Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
54s -
max time network
60s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19/04/2024, 01:48
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://spikenow.com/collab/?id=wC53IeckJN56yFHc6w4RQfaJ4V0Ggf1fRqNj9IHLCTg
Resource
win10v2004-20240412-en
General
-
Target
https://spikenow.com/collab/?id=wC53IeckJN56yFHc6w4RQfaJ4V0Ggf1fRqNj9IHLCTg
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 344 msedge.exe 344 msedge.exe 4852 msedge.exe 4852 msedge.exe 4028 identity_helper.exe 4028 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4852 wrote to memory of 4488 4852 msedge.exe 85 PID 4852 wrote to memory of 4488 4852 msedge.exe 85 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 1464 4852 msedge.exe 86 PID 4852 wrote to memory of 344 4852 msedge.exe 87 PID 4852 wrote to memory of 344 4852 msedge.exe 87 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88 PID 4852 wrote to memory of 1396 4852 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://spikenow.com/collab/?id=wC53IeckJN56yFHc6w4RQfaJ4V0Ggf1fRqNj9IHLCTg1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7fff779646f8,0x7fff77964708,0x7fff779647182⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:12⤵PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵PID:2296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:12⤵PID:880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:12⤵PID:3924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:12⤵PID:456
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3360
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5000
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5120a75f233314ba1fe34e9d6c09f30b9
SHA1a9f92f2d3f111eaadd9bcf8fceb3c9553753539c
SHA256e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0
SHA5123c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3
-
Filesize
152B
MD5bc2edd0741d97ae237e9f00bf3244144
SHA17c1e5d324f5c7137a3c4ec85146659f026c11782
SHA256dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041
SHA51200f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize480B
MD5483de3f88492366955824541b88cdaf3
SHA1a807d7c49991b24453f3d6f891d1b4c90730cc79
SHA2560d4d184d8213ecb60ec4416a947e75741fa5e634e0be27f5f2d46a1e840895b0
SHA51226587dcc042d56eed311b8426a40f791e392c40d3d62dc81e5979d84d472689e594a935e0ce334efca70b5d380869d706b222d1644f9fa8cde34eba9522be49b
-
Filesize
6KB
MD5ed6bb3e697f2239f0cda62f24f4e7ffd
SHA166e2b1032fccf761897f1eccf271b9c5f8f4306c
SHA25679d626d27b30f7f7319e46ee48c0923202a112e846042d39f6c8f21cf5828cdf
SHA512dd97c8e7331d73271c669335cf5a3abec6b8114f6dbcc7af9dbea9fa432b15e25db59929f3f0bc389c4e1cf4cbfa6cb477fbb28477bbfd2faedb1cc0393e2d1d
-
Filesize
7KB
MD5427d3d6a764777ee6b67747668a8e5dd
SHA1ad374c36a99fed3f2d584822074bf1e3c55677db
SHA256d16e7f06d92d79e4e35f6748bdc05ddaaa77e0ee85efd3e5050ae68c7df22c31
SHA512f9257e35432b68daf99d4ce1eeafd76cfb726e5553ba258e1ab06dd51a3650c0268f75938e1aa3e205daed0d4165579f7f3b1395ef1731637f53a1a3d76977c1
-
Filesize
8KB
MD5eb956a8406b39e5a68bcc3f3b201b267
SHA10619f45507d331e2dc2e5abf51adefc48caeb04a
SHA256b1469f039ece91c53805eb57ed909126a4e174ef7d469def914fcc69f49b89cd
SHA51237499dedf80b131c0327dbf50513bb591ee4f7c5f99b8743718245b70e53ac636fec38b58ff14b24eac65f54aeede5c879bd18fd86cd652732142e642a18e2f9
-
Filesize
874B
MD58e41b0cd24c947ddcd14ca5e199cd6af
SHA1b2434124f3f2e453146194c728e79a6ba9aff7f6
SHA2561747cd6cdd8d24bb501d3da656bd8191b77452497f94c4a46f911c15af8593df
SHA512c93063cc34d9a6e4a1b14a59e2717bab1da041e782b327be34bf411ef18bf4e5b17b54b84beae2a99dc0f8df2c792b615cd99230006796b307926630d4b85c84
-
Filesize
706B
MD5905fb9866aa5c2b5e28147db45b789e7
SHA13621557ac436447bc2b92f757b900556a4c6a3f0
SHA2561725d0ffe2edaddb397d1e8889e5b9185b58cf32da01f1266eebe701e7392b5a
SHA512cc9de891322f5cf0715c29157fd7e8ec1406307abe2f85222c3b1d6509597c2aa61f934cf66418c918331d86081d17574984e9ddc9c1040a745ea0118bd009dd
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53c3c4b6413da12091988975431586884
SHA13d3e186369727a7569bbbccb88d7e3bfeb74dcfc
SHA256a47bc8140ec6f69a925aa4dd438c00635486871b855b9ab615bc0d569631dd0d
SHA5122fba0828672444319f2aad4d18b9ec68f7d6f5d9b9f991837b1f840e3fee1cd18529ebefd9a798c4c3b5f773a8b1f7895d7da3466dfb85b95eda00be1fbc4b0c