Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
30/05/2024, 19:31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://autodiscover.fsma.gg
Resource
win10v2004-20240426-en
General
-
Target
http://autodiscover.fsma.gg
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3028 msedge.exe 3028 msedge.exe 3256 msedge.exe 3256 msedge.exe 3212 identity_helper.exe 3212 identity_helper.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe 3256 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3256 wrote to memory of 2420 3256 msedge.exe 81 PID 3256 wrote to memory of 2420 3256 msedge.exe 81 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 764 3256 msedge.exe 83 PID 3256 wrote to memory of 3028 3256 msedge.exe 84 PID 3256 wrote to memory of 3028 3256 msedge.exe 84 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85 PID 3256 wrote to memory of 4148 3256 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://autodiscover.fsma.gg1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3256 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb014846f8,0x7ffb01484708,0x7ffb014847182⤵PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16489216799928051723,10815148862668946403,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,16489216799928051723,10815148862668946403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,16489216799928051723,10815148862668946403,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16489216799928051723,10815148862668946403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16489216799928051723,10815148862668946403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16489216799928051723,10815148862668946403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:12⤵PID:3004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16489216799928051723,10815148862668946403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:82⤵PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16489216799928051723,10815148862668946403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16489216799928051723,10815148862668946403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:2560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16489216799928051723,10815148862668946403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵PID:2004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16489216799928051723,10815148862668946403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:1272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16489216799928051723,10815148862668946403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵PID:3752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16489216799928051723,10815148862668946403,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3604 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4996
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4496
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1196
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD504416bbe2dafc1d94c6f88b07845a1e3
SHA113ddbae563927e4fcb1acfef0dd21352d5d16c62
SHA2569c35c86497455b6f8edd0f786025b12a5f06c28f0a1a139f4ba4263a0dc48bb6
SHA51213a7a7cbf6252544397094de265804a666b7f6b8cd09f47d39a85905f824b9583aaf43e8bb6f35f641a6ed78b0b32aea007ae0b59f186c2ae56260136ffce04b
-
Filesize
1014B
MD5194e1bc6a1e3f976af423ef198bab524
SHA1fd1faf2302292f85fc42221455741de95925b80d
SHA256eb5c4a5ed0fe7bfeb3e251df94bbb2edbda604c7570f7326632a73676cf9b8a8
SHA512e66431566d4339e2b1f8865dd6a6ce6b94ac5c78ae4b3d28fef7e4545456c41628b6c996927356b0f7d449da47e8266c716243c933988548b884df5b2cdb900a
-
Filesize
6KB
MD59a2f7decb7e7685d8929ce72d4f51536
SHA1121a0e3076207b4bcc2e3e3e0175d7da3c9368ec
SHA2568dd5811cf5d90f9ce45ec0bd2707a2cedb09ab49f13d12bab225c486d4873068
SHA512de643e95028ba1b9baf03d5f1029faabe3f54f4ae936af0e2c020e309191a413038175bbaa88e7080d130336498a68b4c8f244d43a3960b4a400af0283bfcef8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aedf5780-e108-4396-b46c-3f823ec26922.tmp
Filesize5KB
MD58fafd37241f76d8404da0d7e4d7634d9
SHA15e6036da178332222c6a0fc33668d2ad2b33513d
SHA2565bfbd785a1d63d1e3b95277748494e3fb60a37afaf80d1bb3df2ee4b481e2e56
SHA512db077e0cb3daab686013b7baceb08ff269e3d3230d1176ef2f8d84e2b231a71958005bbd248894d6f46079039ca5c874f380a1ec32be63ef856de9895cd57814
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5eba50c9e13bda9f68d497a7750a05939
SHA1cda23382ac33ef4f0c52dbc68760b968ddccc83c
SHA2562a91a3de8409abc1790f6baa96fbd91445c6bfb582b64e8b6da76f83d2782b05
SHA512a84b22bcd28fde9db47e6e984036beaa238db8d15ab205861664fc5935cb7593cff7748a31345ec3f61f6e7740b45cc38bee40b77acc8a7426a36a290f57b1a0