Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
273s -
max time network
280s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27/03/2024, 22:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.pratiggo.com/
Resource
win10v2004-20240226-en
General
-
Target
https://www.pratiggo.com/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5116 msedge.exe 5116 msedge.exe 2080 msedge.exe 2080 msedge.exe 2824 identity_helper.exe 2824 identity_helper.exe 4592 msedge.exe 4592 msedge.exe 4592 msedge.exe 4592 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe 2080 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2080 wrote to memory of 5020 2080 msedge.exe 84 PID 2080 wrote to memory of 5020 2080 msedge.exe 84 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 416 2080 msedge.exe 85 PID 2080 wrote to memory of 5116 2080 msedge.exe 86 PID 2080 wrote to memory of 5116 2080 msedge.exe 86 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87 PID 2080 wrote to memory of 4620 2080 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pratiggo.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2080 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8786c46f8,0x7ff8786c4708,0x7ff8786c47182⤵PID:5020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2296,1014746966426670122,3197193070482933632,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:22⤵PID:416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2296,1014746966426670122,3197193070482933632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2296,1014746966426670122,3197193070482933632,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,1014746966426670122,3197193070482933632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,1014746966426670122,3197193070482933632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2296,1014746966426670122,3197193070482933632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:82⤵PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2296,1014746966426670122,3197193070482933632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,1014746966426670122,3197193070482933632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,1014746966426670122,3197193070482933632,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,1014746966426670122,3197193070482933632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵PID:1040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,1014746966426670122,3197193070482933632,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:12⤵PID:1132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2296,1014746966426670122,3197193070482933632,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4592
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:688
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5104
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57c6136bc98a5aedca2ea3004e9fbe67d
SHA174318d997f4c9c351eef86d040bc9b085ce1ad4f
SHA25650c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2
SHA5122d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada
-
Filesize
152B
MD55c6aef82e50d05ffc0cf52a6c6d69c91
SHA1c203efe5b45b0630fee7bd364fe7d63b769e2351
SHA256d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32
SHA51277ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5a068160a17b8e45fec2985fbd1241fe2
SHA1fff9789653af4a10bfdb36d2b90af5e815b3dc17
SHA25640633e974b1624a05eb67e7a25181c6fad05b7cd7bd9348c34cd458dd80d739d
SHA51273d48e438e4dc2b26519c8255266f31c969cf4c86f8312b3ef9fe4c21227dbc4f64ae3221cf2662c426232d4a4434e68230cb6408714e937dc0bc9d3e7144469
-
Filesize
614B
MD58437da9feac60e3c27b6c330c538cd07
SHA14b44bbb236512dbba5b831cf6da209372a66848e
SHA256f4931aafc7dce11e7394375fe3bd6803be474b3115894a281d479bb88902f3f4
SHA512a9a4f9bf7eadff53b097629330e467733d05bd774648468a09825aa138d103a497cbb97092f88f0d838c0a7526041e3d6c6a3db98defeff0df78d9366a255fd0
-
Filesize
645B
MD514b6c8c06a4cbf73a27e3de687644beb
SHA1fa93f042899fa8826694baf0bd21aee4eaf4b302
SHA2565b9e1c0cdc98becfaa035d4cbc74e53c7b97607f27f616eaee8912ac26ae0622
SHA51242163c377f5b37a48f00fdc16fd515c17ff5537d03e53c00a03e845d7b6b41fe875094b91131b2c254ffcf9a7c6e0bb63662deafc5eb0e5a1d841cfce2a78085
-
Filesize
6KB
MD57daed876b5e266f6d94b3f02c041ddb3
SHA1ac1ba644e0600b7fc1d4f9108710957744ebef73
SHA256034d2d06bbb7295bd8eb9e5468db2c0d1920997cf0afa68efc0c66d44963d8b3
SHA512db44960b43ee48cb52bd8c800ea098fe589fc976ae953f0edb6efeeed5db5edb78f0b66d15c63ca64710022cb2aec1139de787f472bb48eeafe49ba4bb06762c
-
Filesize
6KB
MD5a093ad65ffd55521a112945fecfeb424
SHA19c7d3a1be58cbdccb8ed75c6697af3fc5e85008e
SHA2568f7b1be69ff40cc5ad71256776cdd72ab48ae3b8cda39b11a52bf5b517f03a06
SHA5123b7c9a6a9c1de8c703208c3e5176e3904ed9b12b2910930fb5a76c051d2b3d9afc7c78eef824e504ab602e0cf9e7b7cd9a1bb48f09ce24c9ae4d846af8c20e21
-
Filesize
6KB
MD59b13bbd02da72dddb2c1259f27c45324
SHA1c2a4e97001169deb6787365ac41fd1542087e292
SHA256f9b9a23426bdd22f39e50bb0fe7cbe4067106aa8d58ca7c66760382882ab21cb
SHA51210f302150c42d9af94009501345f4b653abb674eb0435fe13381797413795c89e3fe192cebd76d62d6b4c6b3aa722dc82150428b431fb280b9c60365e6f7babd
-
Filesize
6KB
MD5466733ee3c6d82c6701a031635d25eb8
SHA1c1e4af43f6db72dd3bbcdf3f054e62947a3ee61d
SHA256461c4b9d02f64b7b2d2046506f679c2cd15abec41502a1cd91f8b1574747f997
SHA51258c64440122051c54e3e591281ea9e72c0623f8f07740c4eb9650272af6523bd7f1dfe94b386320703d7924073aae84fb0ccde671478b8ca2aff11b376983a54
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD545fbb76a8f3410322ab4fd77d4607a2f
SHA1271cf04765d20d01ad98f1f6402dd88349a98f52
SHA256d34537d855faa9b419769efd3ff4023b346b767a32877b3d7b8536460da6d3ba
SHA512dd2122d8a315eea40dd81f8f4e591d7ddea3b2167091b92351a7ac2483ef3a2927ff522ec66ae39b79e1a76820426b2be59b90f8ee8f3e6df3c1daf2badacf80