043ef11ca17a1f12484ad9bac0dfb8eab8aa4dbc8366f74f772c9b006048ba9e2dd8610a7abc0f1b
-
Filesize
705B
MD5d17196f57772a4e637a3aaa9662effca
SHA15a9104d5c440c7d7ad74505ae5a5f2b91deeb663
SHA2560e50ac469044e7dee3d6a95378718cedab49b7a8a9038d4acdb5fc515d57e784
SHA512bd42c170a2c29159a6e9779e36f663c0209f0668c890f6a68b7bd94da283a4a82519f08fbf8cb39efea11d0a80ea9b5de92bba7f744b63ceb8599dd0003d7e6f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c41ccbc4d0fc9e69575392238e53a73f
SHA1453b8c8cf6be53fd1ff7817efccccafd7c905ab8
SHA256fc011f72514d5831bff225fbe3907257d1b16edc04bc0e9730ee12f0b250e1e8
SHA5125f58a0c8b9f7bae0c7b0107e1369a138f95340292f30a617a94941de4b0caa2fba1fc003ef613ea84f61f2eaf2f0527516ef83590f01e9545054a3bc52c89a42