Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
206s -
max time network
202s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
07/05/2024, 00:30
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://trackso.in/datasheets/
Resource
win10v2004-20240419-en
General
-
Target
https://trackso.in/datasheets/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 844 msedge.exe 844 msedge.exe 3676 msedge.exe 3676 msedge.exe 2420 identity_helper.exe 2420 identity_helper.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3676 wrote to memory of 4940 3676 msedge.exe 84 PID 3676 wrote to memory of 4940 3676 msedge.exe 84 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 628 3676 msedge.exe 85 PID 3676 wrote to memory of 844 3676 msedge.exe 86 PID 3676 wrote to memory of 844 3676 msedge.exe 86 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87 PID 3676 wrote to memory of 1824 3676 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://trackso.in/datasheets/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3676 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9c4d46f8,0x7ffd9c4d4708,0x7ffd9c4d47182⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5535813181130198032,15812574850975741326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,5535813181130198032,15812574850975741326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,5535813181130198032,15812574850975741326,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5535813181130198032,15812574850975741326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5535813181130198032,15812574850975741326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5535813181130198032,15812574850975741326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:82⤵PID:3924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5535813181130198032,15812574850975741326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5535813181130198032,15812574850975741326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5535813181130198032,15812574850975741326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:2172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5535813181130198032,15812574850975741326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5535813181130198032,15812574850975741326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5535813181130198032,15812574850975741326,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3908 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1648
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2416
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:920
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD562c02dda2bf22d702a9b3a1c547c5f6a
SHA18f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9
-
Filesize
152B
MD5850f27f857369bf7fe83c613d2ec35cb
SHA17677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA5127b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize552B
MD57f438353b5b9d436c3844317ce4e7668
SHA16b4e2b24c6f882d6b2910077e0f3915be7c5ac50
SHA256bc0c73eaae297774c2cae9189c0921b22e6caf9d6d4d6392159b3c42f1c81cf2
SHA512145220819fe39939b8d81ed8c9975a7f2cba01cd8236e76afbd45a3d0c5b792539bcd3961a1f346d4866a6353a7cc02f79069165e767ffdaa50ce9e6a5f2600b
-
Filesize
2KB
MD5143b2ff935bc8f2454150c4d6d301fd2
SHA1e3d4033ff544aa4d73cc3900e2071e7765bd7044
SHA2567e83fd513955d93d1b745469245d80c233d6f33821ef93b06ff96a701d912204
SHA512f444c95f36a12836d3b3fe0d0db83544683e63958ec67aa5c23b948f1ccc5dfa5c426e28d95fa4e08c3d7a21ae732adb34f2f369c094dbfbe389b76870161633
-
Filesize
5KB
MD5045d081745e2d594fce02dff100e670f
SHA134806077168a1b96e5aab1d5c7f21711532cb30c
SHA25696b4414931c53cc5fe59c808aeafe8e14afccdce4f9167fff928f75ef997bb03
SHA512c0067a90f4be5fd15bd25cbd98d7b49cbd3ccb27210bcd88a6e87888349f7316bc2e9fee088d0b261be1b372d250627f8a65662557ac3377ff2c138e729e7eef
-
Filesize
7KB
MD5b7ae9c332ed16944e4f7b0e97e6215a6
SHA11f7c89b47f82f49a43d31f7ece851c36ee14f3c4
SHA256ac898d19afa9d116d036c3b6e77d7ab3a7683905d1f24bd5c6b9a5e0f7a80aab
SHA512f7cbe9db5b2d7e1deb59b4161fa91d6e11e12adda2cb6cf795264b8cc820d85367eaf4e157e749606826883ed459971c806cad1082aad857d7bf270e0bcb5bdb
-
Filesize
1KB
MD5f4cade611948f1a7b6e076931b0d0b79
SHA1edfb5490c4aa5144052dc39ce171b163384d742e
SHA2566a9ad86bcf37c3d76dfa7ed7e4116ee2fc09b04d681d4fe0b367b7d926464225
SHA5128de01518bcdbff816f51c77d6072e3ea80b11a70a090ed5b2da1a113a1a25e1ca33186e70ac36a776d018176192dc257e9636d4a84994fd6b14796682ab9e8af
-
Filesize
1KB
MD5581604dc9e2f38be1d0d2c2515887caf
SHA1f80d4ee6bff978788db6b60edbc106faea575166
SHA25632de1357f2e97fe9110937216fdaeb3b626eb7feeec3815cfe3dc7302008a49b
SHA512f10316bdf18a6c0278413be0bc2d0e6fd69e386ce92d68318a69455b509733eb65f0a3c992a23f1c8edf22abcbc60b3ac77e00b0b4859d6f2837d64be771a2f6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a9462eda866645119a2f25464b952da9
SHA1c236d0b3090c5c288d8cee8af80a52b18070ff53
SHA256c7f3b76df29954d5c58ea4e780abb20966dd1a5010e8a135dbfa7aa4ce909df3
SHA512d402a6386ab5eb95963f50c288dd88876d4953b4b97b89431a1d4d79a7787ccc18cafd256764c15ebb3cadc33cb1c6679c122f5e92f137e656b3f3b28c5dbc21