Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
22/04/2024, 00:48
240422-a5zhnadb74 122/04/2024, 00:47
240422-a5gb3sde2x 422/04/2024, 00:46
240422-a4pl3add9z 122/04/2024, 00:44
240422-a3hr5add8w 1Analysis
-
max time kernel
106s -
max time network
107s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
22/04/2024, 00:44
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.linkedin.com/redir/general-malware-page?url=https%3A%2F%2Fstoriescover%2ecom%2Fnew-f&lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BWIoC4VCISxCqpbc4F8GdgQ%3D%3D
Resource
win11-20240412-en
General
-
Target
https://www.linkedin.com/redir/general-malware-page?url=https%3A%2F%2Fstoriescover%2ecom%2Fnew-f&lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BWIoC4VCISxCqpbc4F8GdgQ%3D%3D
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2560 msedge.exe 2560 msedge.exe 1932 msedge.exe 1932 msedge.exe 1212 msedge.exe 1212 msedge.exe 4436 identity_helper.exe 4436 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1932 wrote to memory of 1132 1932 msedge.exe 78 PID 1932 wrote to memory of 1132 1932 msedge.exe 78 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 4364 1932 msedge.exe 79 PID 1932 wrote to memory of 2560 1932 msedge.exe 80 PID 1932 wrote to memory of 2560 1932 msedge.exe 80 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81 PID 1932 wrote to memory of 3648 1932 msedge.exe 81
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/redir/general-malware-page?url=https%3A%2F%2Fstoriescover%2ecom%2Fnew-f&lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BWIoC4VCISxCqpbc4F8GdgQ%3D%3D1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1932 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa4d703cb8,0x7ffa4d703cc8,0x7ffa4d703cd82⤵PID:1132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:22⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:82⤵PID:3648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:12⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:2120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:12⤵PID:2352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵PID:652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,143148887464277141,7170856205185126828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:12⤵PID:3712
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4952
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4580
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56e15af8f29dec1e606c7774ef749eaf2
SHA115fbec608e4aa6ddd0e7fd8ea64c2e8197345e97
SHA256de9124e3fddde204df6a6df22b8b87a51823ba227d3e304a6a6aced9da00c74c
SHA5121c9c9acd158273749e666271a5cdb2a6aebf6e2b43b835ebcc49d5b48490cbbf4deddef08c232417cee33d4809dec9ddac2478765c1f3d7ed8ea7441f5fd1d15
-
Filesize
152B
MD53e5a2dac1f49835cf442fde4b7f74b88
SHA17b2cf4e2820f304adf533d43e6d75b3008941f72
SHA25630bd1e1bafb4502c91c1fb568372c0fb046d32a4b732e6b88ce59ea23663e4ce
SHA512933ac835894ce6cb8aac0261153823c96b6abec955173653dd56e534d644efd03aec71acb4f8cb0b9af871962296ec06cd03e570a0ac53098b8cd55657543786
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize528B
MD51c95896df0ffbb23eb960d2e4dad51aa
SHA10b29f562f13081ebfc1419e8765b6a944881e941
SHA2568669e3fdeaaf0ca597c4607f9567cfb76ecf96e390d768d034a606419bb56fb3
SHA512b1052ab917343ce155b8cc9ea1c33e396705709c42c34b39fd6a631c01095e2620ed2673de5f39ee189808fb686f877039620ab9e1e0ac9514924f3a12d00812
-
Filesize
2KB
MD5b842deb8f1430ebdbcb22bd417f0d979
SHA1730a417e79562406a54e93934869358a941b1f87
SHA256b2fb45699ebd1a9bd799163584fde0ded93deca70a3053bf3a208f1332a20822
SHA512ca844c20e6603643d387af7d5685866265e91a8829326030dbbb55472f7569acbbf02519d375d913071424ea2600101c9f34209079d44c3a69e7d97c3bb7f8ab
-
Filesize
6KB
MD51cebe9082695203b72d10c2f71c3552f
SHA16634f8747573df0eb5b769bae2379df4a1fab459
SHA256b18cbf3cccfff3dfb9b9f21133b7a4a83ed73733df564c49cf5192f9a5162081
SHA51278eecdc328c0d63464adf216515cef8d7ea8e79fbacba09308e6ad108cd8352bb8eaede1472cabba596b5227573a23e82a7cfda511359d7c8a0811053090ff6d
-
Filesize
6KB
MD585224b3e1e5609f747b03729c85aad96
SHA161fad0c90768b6bc6153253f54b2f7fbf9c3f2ed
SHA25608f8ef257ffb66ebab8dc958dfa036abfaab25fdcd231e1c40a082a43dfbfb9c
SHA512fc5eb61f2f47fc2b3c0420a35c459a048642a74d89b516a6c67bf595b4a6b5419d88bc71f68ac030672bf90b02259710af82dfffb7277dee2f450fe6c175adca
-
Filesize
6KB
MD55cc90c9debe87e7d3d7b6ed27a016750
SHA1abfb5bbcddc691378dce6397a0fbe4465829c7c0
SHA256871fa3e5a044f6227bfb05f99d855909a1ccddf949a075b502ef555e89723a01
SHA512875e3c7457ab0e547016c1acf4ae9285d63abf868dda123da2050817d55f4c69c83415f679797e7dbe5eb9c81f17ee2bb865af2848ebe530a06ea9daf8d7fc91
-
Filesize
6KB
MD5fe39afd63516417e813f8a9da8197518
SHA1c9c92580d3ef94bfd33687902e2c74bc722841e9
SHA2562bead9aecdd4b720e8273c3559e889cb5e3ef3864049ddfb77b3ee06a1b99f47
SHA512abb6edbd03b7af152b66cd31a03e7920bd3b3d832bf8d52ac9a92ec00de0d405b7406e5d38f16488d81d043020f5e9f8187166734d2103002d4c850b3e89949d
-
Filesize
1KB
MD555f9f5705e4d9006bbd97d665268dd02
SHA1bb53f1f37709abfd1785adb2026568381fe69c23
SHA256a1e333152fd4c8eb8402d30dab3955f290cdb3b0b4098ebc4a171f8c2e799131
SHA51221a794c3abc8360b66760a3847d5efa96d44ca60492f65fea72e4eefd2d1e14a80b74886308dddc2d638b0ac1fecbd66306d3c5df01a8f5de1bd58064e668510
-
Filesize
204B
MD5fc581dcad3a44170024a208037e87687
SHA18b9667c439c05ebefe6cd502c89d4a99748f6ee9
SHA256e79a49e06795ceb0d4b0209d5c59151ba90eb9af9017641587d19d9cb3c2823c
SHA512eb81cb381ce561fb6bf055ff7a9628110a1069362a6ed76e35590eae512f47629ef8bdc36931010af8eb1320ee37c793f8c9abf98d59b9193bf8ac78aacca110
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53c2567e48f72d0e281b755be5752a541
SHA19c176202f8961568022dda71de12b3ccbdfca66f
SHA256c1757e22e6a8c78dc91b20ed37801223dab29c377266729d8fe47b3482deeff9
SHA51264febbc97ef0f2ad62b569f48347a169612de8bcb03c8c4cb5f5607b907f56230265fdcef03e51ea3777603c8ac86d5e406fa7499733309868def2350ecdde5a