Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
57s -
max time network
63s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27/03/2024, 09:42
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://attachments.office.net/owa/[email protected]/service.svc/s/GetFileAttachment?id=AAkALgAAAAAAHYQDEapmEc2byACqAC%2fEWg0AxPs3MAxWl0iXP9MnLfhqGwACAKAafAAAARIAEACM%2b7yAD1PTQ6dBS7EgT6v0&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbTo0NDQiLCJ1YyI6IjllODgzZmRhNDdhNzQyZDFiMDM2ZmQ2MTdmN2UxNDNiIiwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEA3NDMzYmVmMy0zYjFjLTQwOWYtYTZmMS0wNDlkMTI2YjIxZGUiLCJpc3NyaW5nIjoiU0lQIiwiYXBwY3R4Ijoie1wibXNleGNocHJvdFwiOlwib3dhXCIsXCJwdWlkXCI6XCIxMDAzMjAwMUQ2RjNDOEE0XCIsXCJzY29wZVwiOlwiT3dhRG93bmxvYWRcIixcIm9pZFwiOlwiN2JmYmQ4ODUtOTQ4OS00MjY3LWE3MTMtYjFkMGY4ZmQxNmMwXCIsXCJwcmltYXJ5c2lkXCI6XCJTLTEtNS0yMS00MDA2NzM0MDc5LTM2MDc3NjE5Ni05MjYxODQ5NC0xOTEwMDQyNFwifSIsIm5iZiI6MTcxMTUzMjQ0OSwiZXhwIjoxNzExNTMzMDQ5LCJpc3MiOiIwMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBANzQzM2JlZjMtM2IxYy00MDlmLWE2ZjEtMDQ5ZDEyNmIyMWRlIiwiYXVkIjoiMDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwL2F0dGFjaG1lbnRzLm9mZmljZS5uZXRANzQzM2JlZjMtM2IxYy00MDlmLWE2ZjEtMDQ5ZDEyNmIyMWRlIiwiaGFwcCI6Im93YSJ9.II9xiMxs5LFosLAbmlOVErXu8LMdQ7ERvX71DGNtzY9PF8yx16EZ62gnJ55aWN-UzgL4Y9jC9leJD04w1I0zGPSyKWYnigWrIV502huAGole7gmp7F7mYa7LrIAVbU6tjng23l1YaJ8mAMBQpegjR3Ol7t4Qw1nG2GgeGt8SlYLpnajJaksvS80Ltlzx3ysovtGM-jSxcKmFEE00nsjCumx8xfy8yYqP4Bxk9t4Hoo_E8MWu88QqV7xg_00ipazS5hXyyIl8cE6h8opyID2clZKU10bEoMD0rd61tW7M3vRNCaMpja4uA3yNMo59bN6InruBTkXiciYp79wkiCpOHw&scenario=LegacyRedirect
Resource
win10v2004-20240226-en
General
-
Target
https://attachments.office.net/owa/[email protected]/service.svc/s/GetFileAttachment?id=AAkALgAAAAAAHYQDEapmEc2byACqAC%2fEWg0AxPs3MAxWl0iXP9MnLfhqGwACAKAafAAAARIAEACM%2b7yAD1PTQ6dBS7EgT6v0&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbTo0NDQiLCJ1YyI6IjllODgzZmRhNDdhNzQyZDFiMDM2ZmQ2MTdmN2UxNDNiIiwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEA3NDMzYmVmMy0zYjFjLTQwOWYtYTZmMS0wNDlkMTI2YjIxZGUiLCJpc3NyaW5nIjoiU0lQIiwiYXBwY3R4Ijoie1wibXNleGNocHJvdFwiOlwib3dhXCIsXCJwdWlkXCI6XCIxMDAzMjAwMUQ2RjNDOEE0XCIsXCJzY29wZVwiOlwiT3dhRG93bmxvYWRcIixcIm9pZFwiOlwiN2JmYmQ4ODUtOTQ4OS00MjY3LWE3MTMtYjFkMGY4ZmQxNmMwXCIsXCJwcmltYXJ5c2lkXCI6XCJTLTEtNS0yMS00MDA2NzM0MDc5LTM2MDc3NjE5Ni05MjYxODQ5NC0xOTEwMDQyNFwifSIsIm5iZiI6MTcxMTUzMjQ0OSwiZXhwIjoxNzExNTMzMDQ5LCJpc3MiOiIwMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBANzQzM2JlZjMtM2IxYy00MDlmLWE2ZjEtMDQ5ZDEyNmIyMWRlIiwiYXVkIjoiMDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwL2F0dGFjaG1lbnRzLm9mZmljZS5uZXRANzQzM2JlZjMtM2IxYy00MDlmLWE2ZjEtMDQ5ZDEyNmIyMWRlIiwiaGFwcCI6Im93YSJ9.II9xiMxs5LFosLAbmlOVErXu8LMdQ7ERvX71DGNtzY9PF8yx16EZ62gnJ55aWN-UzgL4Y9jC9leJD04w1I0zGPSyKWYnigWrIV502huAGole7gmp7F7mYa7LrIAVbU6tjng23l1YaJ8mAMBQpegjR3Ol7t4Qw1nG2GgeGt8SlYLpnajJaksvS80Ltlzx3ysovtGM-jSxcKmFEE00nsjCumx8xfy8yYqP4Bxk9t4Hoo_E8MWu88QqV7xg_00ipazS5hXyyIl8cE6h8opyID2clZKU10bEoMD0rd61tW7M3vRNCaMpja4uA3yNMo59bN6InruBTkXiciYp79wkiCpOHw&scenario=LegacyRedirect
