Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://m.exactag.co...

windows10-2004-x64

1

Resubmissions

05/04/2024, 19:26

240405-x5tczabh6t 1

05/04/2024, 19:22

240405-x27q7acd35 1

Analysis

  • max time kernel
    108s
  • max time network
    111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/04/2024, 19:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://m.exactag.com/ai.aspx?tc=d9170681bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Aabscissadesignstudio.com%2Ftoro%2F27162%2F%2FYWxlay5ob3lvc0B5YWkub3Jn

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://m.exactag.com/ai.aspx?tc=d9170681bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Aabscissadesignstudio.com%2Ftoro%2F27162%2F%2FYWxlay5ob3lvc0B5YWkub3Jn
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1004
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffabd6946f8,0x7ffabd694708,0x7ffabd694718
      2⤵
        PID:4532
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
        2⤵
          PID:1232
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1964
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
          2⤵
            PID:4184
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:4784
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
              2⤵
                PID:1516
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
                2⤵
                  PID:2792
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
                  2⤵
                    PID:1476
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
                    2⤵
                      PID:3536
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
                      2⤵
                        PID:1856
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3932 /prefetch:8
                        2⤵
                          PID:724
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
                          2⤵
                            PID:1300
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1476
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
                            2⤵
                              PID:2204
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
                              2⤵
                                PID:2792
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                                2⤵
                                  PID:3088
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1600468049838618590,17123557988612523040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
                                  2⤵
                                    PID:4412
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3500
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3340

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      f35bb0615bb9816f562b83304e456294

                                      SHA1

                                      1049e2bd3e1bbb4cea572467d7c4a96648659cb4

                                      SHA256

                                      05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

                                      SHA512

                                      db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      1eb86108cb8f5a956fdf48efbd5d06fe

                                      SHA1

                                      7b2b299f753798e4891df2d9cbf30f94b39ef924

                                      SHA256

                                      1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

                                      SHA512

                                      e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      1KB

                                      MD5

                                      f7ccaf4bba32f54801db5b93ee6b8212

                                      SHA1

                                      7b4e38207daea71839309b09c1f10a7a17ac6557

                                      SHA256

                                      cfaa6a8d2d3bdce7f8b5792c891ff91f016c9ac69074f01ce15b35c663427577

                                      SHA512

                                      90da230fce55e6cccaaafebe125638c04f00a97a6ec7afab35b89e44bde5bc2378406cd6be713125db5d0b556fd02184a56911955d56615debd97ffbba7d50da

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      986B

                                      MD5

                                      b9b01306639f26e0c24203afc775e1dc

                                      SHA1

                                      87aa45fae34692f17ae56f74df74fd4c28528f2e

                                      SHA256

                                      7934be8622022ee482164d3dc7ff590b243fcf81115de751688d16593f32fb37

                                      SHA512

                                      6a018517d799cdd0464a6b0f9b6305fa652aac19a8c111487e9550537f0392cb0519fcd17214ab405181fb3c6802d219b7169724642fa13f80778e27780bf6af

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      8a31beebaa59bec145a8997e2aaa5caa

                                      SHA1

                                      d560a3c40bf3c0562007d72c8913ee708874ab5d

                                      SHA256

                                      ccf775f14b857a9c4c37299b3f3cf11ad1a9ee5764f52888034d8ca9c0a1d581

                                      SHA512

                                      b339b94e96f8bf1e21f17f9d445549cba2c2656f2e990ddaf10dcae1af9d3880ff58ffc10e26ad02be4c7c5c76a88afa7f4cf697f37555c62a4c1f1ddf802171

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      7KB

                                      MD5

                                      89f293fb58190251dfe5023fff5ba28c

                                      SHA1

                                      cf91db6fe48290558d5a7e0c4414716482975d7e

                                      SHA256

                                      f4cdbe9c26c84d6a8cd560fe76e226eb8cce1d83699aea8a3e085b2dfc568f08

                                      SHA512

                                      fa94c6915cc22e06ca5625d1742ee7eebe7bd32eb6b10c6c2c830fed2c40251e7d78465239b5a489a1d69e52ab53b672447b4fe9c6879639bf4529c099ea8b22

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      875B

                                      MD5

                                      39be40681a18ff81fb75b238c9d36631

                                      SHA1

                                      b6850b84976440177ffc0bf4e54ad7e8155113ab

                                      SHA256

                                      bd113b1165521b74e3a7b81a08d866277b4f51c8fb27c87cae368ea95d42b453

                                      SHA512

                                      09622c1951b38df6711aeb288e2b4ff86a1b5df6a844b828c4ffd1a441967deaf3e55e01919e9a39ad437e636d4af9bbd624e3f894a33d8951578ceca3c45eaf

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57aefd.TMP
                                      Filesize

                                      875B

                                      MD5

                                      931c797cece570e52bfc02e6287c1e93

                                      SHA1

                                      4a125d95e4a9c90982c4c42abbd5ad78e18c743d

                                      SHA256

                                      7713ade403ac3e988eff6df309af5e5c797c931eb2dd3b882e11df3745b7d854

                                      SHA512

                                      341523172e168080279a88afb75745943968ef39b16c42de6185bbe965dca6f01465e9536fe244182705d5dd9bbbc5153380a85029411829ccaac9c745465e2d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      59e952c384d86f68d1aaee4c175d4619

                                      SHA1

                                      e4876ac04136fc8eea549819e96f5e506d460108

                                      SHA256

                                      65a48c85697ee981824428a3c6e848917ea00f8e2fe6cdfd40be61c17eb5bab5

                                      SHA512

                                      dbfddd84ff55134af2c9b6b0b7df983b3f4d51497f3e8c75820bba698d9106b30fb4db2dfde977bc3aeb97837dca0a032c60718dca2e8cbec3a45b2bf56932a6

                                      Download Submit