Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://google.com/ma...

windows11-21h2-x64

Analysis

  • max time kernel
    116s
  • max time network
    128s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05/04/2024, 02:19

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    http://google.com/malware

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 59 IoCs
  • Suspicious use of SendNotifyMessage 28 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com/malware
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1880
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdfc2d3cb8,0x7ffdfc2d3cc8,0x7ffdfc2d3cd8
      2⤵
        PID:4568
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,6433421327552455349,11307934146415895019,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
        2⤵
          PID:1424
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,6433421327552455349,11307934146415895019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:5044
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,6433421327552455349,11307934146415895019,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
          2⤵
            PID:4992
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6433421327552455349,11307934146415895019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
            2⤵
              PID:4520
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6433421327552455349,11307934146415895019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:5064
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,6433421327552455349,11307934146415895019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:1056
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,6433421327552455349,11307934146415895019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4332
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:340
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:672
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                  1⤵
                    PID:3616
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
                    1⤵
                      PID:1948
                    • C:\Windows\system32\LogonUI.exe
                      "LogonUI.exe" /flags:0x4 /state0:0xa3a2c055 /state1:0x41c64e6d
                      1⤵
                      • Modifies data under HKEY_USERS
                      • Suspicious use of SetWindowsHookEx
                      PID:1960

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                      Filesize

                      152B

                      MD5

                      caaacbd78b8e7ebc636ff19241b2b13d

                      SHA1

                      4435edc68c0594ebb8b0aa84b769d566ad913bc8

                      SHA256

                      989cc6f5cdc43f7bac8f6bc10624a47d46cbc366c671c495c6900eabc5276f7a

                      SHA512

                      c668a938bef9bbe432af676004beb1ae9c06f1ba2f154d1973e691a892cb39c345b12265b5996127efff3258ebba333847df09238f69e95f2f35879b5db7b7fc

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                      Filesize

                      152B

                      MD5

                      7c194bbd45fc5d3714e8db77e01ac25a

                      SHA1

                      e758434417035cccc8891d516854afb4141dd72a

                      SHA256

                      253f8f4a60bdf1763526998865311c1f02085388892f14e94f858c50bf6e53c3

                      SHA512

                      aca42768dcc4334e49cd6295bd563c797b11523f4405cd5b4aeb41dec9379d155ae241ce937ec55063ecbf82136154e4dc5065afb78d18b42af86829bac6900d

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4921dce0-5665-45db-bf49-41c4fe518c7d.tmp
                      Filesize

                      303B

                      MD5

                      f5b80ac1559f5f5838bec6699b198920

                      SHA1

                      a86fa1011dfd2c37c682820696420041aacb9c12

                      SHA256

                      032d43f6705e455bc06570ea03390ab724132b91f3e59a5828da1bd5a3ceb508

                      SHA512

                      0a1eb17b94be42af0cb6885d1b42f04b6476d184d5b1349a5410825fda86a6e42f58817f795769588b26608f662f27f585bc0346c63c72238bfa35dcb4c3e148

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                      Filesize

                      5KB

                      MD5

                      c9ccd4167b720e27496c776f64fa59a8

                      SHA1

                      fbd1f922cb7a4b3c18b8f4db072163de722c0cd0

                      SHA256

                      297114700e659b7051fc82423dd397e74e8e2f2c1050fcec3c136df5b66a6a16

                      SHA512

                      8c0283a344f0d912f73e3a8492970a76c4a98b9a8a1d0a62f1cfa06a7af42494f4ca28143c5fd69a17ce7699379bc278ab9f5e1a839a7eee6f66c7000cd28b2e

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                      Filesize

                      6KB

                      MD5

                      feea9a7ad2923097d78bfc7d4de34a65

                      SHA1

                      06760e59284ed18ed4b7b0d3aba83c27f6b17890

                      SHA256

                      f3eff8cc71a9a12279e5c06cef70bef6efccc9aba3f692e0f060feac8981bfd1

                      SHA512

                      159e9e3bddf9809cff9e135a27ca68b066ab2b2a904177f4e68aabcf93e0885177a30c49b80ebdddca75f432d25a036f126989460ecbaaebe6b69cb3049fcfde

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                      Filesize

                      6KB

                      MD5

                      2d2179680655fad0368fbd43e554889c

                      SHA1

                      601b16540e4b60de69a05427eddcc7dfc6390271

                      SHA256

                      9d9ed3356d9c67b22138b78ba2ac7daf19e371d0ea31c0b9c21ba62049e3151e

                      SHA512

                      e10f670474567811b3fcf06c45b0f61c891601cb556e00551635cb1edd25e22685362e6ce0980c08b7e15e818cd794cd8404702ab47d0a1a6635b6ffe32da94e

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                      Filesize

                      16B

                      MD5

                      46295cac801e5d4857d09837238a6394

                      SHA1

                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                      SHA256

                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                      SHA512

                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                      Filesize

                      16B

                      MD5

                      206702161f94c5cd39fadd03f4014d98

                      SHA1

                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                      SHA256

                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                      SHA512

                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                      Filesize

                      11KB

                      MD5

                      a65d5bc01df036e5ee3f804444a3e4d2

                      SHA1

                      8419b3532826bea0e6a09dac8c554d228067fb9b

                      SHA256

                      d81dd83d00eee7a6039f333483555ee22f7788739f323085a703d807eec08428

                      SHA512

                      4135194d389edfdf44b4ea7bf659a4b2f23520299e98aeef5af482b001b074ac366d237ab15094207e2ca6f3ea82b61f8b3680997e985614b054c47cdc57d9f5

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                      Filesize

                      11KB

                      MD5

                      37f7579f04b1f5e0ffcd36e4fa8f8bc6

                      SHA1

                      15c915f490276f269071f70e9bfe72cbd224656e

                      SHA256

                      2598127277c67662ea821bc157dcb451a9afec1017c7d79b796d25950247ec13

                      SHA512

                      ad6d9052ba0e0bdb1c13a585a23a2f7c731d064e21f0f214ac709f3c01004a8c3f0200909de802e8cba7bdc83923378c2bfccc21fae01e8b5e079021ce408d7e

                      Download Submit