Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
26/03/2024, 17:47
Static task
static1
Behavioral task
behavioral1
Sample
dfbffa915d5f485cf4b3028f136c4fc6.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
dfbffa915d5f485cf4b3028f136c4fc6.html
Resource
win10v2004-20240226-en
General
-
Target
dfbffa915d5f485cf4b3028f136c4fc6.html
-
Size
3.5MB
-
MD5
dfbffa915d5f485cf4b3028f136c4fc6
-
SHA1
e1a05c7bc562d7d0855b15557b1c332d7da6c309
-
SHA256
0f9f8b848c3d0f7fa925d1541aab42f58566d5e82def3bee35c5dfa4f1b09855
-
SHA512
eec0956e09a7046db3d6f0070ae97c413df873db0adf1e4236b5fe3a4f636144dd9737e058b28b44b92bfb2f56c8753b367f4e130d0556d825c7022efe259968
-
SSDEEP
12288:jLZhBE6ffVfitmg11tmg1P16bf7axluxOT6NAG:jvQjte4tT62G
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 436 msedge.exe 436 msedge.exe 832 msedge.exe 832 msedge.exe 4784 identity_helper.exe 4784 identity_helper.exe 5756 msedge.exe 5756 msedge.exe 5756 msedge.exe 5756 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe 832 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 832 wrote to memory of 3364 832 msedge.exe 88 PID 832 wrote to memory of 3364 832 msedge.exe 88 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 872 832 msedge.exe 90 PID 832 wrote to memory of 436 832 msedge.exe 91 PID 832 wrote to memory of 436 832 msedge.exe 91 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92 PID 832 wrote to memory of 2960 832 msedge.exe 92
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dfbffa915d5f485cf4b3028f136c4fc6.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:832 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffad3d046f8,0x7ffad3d04708,0x7ffad3d047182⤵PID:3364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1516643760713366459,9930537651903861852,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,1516643760713366459,9930537651903861852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,1516643760713366459,9930537651903861852,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵PID:2960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1516643760713366459,9930537651903861852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1516643760713366459,9930537651903861852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1516643760713366459,9930537651903861852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:82⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1516643760713366459,9930537651903861852,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1516643760713366459,9930537651903861852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1516643760713366459,9930537651903861852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1516643760713366459,9930537651903861852,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵PID:5256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1516643760713366459,9930537651903861852,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:5264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1516643760713366459,9930537651903861852,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5756
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1128
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:668
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
Filesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
Filesize
981B
MD5ac46d8d0f405ac4bd717a31819c4d88d
SHA1b6a9431b0748041621517fd367eafa5944fbcbf1
SHA2562b979504d2d3ba54f640c078cdf764d271f8336510b6300f8160666d0cac3564
SHA5128ead13dd6f07a9267b42d6b6d0cb487a9782c87167c76169fc777053fd98d41c88f9f6b9b1bc3c0d50862f08456fbbf0cef05a4a176d54f7f52846e4dd786981
-
Filesize
6KB
MD58f04393f4b6e6754d35a826ae8d8e4ca
SHA187a1fbb4a71145b1b861e073f37372984cb5803c
SHA25603ccf50284c883c71ca8166caed41a7db44e9c64ab54d78d0720199e7abc0c4c
SHA5126a52ebae07acfd65a3e0a6fcbf49cb5c8df044ab4ba33dabd834fea416bc05e5793450bcead3a03d5bda312e3271462d51cd5646208356c78ebfb0de3fd5ab1c
-
Filesize
6KB
MD53a6c875a6c48f966bd5cf939526a8fd9
SHA1753dea70e4638a5bea59186c5f414beab307b845
SHA256c494c4aca0229381bd977c163c4322250da7ce28751b7e74b28d07222cb03f2a
SHA512f2176bac7b3daccf386ae7734e874eb96fb8c21bc48cc6cf949173577293ad2c9bcf181d9199a8b086c3c70f3ee8cf6739ebe0cb955e6cb62f08f36ff3b956aa
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD588507a60b2c35fda1e7ce01f5b1b1dc5
SHA152817efa5b838b9da9aa37dec289c61feae7c346
SHA2565c900122da46eca9165bd55454d7eca5585f61ef152e93a8b024a54f1f13fdef
SHA512a23ab8c5f7f7c6bf06cc04b3eb1dbaa97457f0fe2b103f0c5b66c4a1266b143afeec2361aa71942e79b312ff3f18354bdaa55fb88e7803856ab17994654103d7