Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
17/04/2024, 09:41
240417-ln55nacg6w 817/04/2024, 09:41
240417-lnwk8abb69 117/04/2024, 07:37
240417-jf22xsae8v 616/04/2024, 14:11
240416-rhgsrsde91 116/04/2024, 14:07
240416-rey8msbh56 117/04/2024, 07:43
240417-jkq58aaf8wAnalysis
-
max time kernel
1681s -
max time network
1690s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
16/04/2024, 14:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win11-20240412-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 2672 msedge.exe 2672 msedge.exe 4996 msedge.exe 4996 msedge.exe 4736 msedge.exe 4736 msedge.exe 2492 identity_helper.exe 2492 identity_helper.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe 996 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4996 wrote to memory of 1292 4996 msedge.exe 80 PID 4996 wrote to memory of 1292 4996 msedge.exe 80 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 1444 4996 msedge.exe 82 PID 4996 wrote to memory of 2672 4996 msedge.exe 83 PID 4996 wrote to memory of 2672 4996 msedge.exe 83 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84 PID 4996 wrote to memory of 1928 4996 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4996 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeef5f3cb8,0x7ffeef5f3cc8,0x7ffeef5f3cd82⤵PID:1292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,7638105079226442355,9355797739890338921,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:22⤵PID:1444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,7638105079226442355,9355797739890338921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,7638105079226442355,9355797739890338921,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7638105079226442355,9355797739890338921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:12⤵PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7638105079226442355,9355797739890338921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:2756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7638105079226442355,9355797739890338921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7638105079226442355,9355797739890338921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:12⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7638105079226442355,9355797739890338921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:12⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7638105079226442355,9355797739890338921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:12⤵PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7638105079226442355,9355797739890338921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,7638105079226442355,9355797739890338921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,7638105079226442355,9355797739890338921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,7638105079226442355,9355797739890338921,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4936 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:996
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3364
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3380
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD543379e1fd46bbf81afb4fa093257a7b9
SHA1a1aa383ab51d42dadb4d670b2f8cf3cd942b6172
SHA256ff0fb0aba84da291dd911ea4776d4e1d61d300b655644196f8c53923c39506f5
SHA5125db08aa2770fd4ed60407be5014cd602327ec66860e7c034b635c4c7a84bc8a5cae698ea807fabee1b05f36eb5759ad65958e54a8dc01a79bf908957dbbfcea8
-
Filesize
152B
MD5b3cd5e4894701b66c8551a435ee29ec2
SHA1ac29ae9a2fc83b817e559ff6391d671122d34af4
SHA25696f9e5444a3e9c3149465940f2254ba89befa89504edc3af41023a8e7a8c2640
SHA512d3979c1b7d6d4d06b575e7adb7c6843224e826263272b1c3fbcad0ee8a2f3fba257ed12bc6ed60740fe815ea2fa1373749e8b63049a92d1a173340f81d9f9fee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD54b5cca2ce8c7f29a95e405459940870b
SHA109d4d03a2f0a0a50fd3bb13415ed78295a5887de
SHA25687edca73d132d2b16c5d885b23ea5465a0264aa41cb8f796174d50a2bea4c75b
SHA512c55da7159af28ec1a582dde95e441586ff4f30833419a9b14df3b0fcedcb850f1abb7016a912c46f14898532b5f8e76bde2529597928b483b77797b61515e097
-
Filesize
1KB
MD5429a0e34df1a4f9b5cc572bf164b3773
SHA1be189af9d8c09b3606bfe8ca46944b6e9cc34bf7
SHA2567f5fb38f33af95675fd17dbb1eda6846b9aac57819d27dd5c3a9a8e374868f3a
SHA512633ab51bfb69565b7509136dc0f6a225d2aa76fcd49d949a7a10a2cfe3fb17f33657340b912aaa6e8c109a743687204338a47bc9d88343b80d50d8ea555aa490
-
Filesize
1KB
MD5285d8344ab0cf80f685d08a1af7b7e22
SHA1e8422e728480475a8c18c2003645f823b7accd24
SHA25610c8b21ad6991d6d5d2adbabfdd335e54996ce028b7e57595b916b9844a9c88f
SHA512e319c10229a6bf7337e13a3e6eb18ababedee8709fe8bfb6086dd8d385c87a3a070591c24ec1887e7eb3d012e252e8c001c07193645e2a65a319c35586f07f32
-
Filesize
5KB
MD5a82d85b028004ad67b741d038f1721a2
SHA183b2d2d81f456129d4b567d5ddc96aa1a3247070
SHA25695952a35411cbee53112e01cf03c843f0b61006ccbed8063ee798113084b0490
SHA512072034b1bd4e031b2a03352c6e06b71ebce69e10cdf7ad3d792458663a8ce4e5bf6d70f7b830ef64cc1a6b8fe7c37a885e244f7cda81dea2d290aa95bdcdb0b4
-
Filesize
6KB
MD5d3dcf51357b2e6d130b26cf14a70d33b
SHA1ab05e1130d83592bd93a2e924158214ad7c2f65f
SHA256f019b9d2880bcb41ee372342b4cae0fdd313cb4d05c3f5de81eef8226efe7b89
SHA512d421e2f4157c6d58ac0ca9da6bdc0422fee93bf1ea535227ed259da4e1c8a95986bfbcb0ab8a8c881d1fba68748e06e6bdae86f339878a5ed6d94b97d09a80c7
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5db8b8134eb47ff15f54d20caf0e6bf07
SHA1522180d91ade60a77a7d63eee88fe570c25034ca
SHA256d3212b2c0c5411afcc3353d00302b41e9d405a47d7a050825270275f371767ca
SHA5120911a01029c834dbbd9ab35eade6e269178503e8e92dbabbf24a2f96a2c2e81d746011017a1b0a8abd7d08018a000c31e15f9b39a2fb50bce324fe70b9ce32da
-
Filesize
11KB
MD57802d8f42c3f17014239ce936692918a
SHA1e8aad04dbac70734d9b76fc9c218f156b5520e3a
SHA2563ad970895b0f3afeea55773afb0353135b183f66daa39ec9856060db8665d09b
SHA512e3ed145063765b5abdb6e6862f686d3817960b9942e538fd94258e72606cbcd5548cb1086f70c95df6ce048ccd44ca6948c2087f1ea11e8a73471a03c9feb8ff