Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17/05/2024, 14:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://gosite.cc
Resource
win10v2004-20240508-en
General
-
Target
http://gosite.cc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1032 msedge.exe 1032 msedge.exe 3144 msedge.exe 3144 msedge.exe 2208 identity_helper.exe 2208 identity_helper.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3144 wrote to memory of 4860 3144 msedge.exe 83 PID 3144 wrote to memory of 4860 3144 msedge.exe 83 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 2952 3144 msedge.exe 84 PID 3144 wrote to memory of 1032 3144 msedge.exe 85 PID 3144 wrote to memory of 1032 3144 msedge.exe 85 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86 PID 3144 wrote to memory of 3132 3144 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://gosite.cc1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3144 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0ef46f8,0x7ff8c0ef4708,0x7ff8c0ef47182⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8549620377007107475,287711138534016115,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:22⤵PID:2952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,8549620377007107475,287711138534016115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,8549620377007107475,287711138534016115,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8549620377007107475,287711138534016115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8549620377007107475,287711138534016115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:3392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8549620377007107475,287711138534016115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:12⤵PID:1808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8549620377007107475,287711138534016115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:3956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8549620377007107475,287711138534016115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:12⤵PID:1748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8549620377007107475,287711138534016115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:82⤵PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8549620377007107475,287711138534016115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8549620377007107475,287711138534016115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8549620377007107475,287711138534016115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8549620377007107475,287711138534016115,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2728 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4788
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4648
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:560
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD509931dc8b3554f356c78ff504fd94209
SHA117f642bba647cc4c83c8d764db6bd1a6c251357c
SHA2567d63a4c04d52d1c3e5fdf6557aefc28d8e9f9299c02c09374b5b32072949b111
SHA5126adc3b13640c53f0a0629f0b0318b9f0ef0917c6aa1e0906941747c17380c501d294d107162a76aa5b7c42e67d04e3b26ec7a05bda5568fa6f0f9ad773a3aa45
-
Filesize
553B
MD546e47f8e39782c5885a68db87be967ce
SHA1ea2462ea002ed109d2d3bccb5e39c7317ebb326a
SHA256ba838364e119bf321835de653ced90bbbeb7678e6db338389afd8e4d7d224d61
SHA512f6070af7ae17edf2d3dfd405f9f60cae4c0498ba989b8d7c4a45d89f233db19e58ace4b217bcc0f37a595e9224cc49bf1c93c915649e153d1ef31b10ec6440ae
-
Filesize
5KB
MD5b83b39f20ae8400ff114d1e3c0eb6916
SHA1948728a295e6fafcff9da6d73b2557d78378560d
SHA2563a7c7488a27a8b8b72e5f729a58fe66c08e123e44c07f4b5c2ebf1678d76258f
SHA51293bf6ad58526663740a8ae28b042fdf47e213a5c60e44be58c8bfef923670c04479d47cc4319f60b3492321dc541a7914f0fa882fa97ae89f717566966f8b835
-
Filesize
6KB
MD516decef7cd9691a65528e9d515fb4606
SHA1d03e696f7b1087872011c11d0d4af86bc6841c9e
SHA256fa1460ead5ae2ffd01fd0ac5b8a0427f7441b635bd64df673e52edfbf5d0c49d
SHA5126e028044cce8e12d46b37af904f9d9280a5e0a36d9200e3dbec6f0cf6fa28e67715dac818dc849f5b2bd251a5f00e7b83324707026d44568772bd393e3049b08
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD57e6060e214155efa401a009c1b722e70
SHA12c132dd0f71f9eade45b844a9a0113d9a6d6593d
SHA256931442712ab5bff310ff5e6354013bdf655af6a83bd8da3dde93ab6e03b19300
SHA512a276483a78effbf094ea27d045c114b6bb73d6a404fb3a27d4bb2215b08583c91b0546d632bad59f0682c63e0c0671b4959b77edbbd9e3d04f4ccb779f0cdf33