Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
08/04/2024, 13:23
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://dhl-douane.bubbleapps.io/
Resource
win10v2004-20240226-en
General
-
Target
https://dhl-douane.bubbleapps.io/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 844 msedge.exe 844 msedge.exe 2484 msedge.exe 2484 msedge.exe 2748 identity_helper.exe 2748 identity_helper.exe 1308 msedge.exe 1308 msedge.exe 1308 msedge.exe 1308 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2484 wrote to memory of 3292 2484 msedge.exe 85 PID 2484 wrote to memory of 3292 2484 msedge.exe 85 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 548 2484 msedge.exe 87 PID 2484 wrote to memory of 844 2484 msedge.exe 88 PID 2484 wrote to memory of 844 2484 msedge.exe 88 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89 PID 2484 wrote to memory of 452 2484 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dhl-douane.bubbleapps.io/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2484 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac72346f8,0x7ffac7234708,0x7ffac72347182⤵PID:3292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7807897899949970649,13241471487949210402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,7807897899949970649,13241471487949210402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,7807897899949970649,13241471487949210402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:82⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7807897899949970649,13241471487949210402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:2180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7807897899949970649,13241471487949210402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:3240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7807897899949970649,13241471487949210402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:82⤵PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7807897899949970649,13241471487949210402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7807897899949970649,13241471487949210402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:1752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7807897899949970649,13241471487949210402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7807897899949970649,13241471487949210402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7807897899949970649,13241471487949210402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:12⤵PID:4572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7807897899949970649,13241471487949210402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:1696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,7807897899949970649,13241471487949210402,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4520 /prefetch:82⤵PID:2688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7807897899949970649,13241471487949210402,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1308
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1728
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1696
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59ffb5f81e8eccd0963c46cbfea1abc20
SHA1a02a610afd3543de215565bc488a4343bb5c1a59
SHA2563a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc
SHA5122d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597
-
Filesize
152B
MD5e1b45169ebca0dceadb0f45697799d62
SHA1803604277318898e6f5c6fb92270ca83b5609cd5
SHA2564c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60
SHA512357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5f4b99a4e31c0bd069fd60fec5128deb5
SHA121d7dfb3409db74e15e8acc0479b8db09823c95f
SHA256b7b94e2856833e50c00ac770f6d3d4116c073d736754ad5b7ccf4bea1f29adef
SHA51288b0a9318dc1ec0ab33886f9d0e7dd604dcfe24704882c4e356cc71b82423621e31209d43b7d700d3c859908cfec63aa50466c1537a1d60f98cdca9d9c3502cc
-
Filesize
775B
MD51405424fe1d822b5a2989b4eec8d35fd
SHA1becd4d039f05643032584682bd57a32be9bb0c40
SHA256a576100a03b0c2473f3cdd908c39fc547a6d094bbb48be9c088fafa03244e40b
SHA51248137cf7b3d2974eb9ed4ba68fa45e56bf3e487709a06332a49317887d1b8100523f142b47c1f929240bf9a0503efdd9d3e41d7361e896303e6c403e8a0ce83b
-
Filesize
6KB
MD56ba5bc1581a2d30c433c493288582a2e
SHA1f043905eca7cf70a6a0ba2a6456be398f52d9f49
SHA256afe08bb87294fc915044ffabacf46476f2109e2ac85ad5682e1822aa5ef0bc73
SHA512e74b9d093799a7a2a5b09d6dcf2f048667370bbcdb7e99f80c2f996b20c885f161e9246619c645973d265b498db0f8a27306578ed76bf585c940cbb3d7a7c15a
-
Filesize
6KB
MD55f3faafb1fa4a44b5710e809c341eb7e
SHA190f644bfe79618e844c196ef64f59521fe7c04cd
SHA256f42107b0aaffb7e01dacb9b51eb4e6475ee66e63e23aaacf0d1f4dfa3723e786
SHA512817200cfd87bfb5b374022e97ccb1820d6c331b6b9ba8fe6b75781d6e2a1bfd0f6ff520d56152009cd016ef4936ac84616858a55b03addf29702f6102b621c38
-
Filesize
6KB
MD5ba8bb4474173a3a0960eb9d6ac247e70
SHA1dc3979acbe4991d43f9a9aa5d8c8e91349ce8ecd
SHA2563a6bd3ae650b56c4ee139f189ce86c68ee4896bae07545b285ced6d6e70ebb73
SHA51284ff844b6f0f181d906becb5076332ff6bfe386a620277a4545d31855d1c06269cff68006b561944fce9f80ab69135de72d77caed060e8e0ac70a5a3b924c317
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b95d852fd32aada26d4cec55cf9eebf2
SHA1f1bf2ab35c65179d017f686950626cce6fcb3a6f
SHA2566d92f9deab921e0f8989f07f3b041541c2cf0a1cf6360217bd4f9cb74a67852f
SHA5128d2cdb7a98c2aea86961073ed1f57c40b69c7368f033fa30e364506fba9fa779261ce183735d6bb48e6ee718429d646a3ef1344db2c9908827ddc75bb8ca3651