Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
480s -
max time network
594s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
30/05/2024, 14:34
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://imalyssalau.ca/auto-clicker-keyboard-free/
Resource
win11-20240508-en
General
-
Target
https://imalyssalau.ca/auto-clicker-keyboard-free/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 664 msedge.exe 664 msedge.exe 3304 msedge.exe 3304 msedge.exe 3768 msedge.exe 3768 msedge.exe 696 identity_helper.exe 696 identity_helper.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe 1552 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe 3304 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3304 wrote to memory of 4612 3304 msedge.exe 77 PID 3304 wrote to memory of 4612 3304 msedge.exe 77 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 2144 3304 msedge.exe 78 PID 3304 wrote to memory of 664 3304 msedge.exe 79 PID 3304 wrote to memory of 664 3304 msedge.exe 79 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80 PID 3304 wrote to memory of 3896 3304 msedge.exe 80
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://imalyssalau.ca/auto-clicker-keyboard-free/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3304 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd244c3cb8,0x7ffd244c3cc8,0x7ffd244c3cd82⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,14428682649379805258,10986815426010403691,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:22⤵PID:2144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,14428682649379805258,10986815426010403691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,14428682649379805258,10986815426010403691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:82⤵PID:3896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14428682649379805258,10986815426010403691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14428682649379805258,10986815426010403691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,14428682649379805258,10986815426010403691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,14428682649379805258,10986815426010403691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14428682649379805258,10986815426010403691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14428682649379805258,10986815426010403691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14428682649379805258,10986815426010403691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14428682649379805258,10986815426010403691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:3604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,14428682649379805258,10986815426010403691,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5168 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1552
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1500
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3780
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d56e8f308a28ac4183257a7950ab5c89
SHA1044969c58cef041a073c2d132fa66ccc1ee553fe
SHA2560bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae
SHA512fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189
-
Filesize
152B
MD58f2eb94e31cadfb6eb07e6bbe61ef7ae
SHA13f42b0d5a90408689e7f7941f8db72a67d5a2eab
SHA256d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de
SHA5129f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703
-
Filesize
471B
MD52066d482ff70475074f949538343bf82
SHA19498ee0b2cdd12b04f1aad7bde3b97da9b5222c5
SHA256b6ef8ccf139c25db85a3000e9170a33206a034ba559437084a29e4b280a3c1ee
SHA5129a7859d63459b535d0be56ecf1458e7763f292bc5742916006cb9c4de9518dfdbac1e3bae477d90189261f9bd796a9c39b33c36c71d0e2c72ec1779bef948f30
-
Filesize
471B
MD5453f6b8c6446d1bfdb7c73d8dc93170c
SHA18b649c06fdc9f4e3d2937a2522eaa056a86c782e
SHA256f3253ea6b5d6fb1265f1b3c5b5a7b3ba3cc85451e8a5ab7bc885f2ac8214bdc2
SHA512a9a53e4f78333262ee9aed7a39d0d21c322e61b706df3fcd56f0da1fb1d086005993a871f177a2ef1637a8803b754737b1a4dbbc76b8332be4ee25595c021132
-
Filesize
5KB
MD56adcd4fb73f7b3d411f6c89ec2dd7c38
SHA18c1643282851339dad5d343c991042fb3b2714d8
SHA256bc48ceb5d8ceab6fe83cc1640342e85228983f0bc4b1ba3f3258dd0ecb25246b
SHA512d13f59ef7c18d8fda4f072d0316a160a2d1034e1e0bedd637aaf59b2f27300f1541aab029f538888fe8889a0a2e687cb706b0959e30c91f829f5c4cad3ecfd4a
-
Filesize
6KB
MD561e40ab834ff52c0114b4f97208903fc
SHA1e6eed0a7a1cc907f6197b598921f925827febb88
SHA2560f64d657fc962dee96ff8ae05e325536e7598e0a10071f861bb2587a71b4bcc2
SHA51229aee6b018b948b9b3f085be4a294845c8005de52f7c6561a7a6aefbdfd6c1962632d443054bb45d4e2392475cb7d5ac60ded74db8e3ca17e08230d6f4eded9a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD50f29c353d069a9cce86f85a9cc9c8843
SHA16888280236558f1bf15e810564310da2d2cfd06c
SHA256a6ce896cde9ec15f466589af1c4b802becdadcb68dc579d089adda75b410bce2
SHA512bed47b2893f006d5f3d7cb28745b83f71286eaaa9f187a2cde630b27c5dedfeab3a3ca43a208092d7a245845ddee9a29cc3b1f384e1cc7337d71e03de65268b2