Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
174s -
max time network
180s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
26/03/2024, 22:21
Static task
static1
Behavioral task
behavioral1
Sample
e03bd064df655fdb6ef524ee115570a3.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e03bd064df655fdb6ef524ee115570a3.html
Resource
win10v2004-20240226-en
General
-
Target
e03bd064df655fdb6ef524ee115570a3.html
-
Size
30KB
-
MD5
e03bd064df655fdb6ef524ee115570a3
-
SHA1
e5d5b1141bf6954d08793289f56b7ac7e61939b8
-
SHA256
a8bc0978cb650de58e6d73194a6055f64632365f60b94974bda66000088a0cfe
-
SHA512
774a47ac2dd15c3628f3ba9ada7f79a3585f0b004762bd9742f3dba1e9863656352bd0165c78d974505715e98886c68ba05755f02055d445f1edae496ba7a26b
-
SSDEEP
768:G9PMFnY6IT4HrzMrKOyg+MSrsqLe8hpvxL:OPMFnY6IT4HrzMrxybMmsqL9hpvxL
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2844 msedge.exe 2844 msedge.exe 2756 msedge.exe 2756 msedge.exe 4404 identity_helper.exe 4404 identity_helper.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe 2756 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2756 wrote to memory of 3376 2756 msedge.exe 87 PID 2756 wrote to memory of 3376 2756 msedge.exe 87 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2172 2756 msedge.exe 88 PID 2756 wrote to memory of 2844 2756 msedge.exe 89 PID 2756 wrote to memory of 2844 2756 msedge.exe 89 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90 PID 2756 wrote to memory of 1248 2756 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e03bd064df655fdb6ef524ee115570a3.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2756 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfe0946f8,0x7ffcfe094708,0x7ffcfe0947182⤵PID:3376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:2172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵PID:1248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:82⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵PID:3100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:1976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:12⤵PID:2380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3260 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1440
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1672
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1260
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD536bb45cb1262fcfcab1e3e7960784eaa
SHA1ab0e15841b027632c9e1b0a47d3dec42162fc637
SHA2567c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae
SHA51202c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456
-
Filesize
152B
MD51e3dc6a82a2cb341f7c9feeaf53f466f
SHA1915decb72e1f86e14114f14ac9bfd9ba198fdfce
SHA256a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c
SHA5120a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a
-
Filesize
516B
MD5a17829a179504c4c70b6c3077d2dcafb
SHA1049dd78722aefd2cf983d78f8bdae1e306cd8d8a
SHA25680da12cd4f562cf5a802186a4626122b6d2da48465d70525e8c70a3065029635
SHA5126f9c44573ef4749b21761691b714a20343a77740d4f4a240dd1011327391b23d698562751df3d7f9cdccb4bffc1153582b077c68d26199665881eb004c7da7b3
-
Filesize
6KB
MD59dcd765cfc8b98f14fef47992a6d04cd
SHA17c0e8e9551f0cb9780cdbb9962132012034c12b9
SHA2568885df9728025481fffbe6b731b6e6a5d3ff1bda7fda088fafd2dfe55cf3b43c
SHA512814b7adba3e4db92c59b6c70aa9ae4cb65d4c8a980264de8b5a6dcdfe7cc082177ef67899239c8138f020d1c376a5c69de9b5349556a308dbe73949618bf4d9e
-
Filesize
6KB
MD5eb95defef68a2ad982d46fbbfa017ad1
SHA1a6d2b9423d2f12da46f6e51a461dea2a0d57d946
SHA25668ed4fbd5745b9fdc7052f72314379576829390f7ad4634d72ed563a364e1669
SHA512b39fcc4c65cb82958d208bfd42d5ea5a7748eb9a80bb95425b2e5a0c9be56e280f61b4e1625c081842856ee7ef8798c9c181a4a141df3ed5368b66b45d3f4e4f
-
Filesize
6KB
MD5fa3b7a340c323ecd23c5766c4edaa99b
SHA1f333d8dadd134ed0d4068144450f3b594fd861a9
SHA256813438e4efd6d9a61bf819d9b057c3cef41236c6570f4a9da23c81e55dfc3d39
SHA512c1859360e74924592faafb6a9c5c24a8f2ad8783ccc2a6be9282cf42c2d1b71b199303800dd226d46c39d9e3d4ff46661a1aaa45c0d13b978df61911c6b72928
-
Filesize
370B
MD53c1e96f2b486fa2b7795e80856e0bd50
SHA16c7127aaa3f1757d8b829456ab98f71af4288e69
SHA256698a9eb4976ffcc559a5b039934e55f76ff13cce639dc0e55121509d79cf7361
SHA51249f71da33f463b52d2881c23815c65b6a94fe17843056fdaf1a565043267ad86819cb35207ae84506466c8aa4229f9a18bab6e1194e81eda21998581784fd27e
-
Filesize
203B
MD5a0640e558324a8f9606479fd9e7badeb
SHA186f23583a2c6dd4a7137bb350d689d3625e432b1
SHA256af845eb52f45090823a21340e98c11c39ba24eec8131b8a52c8508f68ba0cd03
SHA51272a317e294ad8625bb922b9c5cff1845b082f9b1bc0eed321467cd5881d1968dd7d0fe9a852b7f456b6ac84fe6e4937b667fe45951009b973922360cbfc3a498
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ed5f41298af6bc7b78b55dac2125f313
SHA1b1cefd7262a60e741e5f08e418cfc1874e1c85d1
SHA256d4c5511109fc4291d71e6b10f6f9158644fc75f0771387bd619a7c5a32dd41ae
SHA5121858b809dbfa7cf5a1e3e5f70128b060358125d6c8d1f97535845420dfe83164032cbc1406476e01cb4f744af488b7305b4b5a9723ce98428e09fa7ae42e9179
-
Filesize
11KB
MD5dd3484f1bb60f6a4ffb0714ca4d87be9
SHA1ae1ee8cbda0cc75046f62ac6707f13cd04c649a6
SHA256a9e1f7bf381c5db04879e9a3269056a1870b684806a9bdacc1dbbe8acda9f5aa
SHA512d7a0dde6c9c3f17ab380eb9ca18ad299b7f80adef56a4e86bc0eff664b9ef9f30fea881bdbebf4d95f6cc55c36b2c035f1c5d992d2df55933325c6e28235398f