Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

dff7f9ebe5...f.html

windows7-x64

6

dff7f9ebe5...f.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2024, 19:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dff7f9ebe587d394b490cad9aa30b33f.html

  • Size

    68KB

  • MD5

    dff7f9ebe587d394b490cad9aa30b33f

  • SHA1

    a275fab9cb9aa0c2460644d988626d25b69003ca

  • SHA256

    7d2ffda8c4c003da44b0ddb5d4a3c755e64720bcdb20eb33715c4317fabb1163

  • SHA512

    21bae0f1350f368a00aec0984e3aae32e9422f9d69bd349402939dd1645253c1cf5ee730ff7f1e2bec7e1e34628aa798bb845ff0659c0c676ae9b9e457791b4f

  • SSDEEP

    1536:/aablmYga37vnIUpBk1II/C3CYsZmRvAQCrXQwfn5dRl/tKJzak:SablOCvzpBSzyIZm8rXxfn5dRl/tKX

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dff7f9ebe587d394b490cad9aa30b33f.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1576
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee1af46f8,0x7ffee1af4708,0x7ffee1af4718
      2⤵
        PID:1440
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
        2⤵
          PID:4744
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2284
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
          2⤵
            PID:112
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
            2⤵
              PID:684
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
              2⤵
                PID:4608
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
                2⤵
                  PID:3580
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                  2⤵
                    PID:3656
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1
                    2⤵
                      PID:2304
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
                      2⤵
                        PID:4600
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3392
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
                        2⤵
                          PID:2288
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
                          2⤵
                            PID:4448
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
                            2⤵
                              PID:5308
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
                              2⤵
                                PID:5316
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6243443031577250255,6560485295606838156,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4720 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5544
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3780
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:184

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  9ffb5f81e8eccd0963c46cbfea1abc20

                                  SHA1

                                  a02a610afd3543de215565bc488a4343bb5c1a59

                                  SHA256

                                  3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

                                  SHA512

                                  2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  e1b45169ebca0dceadb0f45697799d62

                                  SHA1

                                  803604277318898e6f5c6fb92270ca83b5609cd5

                                  SHA256

                                  4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

                                  SHA512

                                  357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
                                  Filesize

                                  20KB

                                  MD5

                                  2241efaf8a5d6561e64fa7e97dd66e78

                                  SHA1

                                  7b1f677f739c119f878cf3a31e02c2af7504bb54

                                  SHA256

                                  e1e55887f81363ce752f53f8c92a155fe041292b48148134018a0476cfd8f204

                                  SHA512

                                  78137eb3866b771554b70ce90df1354cba5990602018ca677fef64959188fb40a4c23edcb8faac9367db57d0a30cea61a52cabeec10114a1321e9488a8543178

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
                                  Filesize

                                  44KB

                                  MD5

                                  26a55dcc6250e84042b29959f5e50334

                                  SHA1

                                  fc02ef852f17b4f9ff54e7c677145809cc205759

                                  SHA256

                                  d374d2ac88b65c3b78fdb96d2c6398493dbee61549b39c3880a584d2bb1be825

                                  SHA512

                                  33db6af42c615f586b412bbfbe0b92126f91c4b80f9259ef94aeea103498cb53396e28c0e9b1c10bde0802915f8c8877c596f07a5c5c61f4a90cb1df06f67c4b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  240B

                                  MD5

                                  3b21558e7cb44a4a12ef4d0d75a0a22b

                                  SHA1

                                  9ba9d8d0fd6e87bb738276a95bc3af13cfaa487d

                                  SHA256

                                  a792cc77809ebe0b32f2bdbb710c5d22a7a698eaf12b79a36d862c58972404ec

                                  SHA512

                                  5fe3d4e48f7ec3abe49dd1129c571644d7fe8b7ee9474e96dfb8f6b8c4be874f59165a7736749520eae45975a0842d17b59777ebdd50b0f44c1e41d495447a60

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  3KB

                                  MD5

                                  6361c3d232dcc147add095c0c4d0eb7b

                                  SHA1

                                  a751bdd53867272706da1e347eb4ae3fef792cab

                                  SHA256

                                  35dc7b657d557c7191ef23fcd0565164a3abec9b21ad7888447b9ca374e5f9c2

                                  SHA512

                                  53284cb173e8839eca2d69054887723d7e3ac06b369604d82a8957a7b42c5419f539b0f8ec0a19b1043186c38b1a0e4d9635599cf43874eac8b2dce426bf5e81

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  1ab659e88261e0f85631009676695d6f

                                  SHA1

                                  791e175d99359d3b3bc91d6d6c3a7d96788baf1b

                                  SHA256

                                  9dd7f90fca436af541d40a736a0a8a01786cf1deb357906a1c799a611d73b0de

                                  SHA512

                                  34bc6504c6ffb5badd4be8a6ee4646425e6eea971b5af1ad1059d4bf8e218f068cc2c556443313ea391dce0a1a5fa6046fed3ac2dd615c86f0d904b40653a4d8

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  7KB

                                  MD5

                                  15eefec88ee4adb0eddd13b345e538f2

                                  SHA1

                                  e49fa6c71dcb6b54d61a36866cb6c5e30c5422b6

                                  SHA256

                                  090301e27cbf81fb0072b2ccab67060be9360282c4a264d068199135d2e5b82e

                                  SHA512

                                  77bdfa07233aaa432dd728fbfc46f63deffe5c5481cb8b57db6699f749b94b95abed0a3686d939c6c562314f78684a5dc1ee467d045ede06b27b3e3006d3309b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  7KB

                                  MD5

                                  954a54bd1c67f3d4a7757c42878f8c48

                                  SHA1

                                  5622851e7df5c8fe7b971f28ae155b7e53392f02

                                  SHA256

                                  4656357229f4c0e9e974c6f060f5dc2596f632ff5f087e8f3490567f052d3b13

                                  SHA512

                                  bf6a8deee68fbed3cc083a9400011e6690de28d6fd8cc2307badff5e6413b6e826165f1f3ec4a3a398652e17fa3ff095702ad79d67e887059ba0e130e054eeb1

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  2a96e29512153474077630170aa50124

                                  SHA1

                                  cdd8978486cff848443087babc5789318c06d120

                                  SHA256

                                  4772efadb635b2aa0d093741ed9679b67562a8a42b4fbd7d758850f821f2ba87

                                  SHA512

                                  0d933d10f52397622334a4137fac84fc3107b044b6ed9615a29ad14cc0b7e292e3dd71d0f99da80c7425efcad086cc6a9391c2a20037907210f7bb25c4582515

                                  Download Submit