Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

Backupjobs...8.html

windows7-x64

1

Backupjobs...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/05/2024, 10:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Backupjobsummary-BankofGuam-DailyJobSummaryReport_2024-05-03-08-00-08.html

  • Size

    4.8MB

  • MD5

    6d391f179dd7bb5b9dd05c3dc6438e61

  • SHA1

    2cd0b05ae7b9c7da228ae0013316b43749874d64

  • SHA256

    e5985a9c882fb00282e748c03dbf32ca9d59cd8b519d81cbc014850eddee2491

  • SHA512

    74897874dcb772f78b8aa445970c6b408a506f1eaa2c7b06dde95ba509b6ee45bc6dd40516cc836acb93fa822ec9b08292692cd8adb0400a5f5a132801a46a28

  • SSDEEP

    24576:yGH8p3jHtPDfrX5PqAD7INW61dfKejwbwu:Dg3jHxDtdq1dxwbwu

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Backupjobsummary-BankofGuam-DailyJobSummaryReport_2024-05-03-08-00-08.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde45246f8,0x7ffde4524708,0x7ffde4524718
      2⤵
        PID:1576
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13330818990559377287,3600730025270232071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        2⤵
          PID:3304
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,13330818990559377287,3600730025270232071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4588
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,13330818990559377287,3600730025270232071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
          2⤵
            PID:1916
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13330818990559377287,3600730025270232071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
            2⤵
              PID:1044
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13330818990559377287,3600730025270232071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
              2⤵
                PID:2500
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,13330818990559377287,3600730025270232071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
                2⤵
                  PID:4348
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,13330818990559377287,3600730025270232071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:912
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13330818990559377287,3600730025270232071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
                  2⤵
                    PID:4828
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13330818990559377287,3600730025270232071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
                    2⤵
                      PID:4572
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13330818990559377287,3600730025270232071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
                      2⤵
                        PID:4876
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13330818990559377287,3600730025270232071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
                        2⤵
                          PID:2496
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13330818990559377287,3600730025270232071,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4480
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4892
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2864

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            9dc60aef38e7832217e7fa02d6f0d9f6

                            SHA1

                            4f8539dc7d5739b36fe976a932338f459d066db6

                            SHA256

                            8a0ee0b6fafabb256571b691c2faf77c7244945faa749c72124d5eb43a197a32

                            SHA512

                            18371541811910992c2b84a8eae7e997e8627640bdb60b9e82751389e50931db9b3e206d31f4d9d2dc3ca25ea3a82c0be413ecb0ef3ac227a14e54f406eaa7e7

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            7ac03b15b68af2d5cb5c8063057cc83e

                            SHA1

                            9b2d4db737f57322ff5c4bbddd765b3177f930ab

                            SHA256

                            b90d7596301470b389842eecb46bd3a8e614260b0d374d5c35a36afb9c71a700

                            SHA512

                            a5e9f40dd9040803046b0218fab6b058d49e5e2a3ada315e161fe9fc80ebb8d6d4442ccc1c98d19e561fc7c61bcf43d662fe2231cacacb447876a2113c2e3732

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            3b5172b7e5a0101924d0aa741967e1ef

                            SHA1

                            632706d446fc88392bc62299003ad1c4f28b6c5a

                            SHA256

                            a00f1c251019a23ccaaf124c0d16ff8a505b742ca83c697a54909205f4770414

                            SHA512

                            16af07c6cf69e8647d6de9db1826e8ebee68a7d00d4400bf5cd91d1cf0736b1e1ecf176a392fc75c902b202cd1479a4ffc25c5ed91fd0c77cb16c67c02626efd

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            401507f58ca854ca198d55bc3d9017fe

                            SHA1

                            fd2da28a838c5e5d3a4e2caac8177687ae5441aa

                            SHA256

                            5b2305a5aeb8a48a20a894ee209f4c6e7c64c56d763b9fac3b1647c0c170abf8

                            SHA512

                            b8060883cbef99b019dca7af4fde13254e965e5ed42deeab5ec4905148ddb5b0f11d8e7421b3c01e09b5d34d0759c780b9f717a5d4d41b67e9fc5383ff17e00b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            2d33390a02482a4d68455a45efdf964b

                            SHA1

                            6049f2a317edf904caa9938a06624610c102cccf

                            SHA256

                            304746e3d186f3b176dee34d54d38174d17cc08b02e64b701ea71665f876361e

                            SHA512

                            45ea4a857501b776d8343b7e5194c07183965d63309f063a67729b8f63dd138459c294c193dad14ef7d624de8d6ef8eb43d9e21412be8058fd9e160086a63426

                            Download Submit