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-513485977-2495024337-1260977654-1000\{844770B9-6658-48FF-816C-FD207F9AD66C} msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3384 msedge.exe 3384 msedge.exe 5032 msedge.exe 5032 msedge.exe 4932 identity_helper.exe 4932 identity_helper.exe 944 msedge.exe 944 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5032 wrote to memory of 2360 5032 msedge.exe 86 PID 5032 wrote to memory of 2360 5032 msedge.exe 86 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 4164 5032 msedge.exe 87 PID 5032 wrote to memory of 3384 5032 msedge.exe 88 PID 5032 wrote to memory of 3384 5032 msedge.exe 88 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89 PID 5032 wrote to memory of 4380 5032 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://attachments.office.net/owa/[email protected]/service.svc/s/GetFileAttachment?id=AAkALgAAAAAAHYQDEapmEc2byACqAC%2fEWg0AxPs3MAxWl0iXP9MnLfhqGwACAKAafAAAARIAEACM%2b7yAD1PTQ6dBS7EgT6v0&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbTo0NDQiLCJ1YyI6IjllODgzZmRhNDdhNzQyZDFiMDM2ZmQ2MTdmN2UxNDNiIiwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEA3NDMzYmVmMy0zYjFjLTQwOWYtYTZmMS0wNDlkMTI2YjIxZGUiLCJpc3NyaW5nIjoiU0lQIiwiYXBwY3R4Ijoie1wibXNleGNocHJvdFwiOlwib3dhXCIsXCJwdWlkXCI6XCIxMDAzMjAwMUQ2RjNDOEE0XCIsXCJzY29wZVwiOlwiT3dhRG93bmxvYWRcIixcIm9pZFwiOlwiN2JmYmQ4ODUtOTQ4OS00MjY3LWE3MTMtYjFkMGY4ZmQxNmMwXCIsXCJwcmltYXJ5c2lkXCI6XCJTLTEtNS0yMS00MDA2NzM0MDc5LTM2MDc3NjE5Ni05MjYxODQ5NC0xOTEwMDQyNFwifSIsIm5iZiI6MTcxMTUzMjQ0OSwiZXhwIjoxNzExNTMzMDQ5LCJpc3MiOiIwMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBANzQzM2JlZjMtM2IxYy00MDlmLWE2ZjEtMDQ5ZDEyNmIyMWRlIiwiYXVkIjoiMDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwL2F0dGFjaG1lbnRzLm9mZmljZS5uZXRANzQzM2JlZjMtM2IxYy00MDlmLWE2ZjEtMDQ5ZDEyNmIyMWRlIiwiaGFwcCI6Im93YSJ9.II9xiMxs5LFosLAbmlOVErXu8LMdQ7ERvX71DGNtzY9PF8yx16EZ62gnJ55aWN-UzgL4Y9jC9leJD04w1I0zGPSyKWYnigWrIV502huAGole7gmp7F7mYa7LrIAVbU6tjng23l1YaJ8mAMBQpegjR3Ol7t4Qw1nG2GgeGt8SlYLpnajJaksvS80Ltlzx3ysovtGM-jSxcKmFEE00nsjCumx8xfy8yYqP4Bxk9t4Hoo_E8MWu88QqV7xg_00ipazS5hXyyIl8cE6h8opyID2clZKU10bEoMD0rd61tW7M3vRNCaMpja4uA3yNMo59bN6InruBTkXiciYp79wkiCpOHw&scenario=LegacyRedirect1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc865146f8,0x7ffc86514708,0x7ffc865147182⤵PID:2360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:22⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:1768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:82⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:12⤵PID:4256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:12⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6048 /prefetch:82⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6088 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:1464
