Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
480s -
max time network
486s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
15/06/2024, 11:48
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2&
Resource
win10v2004-20240611-en
General
-
Target
https://cdn.discordapp.com/attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2&
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4236 msedge.exe 4236 msedge.exe 2372 msedge.exe 2372 msedge.exe 2424 identity_helper.exe 2424 identity_helper.exe 3820 msedge.exe 3820 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe -
Suspicious use of FindShellTrayWindow 60 IoCs
pid Process 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe 2372 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2372 wrote to memory of 3972 2372 msedge.exe 82 PID 2372 wrote to memory of 3972 2372 msedge.exe 82 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4356 2372 msedge.exe 83 PID 2372 wrote to memory of 4236 2372 msedge.exe 84 PID 2372 wrote to memory of 4236 2372 msedge.exe 84 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85 PID 2372 wrote to memory of 4332 2372 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1249802526723801153/1251236310543499324/IDA_6.8.rar?ex=666e80df&is=666d2f5f&hm=193b83b6917265bfe2b0468dc0c8334d625141195315d0bab48300afa46a22b2&1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaac6e46f8,0x7ffaac6e4708,0x7ffaac6e47182⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:82⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:82⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵PID:1088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵PID:316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵PID:664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5876 /prefetch:82⤵PID:2540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,14147968041121830647,3134922419366534675,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4664 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:920
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4960
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5088
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
186B
MD5094ab275342c45551894b7940ae9ad0d
SHA12e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e
SHA256ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3
SHA51219d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d
-
Filesize
6KB
MD53347a05ced18a0dfdc35a569ff6ecb93
SHA1407316ad05e877598a5be7e2636c509f8e82f92b
SHA2562b01fd5c0dfd960c0bde7249eef9929f202231de784dabd2e4402f715b34f217
SHA512eb68d67750dac9068bd4800c54030fc9c8758811944f72bdd7cda876b51cb78467dc86736dc7099361772914b67db85283afe91e2774afdb2a0b0781bdc2cd0e
-
Filesize
6KB
MD52b03eb53c9028f012943efe637264f84
SHA1cccad416add4952797803188b858a1868fef74bd
SHA256dce90cb15c86f2c585f56205075444dcc28e7356cf7e385de50e98c87b9c239b
SHA512842d594fbcbc95f78ed4da6fbfa47b0dddf9be52dabd0fe631ffcd97e465573aa505b57e87b80879fcf924f1ec708fe0c10f336c94e172d5b94e785283d99079
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD591491d874e54d0cf629f8b0f6a8943b1
SHA1bad69a47cdf6fec4ae503ff1747d16aecb8ac025
SHA25634d6af68f4139601c4814bd59738b9f76b2fee19faecc69596d57ca367d6880d
SHA512bd5cc959f4b0748f495d297d089f8627c00a87f577670e8c99b88c4bf2ae9a46d0b858ef652ac687741671951ed88128f5feb866f4ef931cb74d00609cb0a04e