Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
25/03/2024, 16:29
Static task
static1
Behavioral task
behavioral1
Sample
de7201dfa162098e782d47085f317edd.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
de7201dfa162098e782d47085f317edd.html
Resource
win10v2004-20240226-en
General
-
Target
de7201dfa162098e782d47085f317edd.html
-
Size
3.5MB
-
MD5
de7201dfa162098e782d47085f317edd
-
SHA1
c86183ed1bd5f59077e5812d58a7b81bcf095ac7
-
SHA256
f9f50f3be1b6fb706f196e1f00240030825ce1d2f68e7f51e131a33287bd7b75
-
SHA512
699191c78a230b91bcaa8113f08d93bfe421a64c0b272e22df9a91efd5e28e2020e4b62dfb7d97815b3089a025f07e2356b1ef47487e8658c3422a65d1569768
-
SSDEEP
12288:jLZhBE6ffVfitmg11tmg1P16bf7axluxOT6NAK:jvQjte4tT62K
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 868 msedge.exe 868 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 824 identity_helper.exe 824 identity_helper.exe 6052 msedge.exe 6052 msedge.exe 6052 msedge.exe 6052 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4360 wrote to memory of 1632 4360 msedge.exe 87 PID 4360 wrote to memory of 1632 4360 msedge.exe 87 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 4772 4360 msedge.exe 88 PID 4360 wrote to memory of 868 4360 msedge.exe 89 PID 4360 wrote to memory of 868 4360 msedge.exe 89 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90 PID 4360 wrote to memory of 1844 4360 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de7201dfa162098e782d47085f317edd.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4360 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8784446f8,0x7ff878444708,0x7ff8784447182⤵PID:1632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:82⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:12⤵PID:3276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:4064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵PID:3988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6052
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3832
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1432
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57c6136bc98a5aedca2ea3004e9fbe67d
SHA174318d997f4c9c351eef86d040bc9b085ce1ad4f
SHA25650c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2
SHA5122d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada
-
Filesize
152B
MD55c6aef82e50d05ffc0cf52a6c6d69c91
SHA1c203efe5b45b0630fee7bd364fe7d63b769e2351
SHA256d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32
SHA51277ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed
-
Filesize
981B
MD5e023b3043e32a3cd8fa460b26abdf364
SHA1beeb114bad88032c6de7c87e7f6a3b68bb07a01a
SHA25626b4bd5a14a70800982249375df785a3fc679027e0450b51d91cab4675ec6fa5
SHA512164ab304f88fe63e8e486d746c6d9bde88641abc2d46499d1f21280be9e06ab30cf7498b1cb34fcd280241ce5da2be41f21b1ee27153f1597205e3a471654883
-
Filesize
6KB
MD586fb50a8ae83300a4a960784619da391
SHA1578bdeff6590fdbbb964dc3bf889d84b7f8c1931
SHA25637db596eded751070a92ced8f1449e6d190e1c381926650c7d352f22326a6986
SHA51240c79672cd65de709bef134451b234dbfff8bb54e6e16ee324beb7cb4f5b981f95dd4efb662c3e24388d27b431a88f373a210ff81962c688edf2588169c9049d
-
Filesize
6KB
MD5440bcda68be7f40e37eacebddaf12da0
SHA164b36e92491a4339b3208f91a12b05957c0573ea
SHA25615ba9ae444645353d6fc4a43463116584c86f4197ed130d051a730a42a96cbaa
SHA51263b25087491025dcf4dbd05579a6fc11da058512393d9cae72aaee230670088ed34c5156952ddaf17111a2ec4e346924054fd15d42b9ce95d620b06bd8a8eb23
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD57f22d674e8129119cee420a42cbb99e8
SHA186975605d35189b0a283ccd976374552e541a4ac
SHA256ba7f58c70cacd3b8d308cd21addd71fa0e344639094a4db2392ef8967f20e888
SHA512ac6d31698d3469b9480da7c807cfaf72883dee21e37b1caeba6470e2691f1d83c602e12f5cc342a10b64116cb8bbae14724b5755d8eb5ae243fed065299dcaf5