Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

sample.html

windows7-x64

1

sample.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 10:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.html

  • Size

    217KB

  • MD5

    d59d2365fb5812625dc6f6424e785174

  • SHA1

    eec517bb90c440e0d9a10323a5487bac0b1c29cd

  • SHA256

    d67fc4675ac90dc822536751358c98b547bdb87ad3c784b15279d4f6e34c0c9f

  • SHA512

    5efbc413cb4c2f0a91adca026ad7e2b3092eb9c1af9c6c1f855a4e105deb1f24d8358d83c234f6010daa089b3b232a6619479ee5712651a05eb76aa4189bd765

  • SSDEEP

    3072:Sq8v6yVWgcxyfkMY+BES09JXAnyrZalI+YQ:SqslVs0sMYod+X3oI+YQ

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1008
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff288546f8,0x7fff28854708,0x7fff28854718
      2⤵
        PID:4616
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10901344439114896153,7940334346481000091,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        2⤵
          PID:1560
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10901344439114896153,7940334346481000091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3984
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10901344439114896153,7940334346481000091,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
          2⤵
            PID:4552
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10901344439114896153,7940334346481000091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
            2⤵
              PID:2368
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10901344439114896153,7940334346481000091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
              2⤵
                PID:736
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10901344439114896153,7940334346481000091,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4500
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:1548
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4140

                Network

                • flag-us
                  DNS
                  oqi.nqytc.cn
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  oqi.nqytc.cn
                  IN A
                  Response
                • flag-us
                  DNS
                  8.8.8.8.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  8.8.8.8.in-addr.arpa
                  IN PTR
                  Response
                  8.8.8.8.in-addr.arpa
                  IN PTR
                  dnsgoogle
                • flag-us
                  DNS
                  62.242.123.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  62.242.123.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  154.239.44.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  154.239.44.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  75.159.190.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  75.159.190.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  95.221.229.192.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  95.221.229.192.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  push.zhanzhang.baidu.com
                  msedge.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  push.zhanzhang.baidu.com
                  IN A
                  Response
                  push.zhanzhang.baidu.com
                  IN CNAME
                  share.jomodns.com
                  share.jomodns.com
                  IN CNAME
                  share.n.shifen.com
                  share.n.shifen.com
                  IN A
                  182.61.244.229
                  share.n.shifen.com
                  IN A
                  14.215.182.161
                  share.n.shifen.com
                  IN A
                  39.156.68.163
                  share.n.shifen.com
                  IN A
                  112.34.113.148
                  share.n.shifen.com
                  IN A
                  163.177.17.97
                  share.n.shifen.com
                  IN A
                  180.101.212.103
                  share.n.shifen.com
                  IN A
                  182.61.201.93
                  share.n.shifen.com
                  IN A
                  182.61.201.94
                • flag-us
                  DNS
                  0.204.248.87.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  0.204.248.87.in-addr.arpa
                  IN PTR
                  Response
                  0.204.248.87.in-addr.arpa
                  IN PTR
                  https-87-248-204-0lhrllnwnet
                • flag-us
                  DNS
                  196.249.167.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  196.249.167.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  86.23.85.13.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  86.23.85.13.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  171.39.242.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  171.39.242.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  172.210.232.199.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  172.210.232.199.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  13.227.111.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  13.227.111.52.in-addr.arpa
                  IN PTR
                  Response
                • 182.61.244.229:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 182.61.244.229:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 14.215.182.161:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 14.215.182.161:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 39.156.68.163:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 39.156.68.163:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 112.34.113.148:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 112.34.113.148:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 163.177.17.97:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 163.177.17.97:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 180.101.212.103:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 180.101.212.103:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 182.61.201.93:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 182.61.201.93:80
                  push.zhanzhang.baidu.com
                  msedge.exe
                  260 B
                   5
                • 182.61.201.94:80
                  msedge.exe
                • 182.61.201.94:80
                  msedge.exe
                • 8.8.8.8:53
                  oqi.nqytc.cn
                  dns
                  msedge.exe
                  58 B
                   111 B
                   1
                  1

                  DNS Request

                  oqi.nqytc.cn

                • 8.8.8.8:53
                  8.8.8.8.in-addr.arpa
                  dns
                  66 B
                   90 B
                   1
                  1

