Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
108s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
19/03/2024, 16:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://gamejolt.com/games/fnaf2stingray/877145
Resource
win10v2004-20240226-en
General
-
Target
https://gamejolt.com/games/fnaf2stingray/877145
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4464 msedge.exe 4464 msedge.exe 4036 msedge.exe 4036 msedge.exe 1656 identity_helper.exe 1656 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4036 wrote to memory of 232 4036 msedge.exe 87 PID 4036 wrote to memory of 232 4036 msedge.exe 87 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4656 4036 msedge.exe 89 PID 4036 wrote to memory of 4464 4036 msedge.exe 90 PID 4036 wrote to memory of 4464 4036 msedge.exe 90 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91 PID 4036 wrote to memory of 1788 4036 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gamejolt.com/games/fnaf2stingray/8771451⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda20746f8,0x7ffda2074708,0x7ffda20747182⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15827905797660540348,15887297065757997030,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15827905797660540348,15887297065757997030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15827905797660540348,15887297065757997030,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15827905797660540348,15887297065757997030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:2760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15827905797660540348,15887297065757997030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15827905797660540348,15887297065757997030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:82⤵PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15827905797660540348,15887297065757997030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15827905797660540348,15887297065757997030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15827905797660540348,15887297065757997030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:12⤵PID:3148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15827905797660540348,15887297065757997030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:12⤵PID:5236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15827905797660540348,15887297065757997030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵PID:5244
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4804
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3500
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e494d16e4b331d7fc483b3ae3b2e0973
SHA1d13ca61b6404902b716f7b02f0070dec7f36edbf
SHA256a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165
SHA512016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737
-
Filesize
152B
MD50764f5481d3c05f5d391a36463484b49
SHA12c96194f04e768ac9d7134bc242808e4d8aeb149
SHA256cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3
SHA512a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD554e870ead7825ab7dd5b98f3dd5566af
SHA1191710313eb4a647f4e4cfed9d3d6f91804df315
SHA256d606c9a42682f74dce486721815b0edd1cb514e3bce72ffb2058f0f116a08433
SHA512c27068e73d516e91ef8d795c05b143587f2fe4c75d7b6de5d5eb10401cd2d61bf8ca2bf5e5ad321e9a093a3129287fdc4a88fc553fe3d489e8b91008beed4ed9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD5c4d05922e46bdd9d3cc1eb77ba33b42e