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2820
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2092
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57c6136bc98a5aedca2ea3004e9fbe67d
SHA174318d997f4c9c351eef86d040bc9b085ce1ad4f
SHA25650c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2
SHA5122d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada
-
Filesize
152B
MD55c6aef82e50d05ffc0cf52a6c6d69c91
SHA1c203efe5b45b0630fee7bd364fe7d63b769e2351
SHA256d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32
SHA51277ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD58b86575310c2382ae6e7fd50f3ea682c
SHA187901daae1cf0dfc44343aa2ccef0c1b5aa12fc3
SHA25691bd51897b20b255a7720b48305ec0773be16bff4022d80f7f76fd67d76c60f1
SHA512d33823caf64ab2a9a2f3b912a23fae1a4703115df961289beb846c30d2806e446f3dfb02f1b50d95fb2e324c3deee70c5753228211c6ab7710c9f336557d4232
-
Filesize
6KB
MD55cdb90e6cd53a83ae7aec06e179f33c2
SHA11b0b3ca51eeb2837280f0695c51768ddb3a23979
SHA25644fbeb04222636c2afc70a8d23f54ececce11137f478ddda405a5940da88f4b7
SHA512f7cb3635ef6be01cb6bc7bddd50ac8d7e9cb8c4f7f93cbbc93efbb6003f767afc79812a9ec762bca39e398e13db9815145d84ca1837a3acafea0c508c41fb672
-
Filesize
6KB
MD5d5a956dc4075f311dc79365a819f6a12
SHA100aafeec82f02d8e4c50ab9ca20fd20b62b44d3d
SHA256e6c1321bd0fcabf503a74221c15e05355dbb9353694d0518f18287b505064e53
SHA512db3412cb5e519cda502859651101fa7ba68da7ca849141e6490f79b09755e6747b749d7a730630f6083310ac8f5810fe593f0e390c960e7105688b8a0f9259b3
-
Filesize
370B
MD5db587a260cc36c3b10ce0436bba0c49e
SHA1d591fab5e36c81c52bfe62d416e18ff10adc3e32
SHA256429aff77f95c69266c899952736e88f41dfae013ff8f945407c30eea3abcb619
SHA512de824fb925c7d10dd71d6fac1d92b4cb754642a677f53355bc176c28ebf76049a799a5937a3da22592663507d20cdec7718a3ec7e82bca55ebe160fd41309cb7
-
Filesize
370B
MD5d5ee6a10596a351b3f825cfb85dc9015
SHA125df989ddc752cdc3b60a3e2dc7618f24ed77922
SHA2563f0338db8a4468a3a080115b38582c92f3415edd84811d3c0c5e2f8f7185f9ed
SHA5127c7de67137246a46b1fb8f06676c77919b505b64a1868c3de5f028729600394c69d122c9602a517c34ce40413e5840a11fcbafb52a348acaeda66d21fa7e614c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a259f820a2c5b51083e642c1e739d794
SHA1f4cf5a5bc37fcbb30deb457bb11f7665f36f99ad
SHA25665ce859b73e21480bc6f796e8c6811c15281b3ba703ea6074c53136a1a840b7b
SHA51235d1f19a291c2ed126a5e6e6e9872f901fe8425bcb5b2336bc3bc71aa8c38ff789d62855a69fc8e2aed690e0c26dbcf62d2989af3a2ae9515251a45b4cccc5a7