Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

.html

windows10-2004-x64

1

.html

windows11-21h2-x64

1

.html

android-10-x64

.html

android-11-x64

.html

android-13-x64

.html

android-9-x86

.html

macos-10.15-amd64

1

Resubmissions

01/05/2024, 16:04

240501-th2jaach66 1

29/04/2024, 17:15

240429-vsye2sgd2t 8

29/04/2024, 17:08

240429-vnv45agb91 5

Analysis

  • max time kernel
    1680s
  • max time network
    1687s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01/05/2024, 16:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .html

  • Size

    1KB

  • MD5

    e7c33e896fc6a6c7d635fc478b7ed5ef

  • SHA1

    b2b0e2d14719a991c2490cd6305d38432cfb5b01

  • SHA256

    bd454f23ca60e35b9442b70b28762e9f8e70116757a0a37ac30335b6aff8ffda

  • SHA512

    1aab589a70e9f8058483fe128fe490baec3f676dbfa8840bf7084fcdf5aada519d697cc250faf67586ee29abbdafdbae64c24467b3d8ea86419aa4a76dc12dda

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0a663cb8,0x7ffd0a663cc8,0x7ffd0a663cd8
      2⤵
        PID:1732
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,14901680118395488510,14514368585324749284,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
        2⤵
          PID:2984
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,14901680118395488510,14514368585324749284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4600
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,14901680118395488510,14514368585324749284,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
          2⤵
            PID:2196
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14901680118395488510,14514368585324749284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
            2⤵
              PID:2360
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14901680118395488510,14514368585324749284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
              2⤵
                PID:1340
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,14901680118395488510,14514368585324749284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:1176
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,14901680118395488510,14514368585324749284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2300
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14901680118395488510,14514368585324749284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                2⤵
                  PID:5108
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14901680118395488510,14514368585324749284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
                  2⤵
                    PID:1584
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14901680118395488510,14514368585324749284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
                    2⤵
                      PID:692
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14901680118395488510,14514368585324749284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
                      2⤵
                        PID:3544
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,14901680118395488510,14514368585324749284,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5612 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4300
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:2076
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1800

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                          Filesize

                          152B

                          MD5

                          9faad3e004614b187287bed750e56acc

                          SHA1

                          eeea3627a208df5a8cf627b0d39561167d272ac5

                          SHA256

                          64a60300c46447926ce44b48ce179d01eff3dba906b83b17e48db0c738ca38a9

                          SHA512

                          a7470fe359229c2932aa39417e1cd0dc47f351963cbb39f4026f3a2954e05e3238f3605e13c870c9fe24ae56a0d07e1a6943df0e891bdcd46fd9ae4b7a48ab90

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                          Filesize

                          152B

                          MD5

                          7915c5c12c884cc2fa03af40f3d2e49d

                          SHA1

                          d48085f85761cde9c287b0b70a918c7ce8008629

                          SHA256

                          e79d4b86d8cabd981d719da7f55e0540831df7fa0f8df5b19c0671137406c3da

                          SHA512

                          4c71eb6836546d4cfdb39cd84b6c44687b2c2dee31e2e658d12f809225cbd495f20ce69030bff1d80468605a3523d23b6dea166975cedae25b02a75479c3f217

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                          Filesize

                          382B

                          MD5

                          7d56789643eeadb5d6e6b6c838419222

                          SHA1

                          ce6f0f620b7dae34a553a0093442dfde5a855693

                          SHA256

                          9e9c68e76fa4185ea03d7c075e23c070c97e378cca1e944412601d0d4db0200b

                          SHA512

                          3b35313998a5dddf5f3d445511be0c283e8765f02eac370266c4b05dd16fa9105d3cb818786dd1047e985b8de3fff512f245fe041886a0f7ef24980ff6056eee

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          5KB

                          MD5

                          076cf2718ca2e18400936b0e6b19f6aa

                          SHA1

                          33292899fb8429c06aeae651076eb215e4e9231b

                          SHA256

                          a1be4ffc3d4d7eb31d27c68f2797ae3ddd1c85898022f98d5ba3580eceae1abd

                          SHA512

                          7dea20f77bcc623a9708609196ccb2dea8b51339bb0854bbc8aa05c3432410c6557904874381023ace9ecdf697f55c43dc5f4e1374d65e21bf0ae79b3c06a490

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          5KB

                          MD5

                          431caa102fd8d1dbb8358997329134fe

                          SHA1

                          404f6d274a7007af72de6ac3570afbb9e323aad1

                          SHA256

                          3031ac4aaf69d350a462da518e840a93821910db76a11cbe957996534d59ed35

                          SHA512

                          1b901acdcc8d82d81dcf9b3a50043ba4009aad55ca3a69068237ae7a971928b382b2336f92b8db218d4e5e7dfc0b39b27b2944ce7b77349b425d305f5388a8ac

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                          Filesize

                          16B

                          MD5

                          6752a1d65b201c13b62ea44016eb221f

                          SHA1

                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                          SHA256

                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                          SHA512

                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                          Filesize

                          11KB

                          MD5

                          0e8a0f19bb0a28a9ddc6e6301f1d0b42

                          SHA1

                          7ebd09a2f9be7e49d8f16894b0a9950d269abdfb

                          SHA256

                          f063ada6c9ffdc7381f63fdba3a2d5e4fbd4c37f8986dd8239f7179e671156b9

                          SHA512

                          1b88459a3b5a75390b829f47d60cd5c7dce163ce9b4a062d170981a2be024586daced5df7674cb90d6db818a61de310261ad24e08978ef3ec2bf755ec764c139

                          Download Submit