Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
17/04/2024, 09:41
240417-ln55nacg6w 817/04/2024, 09:41
240417-lnwk8abb69 117/04/2024, 07:37
240417-jf22xsae8v 616/04/2024, 14:11
240416-rhgsrsde91 116/04/2024, 14:07
240416-rey8msbh56 117/04/2024, 07:43
240417-jkq58aaf8wAnalysis
-
max time kernel
79s -
max time network
83s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
16/04/2024, 10:12
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win11-20240412-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2492 msedge.exe 2492 msedge.exe 2308 msedge.exe 2308 msedge.exe 3636 identity_helper.exe 3636 identity_helper.exe 2604 msedge.exe 2604 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2308 wrote to memory of 1980 2308 msedge.exe 79 PID 2308 wrote to memory of 1980 2308 msedge.exe 79 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2556 2308 msedge.exe 81 PID 2308 wrote to memory of 2492 2308 msedge.exe 82 PID 2308 wrote to memory of 2492 2308 msedge.exe 82 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83 PID 2308 wrote to memory of 4728 2308 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2308 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe8d3d3cb8,0x7ffe8d3d3cc8,0x7ffe8d3d3cd82⤵PID:1980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:22⤵PID:2556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:3564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵PID:4176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:12⤵PID:2036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵PID:2832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,5753382430676005543,8843163849214953368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵PID:4752
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1532
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2456
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3336
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD554caf18c2cda579e0dad6a9fc5179562
SHA1357d25de14903392900d034e37f5918b522e17c9
SHA25628d77529de92eb605d8afee0e133a7d08e13d4386e5e38d63e2da34623eaad6b
SHA51288da5a33df9d82408afb8344ec7dbaf7686435fdb55eccfb85d5560f39861e84cef5d71949d5efe7a191778e6be755a8448f3fc3d7043007037f9f5227e10210
-
Filesize
152B
MD5696ffba7b83ecf008523e96918f200d9
SHA1970d90e22c8b3674fc33cdd1913c51ef28514255
SHA256dc6dacd725d7385b2e4db1f488d93f2840d2289efdaaf3737849304d1ab9ba34
SHA512f8528683b70b58376f3eba3338fa6b462c9e9248c72524573005cff6397a0556bdcc2fdc2ebb020ba8218bc8174ba552002f223a245dfe3d3688826d24d63237
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5f9720cc5d26c5995d2afe624a7747816
SHA1d0ac3f604c3889006b0bb118f3d5135ab5c6dd34
SHA256ff1df3fca04175d001f49d5a56698d3dda83e426803c412cc294395bae6b57bf
SHA5122d6616c9da6f1a74ebf4d7ea9889bb1e92630137320d57d92fef6a217a5d0af99e6426bf976d7da853dc328574c552a534ceb864d1eb962db22d8cbf1277f0b5
-
Filesize
3KB
MD5444d98e318aace13f153c18b48dca222
SHA12109915eccef37862da6de5aed3ce4a313dddcc0
SHA256bf8f639c17d6615c3f2832f336d9af6f8c57e7032bd999047569c732a4930065
SHA51299ce5c62c269990230915316937876ae6df972854a4606e35908dff37377bca8b16c9c6f8a5abba601aaa4e3c5558a2e3d04645cef519d6fca78a7c13f0ce462
-
Filesize
5KB
MD593a6b49a487aa331e57f13622aebc0e7
SHA1338cb450867b5cea7db69e843f8914e027c71de3
SHA2567b56df4cb8bbe915911dc74222833ee37e56c9f1247a2aa7ff7a72ca6450bf30
SHA5122a029eacbec0ce756641487b43622a514d5121df5c9aefe11ca69f5c2a07eea4ac9d49067c3c2caf0587de3daa0a590567cacd7d0ee6ab8af953d032fc513bf9
-
Filesize
6KB
MD5a95a80cdad497df72878eaf278febcb4
SHA1d92f4a609bc6c65839932db7365ab2b5deee6273
SHA2566ac9aafd77e120912ff566c67a6ba805dab3ec0d9add4b08ef78639f70905ba3
SHA512e5962de7a426e043f8fba7b6e83add47f254645d316015ff3c03c0891333add736cd2fc88e9c9201ee1cb17b5a15d0f6001cf1c0eb11d802346b90e9ae65ea5e
-
Filesize
6KB
MD54ae6a47025773752ef14266d8e035698
SHA176ce606376fed25ac9416f1cec5a33841c3dfcba
SHA256d900fe9599ce156f55e0233ad6ec458f07261ae62f9d264c8702d4d2c9ea5fe8
SHA5129e5e06543db661a52084b2742bb0941c927894386a31b28de0fc93fa2774e99a5ee8ba442cc23be5da4299bf4e4fe6ed221c70f3bf51f84b254b5f2eedca3069
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize90B
MD5d6e4d14472e0d64e95e9c6e16d3330f7
SHA16b4b79cb7fd1a405631d4af6dfd80263b3fc25ba
SHA2564d2658c08a4445c985add9d1d8569e3aa26cef3d364589db1b6ba31aed69aee7
SHA5123b7d2cae90058eca2f93abcf695db27a158e8cb5a526925d779813dafc35128d04cf32a2dcb667f20dc70d469a05c476cacacdbd60a5ea1c94fdfda3433ca9a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize26B
MD52892eee3e20e19a9ba77be6913508a54
SHA17c4ef82faa28393c739c517d706ac6919a8ffc49
SHA2564f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae
-
Filesize
540B
MD577a11e5feaffed5057a6d0243e58c13e
SHA1b06e756ccd2638b6b7ccfe85a1d62280fdf3c78c
SHA25659347dab7963e418171e214b869c8394ed88eaabe3284627cc68d7cf32c3d3dd
SHA5123aa1b8d234a9631ea0348addceb0d3cdae453ec92e0b9470d997ba76fae0ef428b070d9237b89316d603c6d13a809c07339a658eb2ae9d57f5bdc3ae1a65c258
-
Filesize
540B
MD5b45e1408e11233a29e68a60a5408cbbe
SHA12e77ad136d1bf25432646788b5f4b3818dc7574d
SHA256bd0e91284414deacf8a2ad26151dc92f22937f884e580571a07d1a8e6ab315e4
SHA5123c25f0f8fd11335d4549ef3d4866c0beabfb6a4eaae01dea04f1d6a3032a65e0985055e1318d9c6043efaa126804febcc3598f3350b5c0b0287788ddc20a59d2
-
Filesize
372B
MD59c4af196be78116d1516b4e621611186
SHA19c54f7bbbb8e19f7247db87e46b6447bd8d42557
SHA2563261e84a623efe3a56f4e4fb9ad2776fe5fd2278c80d096fc0961db68638b2f2
SHA51293bb760220ff3b9cc9ed124758529525861e98c0af8a5d5c0527b17b02efdc6a33623aa2449327f16ecd6bdfdb346d4162aa48a7dc0484259dd465ca9e16f9cd
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5c56fd26d31cafcb0210898ff88cddb69
SHA14df1d18ab2f95282d65620a6a7b8c92905848d67
SHA25617f9982f1bec8b3d18dd11ece43aa44352bd711d1749d4b58629daed955c208f
SHA51264a00fa3c0b0cf2604db5117a9f35c8d8706a7b5c39902b30842e23147a5b327a73654d2f3a2e91568f00d219796a21c72f335c2fa08f105bd0bae5a424c9903