Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
16/03/2024, 08:36
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://zipit.link/7C8f9%22
Resource
win10v2004-20240226-en
General
-
Target
https://zipit.link/7C8f9%22
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2884 msedge.exe 2884 msedge.exe 5072 msedge.exe 5072 msedge.exe 1840 identity_helper.exe 1840 identity_helper.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5072 wrote to memory of 4368 5072 msedge.exe 87 PID 5072 wrote to memory of 4368 5072 msedge.exe 87 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 5080 5072 msedge.exe 88 PID 5072 wrote to memory of 2884 5072 msedge.exe 89 PID 5072 wrote to memory of 2884 5072 msedge.exe 89 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90 PID 5072 wrote to memory of 3956 5072 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://zipit.link/7C8f9%221⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ad4846f8,0x7ff8ad484708,0x7ff8ad4847182⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13916701809143907731,16460542072445810879,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13916701809143907731,16460542072445810879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13916701809143907731,16460542072445810879,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:82⤵PID:3956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13916701809143907731,16460542072445810879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13916701809143907731,16460542072445810879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:3020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13916701809143907731,16460542072445810879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13916701809143907731,16460542072445810879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13916701809143907731,16460542072445810879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:2872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13916701809143907731,16460542072445810879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13916701809143907731,16460542072445810879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:12⤵PID:3680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13916701809143907731,16460542072445810879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13916701809143907731,16460542072445810879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵PID:4752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13916701809143907731,16460542072445810879,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4408
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:220
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2720
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e494d16e4b331d7fc483b3ae3b2e0973
SHA1d13ca61b6404902b716f7b02f0070dec7f36edbf
SHA256a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165
SHA512016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737
-
Filesize
152B
MD50764f5481d3c05f5d391a36463484b49
SHA12c96194f04e768ac9d7134bc242808e4d8aeb149
SHA256cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3
SHA512a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5461ae463db9b5207cd31940a433cb50c
SHA147addb6ea987730aa439ba2cfdd821cfb03dc7ba
SHA256cacff824a671e84d8764a13a7ba4305ea318412083affd2ef1e7f4ef5f4f2849
SHA5121ad1459a79d9ebf8cc8f4469482e3f9a9af1c2c30e2d953a81147bfebb335c5f1253e7d66dbe504fbe7e743f3acfd9202fb7b7d9f12ab6a769be4985d9abe2fe
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
905B
MD500c34ff935636e6f20578251332090d0
SHA1fbc1fa18cd6fa1d81c2e3cf94f49c6205d2b80d7
SHA2569a2ec4337d7a41720784a0fbcb94a480a2338abbb82c3efa09a74b22fac2a008
SHA5127fe1f637e13c21a958ea0f13f6274790e5df758fd37dd9bdf160a3b8e06377b74d2969da52f434a03a71db5213059b789d147d863da14787e60fdd9d1f06ca63
-
Filesize
6KB
MD5c473ab1fd29ad426192a22207a18cc55
SHA195c417b6936c524895abe07d7c90e44afed55230
SHA25603931d3d3fe82d2ace40f95c29c3d1df9f1520b4a3891997a095a51f662d44b9
SHA5127a6f86ab51e7ab7f48c7a6f441efc204ae96e3b39137b59e0bd90a5d19169c794278915a1c4b7fff8c2dcf390c28023582f3ddaa62c626419036fcf842d138a3
-
Filesize
6KB
MD56caebbad9ddfad15dee7a565e2468c30
SHA10af47a3457de7e13c10a0f2ce029f9c1effd1b7a
SHA256dbfa93d0253362799eb8c6a81690965449a9661fce7b1a22be4e3b8cf1bd2164
SHA5124c86c779a629e3aa260a1a123f71aeee33bf9cfca1f049efa5d9552230cbfd426c7c563f9c9cdf94272a1e5b5af211eae58f3076e4498ccd9ebb35d07f88f52a
-
Filesize
6KB
MD522dabd2c588b083b2f8dfd40419d3241
SHA184e70164817ac74cc5f645161f71ae64fe822d93
SHA256473d80d18f0d69f5d32bb82555d8cf37634750f473cd2d6e25239ea4c31814ea
SHA5129a02bc26869c596c8364ac52efc208a4f68b0c2cfbe8fac16faddc4b3f22abdefbeb32c98ab9a7e3a4a17cfa510aae124f5a050468846048dcc7ebf221623e57
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5140ef290d28b99464a316071d7ff54b3
SHA1a0f31fec18ff3de69b818cbfc902782fc9549eaa
SHA256a508a96a0c66c5d393c1a826e6a391d2658446298b2a3cbd5b0146cdf11557bd
SHA512c0da1b639506f783300920ad508f5329bb457f21e8b766dc74a43f32ba771d94b64a1ee466a62bce6f093c8095f69d5ef2295b8e468a629c680401b60caf8e47