Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1761s -
max time network
1693s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
10/04/2024, 19:14
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.google.com/
Resource
win11-20240221-en
General
-
Target
https://www.google.com/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 764 msedge.exe 764 msedge.exe 4472 msedge.exe 4472 msedge.exe 2196 identity_helper.exe 2196 identity_helper.exe 4728 msedge.exe 4728 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4472 wrote to memory of 1392 4472 msedge.exe 81 PID 4472 wrote to memory of 1392 4472 msedge.exe 81 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 3740 4472 msedge.exe 82 PID 4472 wrote to memory of 764 4472 msedge.exe 83 PID 4472 wrote to memory of 764 4472 msedge.exe 83 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84 PID 4472 wrote to memory of 3620 4472 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4472 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc54c93cb8,0x7ffc54c93cc8,0x7ffc54c93cd82⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,3436506286759951742,6184122243169148367,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:22⤵PID:3740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,3436506286759951742,6184122243169148367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,3436506286759951742,6184122243169148367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:82⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3436506286759951742,6184122243169148367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3436506286759951742,6184122243169148367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:12⤵PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3436506286759951742,6184122243169148367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:12⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3436506286759951742,6184122243169148367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵PID:3384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3436506286759951742,6184122243169148367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3436506286759951742,6184122243169148367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:12⤵PID:1328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,3436506286759951742,6184122243169148367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:2472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,3436506286759951742,6184122243169148367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,3436506286759951742,6184122243169148367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,3436506286759951742,6184122243169148367,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2712 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2068
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2400
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1996
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD512b71c4e45a845b5f29a54abb695e302
SHA18699ca2c717839c385f13fb26d111e57a9e61d6f
SHA256c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0
SHA51209f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241
-
Filesize
152B
MD5ce319bd3ed3c89069337a6292042bbe0
SHA17e058bce90e1940293044abffe993adf67d8d888
SHA25634070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3
SHA512d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD5bc4afec2650720b472e72718f8b08fbf
SHA1b8597b74b834c512e4fb67380c665d2f3e722e93
SHA2567250c8c21094fa7963677a17d7dcc21aff05588bd29d8bff6a11caab6e7add47
SHA5120c378601afd51f04118d23b175d49d17b5ccd4981ee8af902ce82042c42ad263d57a26e4ba98cfcbb4b62127af65a799440f2fbf36e7715edd81e015cddfc9cb
-
Filesize
1KB
MD544a23c712a0f1e97cddb1dc8fffe42c4
SHA13bf135da9c7738df5f66f4dfbe93293cdf753a02
SHA2562abe43bc09103d989cc066c3b697b5ef026c0e6b3f4d9699ed6e8b2b25307c0e
SHA512280f4b4b1ee6c587c7d4fa46819231ae57bd77875a78525af1cea476a6deabdfb83c22d8695d6f52fd43ac3a4c7eb6b0730b94e5086761a2b6a792d271d04f37
-
Filesize
1KB
MD578353224663411bf6e09e102cbf9deed
SHA19a692bb1832211d8143a0143c48b9ed37bf4aba9
SHA256900f890ebf95798d56c3372198eb9e6ec5328cd6108434eda652551651893b94
SHA5129b324db1f7e3dbdbd759e6d1dd38cc11a4f1dd38deec1896ffb9db61546f9f93cadc4e8f496a0f78114735340f02c6d129d255751f6a5139eadb54ffa874e272
-
Filesize
5KB
MD5862700589b0418da5a76d946f8af66c2
SHA1c05cddf4011f3910d0783bf571b60c4e0c376718
SHA256e5bf3cd27b3a8313022c9a4b8b92afbe876c8ff6968c654b198f5d389a90d72e
SHA512025ede0e08e6c4e8d32b53b0ee0136a2f8aaac8a3285ef1fa63b621de2351135f01eb241c70c42c73edce84415b5bcfe67ebb1e9f0acdcbf5c1c95c848c3bf8a
-
Filesize
6KB
MD5844977e69458b3def6abb6f32b1b4d91
SHA1c29a3eac6bdcae2a201faa5b2fce5e005f97e609
SHA2569beb8e31eaaea0d69f8125b2159e606cf7001ec1a64cd84f0289a00a3229973b
SHA512279be6c9f69b11e1707e7555055fa400912db9b9e67722d3a021171e4062c90b12b3ea82f0011a16f77ae5898e9b110b8badbf85580d412a5e0db86b4626b0e0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5614b486053b55566a5d9002e18b24773
SHA116451a6b7edb7f555c721f88d60101ef432f8409
SHA256261e1cf75c2197787883803f98e1587a35880801680026a3ab2dbda3851c8eac
SHA512d78cc0386aec9ace2e6078bcaebf2fdb6d836b7fa6d81a2c75f81daf4512e1b175d6aab80ae246d5771119545b6ea2860cc43fc4c8a0795befaecf31d5302e46