Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
43s -
max time network
47s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
17/06/2024, 09:39
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://adamsplumbing-team.atlassian.net/wiki/external/NTY4OTlmNzZlNDk0NDYyZWFiMjdkMWE0M2YzMjhmODI
Resource
win10v2004-20240611-en
General
-
Target
https://adamsplumbing-team.atlassian.net/wiki/external/NTY4OTlmNzZlNDk0NDYyZWFiMjdkMWE0M2YzMjhmODI
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2212 msedge.exe 2212 msedge.exe 2804 msedge.exe 2804 msedge.exe 3204 identity_helper.exe 3204 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
pid Process 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe 2804 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2804 wrote to memory of 3308 2804 msedge.exe 81 PID 2804 wrote to memory of 3308 2804 msedge.exe 81 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 3532 2804 msedge.exe 82 PID 2804 wrote to memory of 2212 2804 msedge.exe 83 PID 2804 wrote to memory of 2212 2804 msedge.exe 83 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84 PID 2804 wrote to memory of 3492 2804 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://adamsplumbing-team.atlassian.net/wiki/external/NTY4OTlmNzZlNDk0NDYyZWFiMjdkMWE0M2YzMjhmODI1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2804 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb022446f8,0x7ffb02244708,0x7ffb022447182⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:2112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 /prefetch:82⤵PID:864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵PID:3856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵PID:2880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10602251711282836130,7344222214181026824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:12⤵PID:1340
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2996
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1372
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
6KB
MD5fe7429ad5cb947de7b60050ee4d6dfd8
SHA12ac902e9cb023323d313cf29fb4b92769d760f23
SHA2569861a6c1cb83cdcbcac3c6e396ba02f96ab0afea32a473121bb196dd56a922f4
SHA512aa15333ed13696a5ba9bc8fa1c99de4050b85cb8b98003f0859e7a7b549a5e57c069187dd956b209e9ac79a111a0b0d084924e1413ca266d243f6ab573c65564
-
Filesize
6KB
MD53fe82721cdfeb90517a54b1700170e60
SHA116e156cd6c3d9230dea8925ca6e343de542bdda1
SHA2564dc81b31dd814305786c03b9fb7c95dfaacb8e965860acd8f316b7d7505c4383
SHA512bd20da85603f5a89b2763fd3f63d9fa3de97eed60055cf50063154eec2ad5f9ce9f705530716d54bab4382deb684dc108b3ad45841e457cceeb4f7f657a1d60c
-
Filesize
7KB
MD5a35d5942d9c9ed2a4d40b5995e3d5183
SHA17195ad6d070c96b496b6b2927bc7226f2dbdfb34
SHA2560a003e2150b825e6fc387f1bb3c86f6de2294991d966f7ebd51b142cb6b62060
SHA512fa41d447bd4b79231a670d5f5e839f0c69b103b5347eb72840d795278f381c9b180c413c022cdef028b0ce94c2a68828c8d6e21772b7dd3799ea560f456bc93f
-
Filesize
706B
MD5df0d4cf67376886a6196f0614441b29c
SHA12ea1a579f7237f5c8808ec61c985c80b5aa7e935
SHA256acf62d42e2104de51c14940ab901336a95994f5a55d8f57a13532d34a4bb52e7
SHA5126f72442282a32a962332ad62e882fcca8b94e66deddfa7b041b4659ab4d52b74bf0606837b52404d380cf099a6f682d1799bd7d596cd77be5219ca5517e38288
-
Filesize
706B
MD566c4fa26a80d2d9828ed8240977d4783
SHA194dfa487ae904eb8435c7d2edca9cb302db05be9
SHA256d88bf273539fb9f336e4a3feaa8b91b65cf98e8cf92a4ac542a806c0b6a635e9
SHA5125733f92beb94437266b17e66cd91b6310396d030d0e1eebe62e2fc1b7167042f69523f00490926675be5ab9c8d1a5e4e9aee2c65dc45dd714fcdf525ea34dfea
-
Filesize
706B
MD5fb88c9bf5c516fa7b7fdfe2e17282c98
SHA1645ac725d75bf902fffc7d71e67d51e2d21fb276
SHA2567ad48fccdd9373d86845d4761c8d1c8a55eacb07390c1d65d3b4804989aba22b
SHA512e54775dee28a2d4f5d0a324d76db213a3b53436bf60afc6879b8880d47d691fad1a9cf3afce339b54ec53d33c86be920f94ded741805b38ad0930dde8ad5b1dc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD56117e1796a34b96c807705d407f3b25d
SHA1a27c6dc03232dedfdf0939b6d83fc295b7076cfc
SHA25698b0840421fe0fc72a0ed859e83a1a64dc5364c4f0a24925316a36d6e73aa9b5
SHA512bf94902b9b8ac3be92fd327d7b913e80fb6c568ed82afbaa0cf2ab0d8430bac72f8775477db5215f54266711ec822ac75e2f680283352410f49aa93a35dbd2ab