Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
07/06/2024, 10:02
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://ge.ri.co
Resource
win10v2004-20240508-en
General
-
Target
http://ge.ri.co
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1480 msedge.exe 1480 msedge.exe 3176 msedge.exe 3176 msedge.exe 3396 identity_helper.exe 3396 identity_helper.exe 3648 msedge.exe 3648 msedge.exe 3648 msedge.exe 3648 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3176 wrote to memory of 4436 3176 msedge.exe 83 PID 3176 wrote to memory of 4436 3176 msedge.exe 83 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1456 3176 msedge.exe 84 PID 3176 wrote to memory of 1480 3176 msedge.exe 85 PID 3176 wrote to memory of 1480 3176 msedge.exe 85 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86 PID 3176 wrote to memory of 1376 3176 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ge.ri.co1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3176 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d47182⤵PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,11648275129456409738,1767862093926328619,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,11648275129456409738,1767862093926328619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,11648275129456409738,1767862093926328619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:82⤵PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11648275129456409738,1767862093926328619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:12⤵PID:3868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11648275129456409738,1767862093926328619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11648275129456409738,1767862093926328619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:12⤵PID:3588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11648275129456409738,1767862093926328619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,11648275129456409738,1767862093926328619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:82⤵PID:2928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,11648275129456409738,1767862093926328619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11648275129456409738,1767862093926328619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:12⤵PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11648275129456409738,1767862093926328619,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:3764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11648275129456409738,1767862093926328619,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:3188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,11648275129456409738,1767862093926328619,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,11648275129456409738,1767862093926328619,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2956 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3648
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2084
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
202KB
MD56a16cbefd2e29c459297b7ccc8d366ad
SHA140da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe
SHA2569462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60
SHA5126a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize624B
MD5fa59d61edba7bc14d88ec903be0b5e7b
SHA176d19c7259abbb4d9292565d01412d58bdc75402
SHA256484f9cd88343e0750a5ff0e81126ee6350ccfd8c9fe4864227192c4806fda3e6
SHA512a716e736a82a98652dbc234ad45cfb45b68c702c024aac372fd57df01a49fc000665bce9eef90caff37f4d78127b7c80fedfa9672014c6eb10eaadff631cc76d
-
Filesize
1KB
MD580ee144fc1f6ce0ae1f9d17b0e8d44eb
SHA117958c3f55a623d9435c25aefce895681c22061f
SHA256944e5938c0b0247ad6ecf3507a2d9b14f6787e9bdbdb718d53909c2c155ac64f
SHA5127d24373d2c4d126a437607cb01d78acd999d4fd11c71509754f6bb6d906fe5f39992449c62ece8d14ae41d1900b57de92f31f73d44069822fe1d601dca596dd6
-
Filesize
5KB
MD59fc04976c656c2e4d9fdbdbcab777725
SHA1d4dafedc91341398e7f8f283fc5b3ae73e37cf4b
SHA256af6a15c7adb793936520a7f00f6517c8fc848c1bbe188926498356ffac1205eb
SHA512b86bce7a6d17fbaf2524411f040beb43fbcba97b5914724c142ab25c9d73ead3f60ad58af13ff47156c898e0bdd57709a3fc4412ab1f5a505c934f9315ee98b2
-
Filesize
6KB
MD5ceb32a0860ba4ff17d8d8837d8d26ce8
SHA197af081e06958d96b7d8e036a614bd8593cf2b64
SHA256a85faa6a7ebf1a6b2c62973aa6cdaba4126012cf619a287575d5a819a808b325
SHA5124baeabf317b843787cd612662b1424f6ce4b3e56e7d22c4ed7aede4760d7a8437d7bee65e0723b7abcfcf217fbf150a5caf87a3525a51fc02beb63cae478edb2
-
Filesize
1KB
MD5c6b819c31891a30cab78a27d0c3f61af
SHA19293780f0a80f62645123157aa5a860224de7c7f
SHA2568ec0ad2b78382c4677b724546a0cd6373e5d09ae690972fb448fc8c54df466a3
SHA512c77bd0fa6cd70169266347fac1e19ac3d7f9dff0e3af5e5f63f40452f28639dc5c1395f4c49e7100ce4d430f1b86780b76e46b3ca7baa5427f179ab1ef9758cd
-
Filesize
1KB
MD5c3df60128f1f925a5770f12163fd49bb
SHA1a4cffcd766840eae096216544daaf546b15b86ba
SHA2563d5d6d134363f92a7d817999f5611fd7d6d1706cd30ad5b34c3b554b87f5d583
SHA51267c7eb0087102d597be6033fe5e33b367a9a05c38e75272df23f808d80fb26640857e95f89f85f37d1933741bbe6001654bc1459d1c0dacbbc53ee43481100e3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52e39400775aa1a387e01a2950bd2788e
SHA143229fa2437e485676659f1f1e89180f6465f026
SHA2568bfd64705c6537b0f579a639eb3e53d00be16a20282f314e8c9dd1cb207a8d8b
SHA512da26e90a5079114aeed100b596ffe928abd5fb6f5cd99bfca05fd57ac3bbffd346cb20f8677b97ce1664cbc95bb8626760a3cb3e1de2626a5a09c8a63a0e861e