SHA16f87cd09a49ef93b7eecaaac73d4d3332a2853d9
SHA2567b7a64d046f18430906aed8d33834b7315f835fb214668d82b92af23529bce9d
SHA512ac1e9f17ec4a32267acf2d32090c39ad284685618bf165483a7a3e14bc54aca546e0b1b7d4eb463c55a0ffd97e134af10df8594d3f6b7e7453dd9cf142d8c941
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD5d55a4a1db3b7b7122a6e404f92bae575
SHA114a94f68badcffc1bc887c75fd6be4c64bc703d7
SHA256f385af09907780cf5a0fd573fa902744b0b9c7e360126d863ba1f2b0a40ff07d
SHA512a26a977e5cccacabab62c97bcdf2dc8ef73edc971ecdbb421969ddaacd497811be7efa30ec23c212ca8b7f16203244ee54e56af35a90cc8e1b514d16d8beceea
-
Filesize
6KB
MD520f4543a0a5ce244122e6d7dcc2a1bce
SHA1136ee6bfd51fa7b350728ae4a857d869211a7259
SHA2560becbcda898367d6355d707b7d2741a76eacfc4dab42cdd92e2ccd85778c5151
SHA512a2fa21d5d9d76b9f996eaf8a7601b1e56b3bb88a8a8a2f88ee8690f4f911a335ba3af41c49371d2e1d4959a5fd68880aa4a6476950731c222b7e8b869fe9b499
-
Filesize
6KB
MD57a844d9e902ba297b778121788591145
SHA1cf3c9f45957ba9c797b4af3f51ece9b9ea83dbcf
SHA2566ab95b0ec2d08370ba0402e5c3865b27e4af8131267ffd81745676ce1be6561a
SHA512a31f4fb3bb74a21bc4f83b26320b7520e10fa70be4498124fb83004bdbe8119cdac3e59ec80c9028c6399523d4600be4536fcdf184c1b989cc665457ea63efba
-
Filesize
7KB
MD58ebb28462e16edfb2620247ceba8b9cb
SHA165321b0974c5c6dfdbe9237a54bdd0b3e9719883
SHA256dd02a43ce938c238dfda5d4b880285e8a47362e122b8afee8b4d6c60705aa3d5
SHA5125de4405d50b13eac52726fc005a6c1fe60f9e515ffc857c6856d325cc279715bd67daa9f5dda3bdc3b51a27cc5023163a7c83896bb13d58f3de69c5521c23283
-
Filesize
6KB
MD5ea3db61a3fc9ef7089c883113e92f65d
SHA160ccb48f4db8c7116ae014c054134ce4eef6d92c
SHA25668735e237bcac5c43590de4f27b99c45992a3de6d0d4dd6a1e8165fc51995f83
SHA5126e36ac1ebc94dd02417d4dc854a199cf04f0e32b8eec1da0695e0991569a868710aa4f938590d0bbba1e7772d854d4c927e83015ca20e8cdf2451b87ecda4b0c
-
Filesize
6KB
MD552432bbc861ed7e18fda0605f4de2a64
SHA1d69856dedce66d3ea96518d7804570be51544073
SHA256c462ddb15d6ef15eaa0ea25260fff7e32856aafb9abb5cd96e7e58bea0c2552b
SHA512ed97bce4dafbdb2e0c67d0c9dd5e4b3b8b1a1bd18afff21e3d6b866a8f353c2bb811bc5b421e5196e33e90d2eba67df4b612c766985bd71bb6531d59db707bed
-
Filesize
371B
MD514723886817bec9ae9d730a1e5a13ed1
SHA182260b286775a93c940263de6b930db8404e4708
SHA256b6358b52e3c1262b1bac611cdc94bd0211a2c7aa7e84ce5efc644d7c78ee3182
SHA5124b29a7737254851061ace1601de1e513c6e9aac29177f8f8b12a4fb8e100869ec5ca7658863a94c4f447178cd7751c7011886e04ad9cf7a90d773bda1a699bb5
-
Filesize
371B
MD5a3db6d6d04353b47cf6464387d94313a
SHA14cabcfe6c471b0580136d4758cdacc4329ee53ad
SHA256975b077b2d3d55de2127ccff523df981f8bf5af5336ea554b7ec9bb5da683f54
SHA512439a924609a1afd9641163701c314f622fb3b0be2af67c910d7023a4c8680a1f6601ed186abd5d2ecdb625bf902be7b889ae8782308dbd80d3e307b1d813b39f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5f2cd7f46d8852f369bd155db27d19109
SHA105e3e8adecd9cf135218a812f7540d27ec41dacb
SHA2565af262ba8616b78fe5fc4a066850c5add4cbd10d3f21f68e953ea03bece5e923
SHA512b66b6f78b406df944bbdcf81c5d3ee5490094f5fa6131f7ec3e0affa7f5753a303563da80bacce79a4c8dbb55cc4b724ee48a5ce5e4122c007726df442e8c30f
-
Filesize
11KB
MD50d905db7b7b88703272cfac9bc5a27d7
SHA1380fcdf59cd4f8a84e5a5c593cc22325b2b04d8d
SHA25644055f34f322536b83c8e7d2d614f15e37c0b521c6962d583298d1198a3ae98a
SHA512d04cae2a1bd7834b4d118b801e5f29c24b07612a5516937cdff8d3d199b8915cab922df10e7b77d3070952e1d902e4e7649e5481d2b6adab50f421ccd1795da0