Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
19/03/2024, 12:47
Static task
static1
Behavioral task
behavioral1
Sample
d6280f8ea3fb28f4e9e9bdefccc1a2bd.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d6280f8ea3fb28f4e9e9bdefccc1a2bd.html
Resource
win10v2004-20240226-en
General
-
Target
d6280f8ea3fb28f4e9e9bdefccc1a2bd.html
-
Size
88KB
-
MD5
d6280f8ea3fb28f4e9e9bdefccc1a2bd
-
SHA1
ccf12507c7b209ce4c5c8e6e0320892ae31a7144
-
SHA256
c78b1d79a0da9d51edcef721229fc643ca627e562a127dbd82ff91e9c31d09c2
-
SHA512
2c4733414d33d7be7388d88b2e6abe2276b1901a5c2bf4e8ab33d974fdb9288414df5f5d5bb36623adbdc2d6467ddde53b4e964430cbca664e87bfe9becc4adf
-
SSDEEP
1536:eIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7SW1aY:y1aVoaimIzIn/8v
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2872 msedge.exe 2872 msedge.exe 2104 msedge.exe 2104 msedge.exe 3712 identity_helper.exe 3712 identity_helper.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe 2872 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2872 wrote to memory of 1684 2872 msedge.exe 87 PID 2872 wrote to memory of 1684 2872 msedge.exe 87 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 4604 2872 msedge.exe 88 PID 2872 wrote to memory of 2104 2872 msedge.exe 89 PID 2872 wrote to memory of 2104 2872 msedge.exe 89 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90 PID 2872 wrote to memory of 2184 2872 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d6280f8ea3fb28f4e9e9bdefccc1a2bd.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdbb546f8,0x7ffbdbb54708,0x7ffbdbb547182⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13983196648390355375,7927527537659127348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13983196648390355375,7927527537659127348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13983196648390355375,7927527537659127348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2400 /prefetch:82⤵PID:2184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13983196648390355375,7927527537659127348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:12⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13983196648390355375,7927527537659127348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:12⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13983196648390355375,7927527537659127348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:82⤵PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13983196648390355375,7927527537659127348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13983196648390355375,7927527537659127348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13983196648390355375,7927527537659127348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13983196648390355375,7927527537659127348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13983196648390355375,7927527537659127348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:12⤵PID:2380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13983196648390355375,7927527537659127348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2340
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3792
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4832
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5132e1304305311eb1cf89996444f9e00
SHA15c1ea224a8427adaeb5b4202e9a8f9e73b868f29
SHA256a50c0790e298dc7acf93ab2f4169cce70e3258251372bd0f52ce170ca6aea69d
SHA5126bbde7ee64f1d8869f9512b019b89927c082f04822956cf37608c689b9e590023425a0418628ab8b56a24bc319bad93880daade9d89515c4dd45fc9f7d42f99a
-
Filesize
152B
MD547b2c6613360b818825d076d14c051f7
SHA17df7304568313a06540f490bf3305cb89bc03e5c
SHA25647a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac
SHA51208d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac
-
Filesize
152B
MD5e0811105475d528ab174dfdb69f935f3
SHA1dd9689f0f70a07b4e6fb29607e42d2d5faf1f516
SHA256c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c
SHA5128374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852
-
Filesize
308B
MD51f56b5f0ccdf82c02631d5c2f0d04f32
SHA1d77dc5aaf5a76fb2ebf14f222765bffd84634ed4
SHA256ee486e0a17d6cdb57f912b58cc64684d4e2e8301ef640e63afcb8e1059c5f7cd
SHA5129fc461419ba92d41f81fa5ac100e39e6373beb782a3ba2601155899a8144080672b7bb09e29480c8d513771ac6aea489db73c54e99a5264b84f9ff9553e23e5b
-
Filesize
6KB
MD5b1bce0cfc19cc768446e0303eed8f4d5
SHA1353bd3ae6cc2e7a76a0edced0bf397cd6fe95169
SHA256e1ee2b8b2405da25d1eb475913729abfcf023be4ab1f1abff6a2fa1e78e351f5
SHA512e2ee0d771210011be7046f6877a92f57e2fca845d9c66eda5a9bcf2711914742c9470a2d4a28aaf7762096f0ad6d0d7be42e736ab2309c939f9dcd1f85b22fc6
-
Filesize
6KB
MD51e574f5aaa0cccd96b417d94789ceb0f
SHA1644e1cace1aaf2a019052acb0d8a72a77fb6b595
SHA2568ee2dba0d4814b70313889fe3165246cc55206176c561f20730b4f6f360d9426
SHA512c7cd618e8fbd552d4ee9218ca71695f32179a6b644cf35b2badc3a8fc6331fb5451cd888066ef2229623486a9fd923aeff5d9154a8ff35091564ff371541e733
-
Filesize
6KB
MD5af7805b9709d4b50439f2a4bbc8085e1
SHA1555abc1286b1d0f28adac273240d23831afb31c3
SHA2568d0eb3844a32d7f967968dbdc8b2af0c734c6e719f12bee0ff3dc72983f012f9
SHA512447c27a59776f5005bb3351fb4b50725de0e737151796eb864605218bf9bfba330e4cf62f2008882d575828a9067f609bbe55949dd72ed3ae73943cd1b59be01
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389