Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
16/03/2024, 00:02
Static task
static1
Behavioral task
behavioral1
Sample
cc96d29b0f9476409d36a19f6c319d35.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cc96d29b0f9476409d36a19f6c319d35.html
Resource
win10v2004-20240226-en
General
-
Target
cc96d29b0f9476409d36a19f6c319d35.html
-
Size
44KB
-
MD5
cc96d29b0f9476409d36a19f6c319d35
-
SHA1
1b30f8122042ecc15f6b95a372b096e57cfd61cd
-
SHA256
866bae08380b1c6906f28d2fcbcf064aeb9c0d89281db5ba58848a4fa763185f
-
SHA512
2dde3468ef69458a82a3ef6f8db177a765ceb5d27c74fda59136f28b6e55405caeeff8f67d4f70c5a2c369def108f7da09ad525974862cef34477aeeea038737
-
SSDEEP
768:mwS0l/sGVLsk8ejW4mTNn2oTGelg8YyCEtX3k:mZJttGelg8u
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1280 msedge.exe 1280 msedge.exe 3604 msedge.exe 3604 msedge.exe 2664 identity_helper.exe 2664 identity_helper.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3604 wrote to memory of 2236 3604 msedge.exe 87 PID 3604 wrote to memory of 2236 3604 msedge.exe 87 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 3388 3604 msedge.exe 88 PID 3604 wrote to memory of 1280 3604 msedge.exe 89 PID 3604 wrote to memory of 1280 3604 msedge.exe 89 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90 PID 3604 wrote to memory of 60 3604 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cc96d29b0f9476409d36a19f6c319d35.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3604 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad6d046f8,0x7ffad6d04708,0x7ffad6d047182⤵PID:2236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,12558724605549764813,1440997274252192480,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:22⤵PID:3388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,12558724605549764813,1440997274252192480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,12558724605549764813,1440997274252192480,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:60
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12558724605549764813,1440997274252192480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:1344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12558724605549764813,1440997274252192480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12558724605549764813,1440997274252192480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:12⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,12558724605549764813,1440997274252192480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:82⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,12558724605549764813,1440997274252192480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12558724605549764813,1440997274252192480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12558724605549764813,1440997274252192480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12558724605549764813,1440997274252192480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:12⤵PID:4328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12558724605549764813,1440997274252192480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:12⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,12558724605549764813,1440997274252192480,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5908 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4036
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:892
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f35bb0615bb9816f562b83304e456294
SHA11049e2bd3e1bbb4cea572467d7c4a96648659cb4
SHA25605e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71
SHA512db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1
-
Filesize
152B
MD51eb86108cb8f5a956fdf48efbd5d06fe
SHA17b2b299f753798e4891df2d9cbf30f94b39ef924
SHA2561b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40
SHA512e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d
-
Filesize
6KB
MD501087e8a0111fc6485ee1c4e2d71ce88
SHA1aa2f99bbba0e27ac78f1a16c24bddfbd74d8bc6c
SHA25605afc69e1b09113f7cab5a65754f9dfe53e6598077522f151d2e13d64f6b61a3
SHA51285819f61d09a1428a6e684fd2fe758e85b2e0186dae7da5d11fcbb3d8076ae23eeba480772d6314b4a8f189d6f34119358c77cd3e33c3540fc7b22acb8e1b9ba
-
Filesize
6KB
MD57d6c9e7c11acade8adea6dd847dbc9d9
SHA14ff500018c6a77344ae4867b780a39381b0b3b01
SHA2568e7bdc57ee5550dbcdb633d7f1d8b93567341d5849099333dee2afbadea46ce1
SHA5129f3d4e956966066d8dbaefd6685e9f1152f9eb0135056aa3510b75cabb5337b813422eb97c93e5f9b6e99d8ee7ef484e47e14526095a72494a55d362fb7fc58d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52a4b57af08f575ff2e928612e5160c46
SHA1161fa3d4104560cc8d9c223cdb6ed1bb74d4e179
SHA2561d1832df720b7b0bfa75c0b38fd753c0074b528b501b06a61cb6edd2f8b1de82
SHA512b2f58bdf741d2dbe7db110f56c72682e86cc92bd166b55e94fab6bb7162dc7a81e9cdf3bf6a4c870976a2c397ec01b1dccab424e5b9d19b88f6bc22107e7eff8