Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1172s -
max time network
1174s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
27/03/2024, 14:20
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://bertons-faure-berton-fr.jimdosite.com/
Resource
win11-20240221-en
General
-
Target
https://bertons-faure-berton-fr.jimdosite.com/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
pid Process 2444 msedge.exe 2444 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 3124 identity_helper.exe 3124 identity_helper.exe 2316 msedge.exe 2316 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe 2456 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1632 wrote to memory of 3460 1632 msedge.exe 77 PID 1632 wrote to memory of 3460 1632 msedge.exe 77 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2676 1632 msedge.exe 78 PID 1632 wrote to memory of 2444 1632 msedge.exe 79 PID 1632 wrote to memory of 2444 1632 msedge.exe 79 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80 PID 1632 wrote to memory of 1420 1632 msedge.exe 80
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bertons-faure-berton-fr.jimdosite.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef2a63cb8,0x7ffef2a63cc8,0x7ffef2a63cd82⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,5264729346824190738,4930333716860783464,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:22⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,5264729346824190738,4930333716860783464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,5264729346824190738,4930333716860783464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:82⤵PID:1420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5264729346824190738,4930333716860783464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:1864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5264729346824190738,4930333716860783464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,5264729346824190738,4930333716860783464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5264729346824190738,4930333716860783464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:1292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5264729346824190738,4930333716860783464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:72
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,5264729346824190738,4930333716860783464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5264729346824190738,4930333716860783464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:3752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5264729346824190738,4930333716860783464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:2064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,5264729346824190738,4930333716860783464,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5220 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2456
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2152
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2024
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d459a8c16562fb3f4b1d7cadaca620aa
SHA17810bf83e8c362e0c69298e8c16964ed48a90d3a
SHA256fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a
SHA51235cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f
-
Filesize
152B
MD5656bb397c72d15efa159441f116440a6
SHA15b57747d6fdd99160af6d3e580114dbbd351921f
SHA256770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab
SHA5125923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD556af204315d17f6fbe398ee1ea318812
SHA1504610b2b574321bee34969badf62f8254a09b99
SHA256ceaad25f125dc901120c4d54263c07ddaac50f1630f8ffa0b6c73aa2524f0acd
SHA51243bb76b19b0660702c42450c32ff47c1941f883efe016f1b9c40b84b833850b18e3cbb24a22a92edb9ce33fb63bcf1cb34a6b3ad9a2dcce11818ca8b88dcb699
-
Filesize
391B
MD53c1924b6bc258e01cf6b1a3df700b4cd
SHA1f4009babac3b3c7aeef53df44d0e10cf70df4171
SHA256d238860ad4d5792a56bb450f286c090fbdbfb701978dbbdc2995b3f65621b2d7
SHA512042386551b31d1dec9e5c56b993791b80c70802735b78f7035a143005ac12b05de8505d76d04f1f5307943fff4634bf66827e683ac56d8290cee8acc11f830ef
-
Filesize
5KB
MD59fcad1600b6af2ff9c8c7d5a0b90d160
SHA15db200a5ab0c6e7f847957579f0392b1f42ed180
SHA25654e6c32c79a4fcf3e1698157903e8ad739a524a59fac2f92806a0e09e53fbd40
SHA512ad6d182ea74ef683adf5ec2fdf7dfd63faddd6f854a4d6b1cc88a919086d3c89713ab7697b4e11650a69ecaa2bfa4e29c03ec93fdbb8ceea63a65003754cdca4
-
Filesize
6KB
MD593eff731a5ea7f7638746a22e1c04d89
SHA18aeb016bb361e4b7e80ba33df7b7c167b87fd677
SHA256553de0e153a1a0ec2451a5f0d1597a7bfb2b4604b1a5108adbb0b3013dc2fc45
SHA5127d2b9f9682ec1262a242177cb9049dabadf4f8ff03cd2274cb0c53251be55951fe0378302605eab5ca8ebcb687fdd7d97559d66c34963e182f8ebfef37b598a0
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD5d9cce1c1d5c2daab5ccdea4199c41ef0
SHA19b23a100b6253ebb920c67aacc29fd4a1100b415
SHA256175c277acd61a9587c84076601a1a9dd1645c2e0619d74bf04ee3465c78573fc
SHA512d5afd38f5659511117a10400d3c648bbdceda366f5d3a4e8a517d1012c928d9b110eb541e83b0e63063dcc3f93bbeac0a7a066128c0a39945e7809fd0b4c5945
-
Filesize
11KB
MD5a34e58a27f88435349278c726b120704
SHA114b9213db64892aed35f750417f4a3d40598f522
SHA25656f2dc9aeff5371683983609d6bd636b988d06f385d665ae4e716006a6f8de40
SHA512804223e9b0c2c0d7843a318e11dedc237aaba2081037fd1fbe3d84190ea5a8dd12c3b2f0224bbfd6a7dbcbf3a22c88696c719f2742ec47057de40af72a7330ed