                  DNS Request

                  8.8.8.8.in-addr.arpa

                • 8.8.8.8:53
                  62.242.123.52.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  62.242.123.52.in-addr.arpa

                • 8.8.8.8:53
                  154.239.44.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  154.239.44.20.in-addr.arpa

                • 8.8.8.8:53
                  75.159.190.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  75.159.190.20.in-addr.arpa

                • 8.8.8.8:53
                  95.221.229.192.in-addr.arpa
                  dns
                  73 B
                   144 B
                   1
                  1

                  DNS Request

                  95.221.229.192.in-addr.arpa

                • 8.8.8.8:53
                  push.zhanzhang.baidu.com
                  dns
                  msedge.exe
                  70 B
                   255 B
                   1
                  1

                  DNS Request

                  push.zhanzhang.baidu.com

                  DNS Response

                  182.61.244.229
                  14.215.182.161
                  39.156.68.163
                  112.34.113.148
                  163.177.17.97
                  180.101.212.103
                  182.61.201.93
                  182.61.201.94

                • 8.8.8.8:53
                  0.204.248.87.in-addr.arpa
                  dns
                  71 B
                   116 B
                   1
                  1

                  DNS Request

                  0.204.248.87.in-addr.arpa

                • 224.0.0.251:5353
                  261 B
                   4
                • 8.8.8.8:53
                  196.249.167.52.in-addr.arpa
                  dns
                  73 B
                   147 B
                   1
                  1

                  DNS Request

                  196.249.167.52.in-addr.arpa

                • 8.8.8.8:53
                  86.23.85.13.in-addr.arpa
                  dns
                  70 B
                   144 B
                   1
                  1

                  DNS Request

                  86.23.85.13.in-addr.arpa

                • 8.8.8.8:53
                  171.39.242.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  171.39.242.20.in-addr.arpa

                • 8.8.8.8:53
                  172.210.232.199.in-addr.arpa
                  dns
                  74 B
                   128 B
                   1
                  1

                  DNS Request

                  172.210.232.199.in-addr.arpa

                • 8.8.8.8:53
                  13.227.111.52.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  13.227.111.52.in-addr.arpa

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  1ac52e2503cc26baee4322f02f5b8d9c

                  SHA1

                  38e0cee911f5f2a24888a64780ffdf6fa72207c8

                  SHA256

                  f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

                  SHA512

                  7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  b2a1398f937474c51a48b347387ee36a

                  SHA1

                  922a8567f09e68a04233e84e5919043034635949

                  SHA256

                  2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

                  SHA512

                  4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  81e034e7378babadc7d6c1d0e601538b

                  SHA1

                  52766f01bd3456f01934067df91ed7e75f82b44c

                  SHA256

                  a334d84e245621a4f81b5fcf03ba995090497f935d025c8be865db2270ed23fb

                  SHA512

                  f8635e52a539706c019a9c7e87dd0c37c9745e4a6cd26d0294507e687dfaf96f659efced82eee6b3064dba7e22f9cc6bc1b9c192ce56922dd6e46a3c17fbf55d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  f6827c6a52d2ce76bfce0abca5ce8108

                  SHA1

                  c23185f03776912ac0b8c811386a7dd2f4bd9379

                  SHA256

                  6ba90d46ee399912eda0736139a5d03ef6daa3019bbd7beb1940f0ba721a4bee

                  SHA512

                  4841950a5f24337c6077c8dfa23c66c827dcfa74faf1c83cb6f89a7967389036939839e84bbd67ae6687376880768002ad1ba13c0f47b9ca329291c6e82ba8d1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  10KB

                  MD5

                  6f970d5ade933cf187294f84da2c8fc3

                  SHA1

                  543e867b4ff5827f0a11c54a916227c3a94c68aa

                  SHA256

                  8f4091b5932cb2921547428a406239dcaa3bb65aff5b94db5f3f8387cea69e9c

                  SHA512

                  caa63458d974660ff8e139d37c49d4c002a3cfe23b14fe5357852c2aef5a454d2187dba10a6b95929f4a13a6182bd6b60f3fd73c5ddac5626b2556edb58e5b5f

                  Download Submit

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.