Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
298s -
max time network
290s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
09/06/2024, 06:16
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://sportamore.com/en-ie/products/adidas-response-super-3-0-w-pnkstr-ftwwht-bludaw
Resource
win10v2004-20240426-en
General
-
Target
https://sportamore.com/en-ie/products/adidas-response-super-3-0-w-pnkstr-ftwwht-bludaw
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1556 msedge.exe 1556 msedge.exe 3392 msedge.exe 3392 msedge.exe 2772 identity_helper.exe 2772 identity_helper.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3392 wrote to memory of 4580 3392 msedge.exe 83 PID 3392 wrote to memory of 4580 3392 msedge.exe 83 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 3376 3392 msedge.exe 85 PID 3392 wrote to memory of 1556 3392 msedge.exe 86 PID 3392 wrote to memory of 1556 3392 msedge.exe 86 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87 PID 3392 wrote to memory of 448 3392 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sportamore.com/en-ie/products/adidas-response-super-3-0-w-pnkstr-ftwwht-bludaw1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3392 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4d6046f8,0x7ffe4d604708,0x7ffe4d6047182⤵PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14430499512123913159,11323377324282579548,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:3376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14430499512123913159,11323377324282579548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14430499512123913159,11323377324282579548,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14430499512123913159,11323377324282579548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14430499512123913159,11323377324282579548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14430499512123913159,11323377324282579548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:82⤵PID:2200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14430499512123913159,11323377324282579548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14430499512123913159,11323377324282579548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14430499512123913159,11323377324282579548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:4000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14430499512123913159,11323377324282579548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:1912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14430499512123913159,11323377324282579548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14430499512123913159,11323377324282579548,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2952 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2856
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3104
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2292
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5d3b442f35f570aabd4797bccef7d8ed5
SHA1b7b264b7c7a2a17993c5b238c42ce7812422588c
SHA256d761454e8f17f349b04ed406ee508771cc361f372f955c17a81d95819e93676b
SHA51263ed2e8193b7684e887693707b76f03f0986f6a1f0039af04a167f8ed430a24565338f1417c831c01f3a94f8aaa06a262fbc498a3219a376244c1a0d02812aa6
-
Filesize
3KB
MD5c50bf279d8ec27584fe47fc9fb2ef347
SHA1b860bd7cdc1f00cf4af9890d526761bd00854a69
SHA25654a41991298f2659e5bc345bf97e16a148dc70ce5eaa4dc20fcd64800308269f
SHA512aa6a0de61a1a343cdffd6d2552992bc7d7272fd249bc4f4c3ce0caa58f9026319927e75ad2dfdff9f5d624f5d70f564861560fc02d4c20a2db84b6fa06239234
-
Filesize
5KB
MD556dd3d95ab77473516aa8c97132e0141
SHA1d0379e9fca94466c88585b74eede38b2cee3c785
SHA256a5dad349a32a751eafa547f79032b6bdfcab0a66abf7a61a01bc4dbc714ffcab
SHA512a81b467caf2c98d22134f330ac1aedf50e1a3848fa42f955a39b4dace1a5525ebd75f068e41e4c7334b152d897b93999d098c872c43d82cf25e0e8b4d1e7b0de
-
Filesize
6KB
MD57577ff378a530171cc2d6b03e96444ac
SHA15316cd589a669d9d48af6d8ddaa8ebdd6b8e7a3a
SHA256561174e027f7501c04b560be7d135a6ed2f50b97785e423d98548abf5cdb4f13
SHA512e7e29361ec7d0e5f01cc7148cfa7241ef78b53831d18c449508036e5fb89fed49434a357a093870ddd79e851ae70a066b3735cce86bfba98c5fefce2698be338
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD57d6337160b0924c64b1cac1e41700c63
SHA1ac2a057769aadb0330888a2d92a5665e995d98bc
SHA25681eff6315855104b0cb9104da43908f3af65729f1c13453e581863f5a7a5f35a
SHA512f0ebf5f4b49b2d1df88b2c43bc4a754bf2ef9a29b4220721a55d78677bfe678ec998e52b8c8583d5d4ab8bf10a094b5bf97899296c933a25bfef3ba94a5f57d8