Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

https://www.google.c...

windows11-21h2-x64

1

Resubmissions

24/06/2024, 13:51 UTC

240624-q6bqzsyeqq 1

24/06/2024, 13:51 UTC

240624-q5199ayepr 1

24/06/2024, 13:49 UTC

240624-q4n9asvfle 1

24/06/2024, 13:12 UTC

240624-qfqgfsxdkp 8

Analysis

  • max time kernel
    16s
  • max time network
    19s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24/06/2024, 13:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.google.com/

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3380
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff25103cb8,0x7fff25103cc8,0x7fff25103cd8
      2⤵
        PID:3876
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,2168192755060636381,15831236461961075449,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
        2⤵
          PID:3956
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,2168192755060636381,15831236461961075449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1536
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,2168192755060636381,15831236461961075449,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
          2⤵
            PID:1080
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,2168192755060636381,15831236461961075449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
            2⤵
              PID:2152
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,2168192755060636381,15831236461961075449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:3152
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,2168192755060636381,15831236461961075449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
                2⤵
                  PID:3456
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,2168192755060636381,15831236461961075449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1016
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,2168192755060636381,15831236461961075449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
                  2⤵
                    PID:1384
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:2300
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:4208

                    Network

                    • flag-us
                      DNS
                      www.google.com
                      msedge.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN A
                    • flag-us
                      DNS
                      www.google.com
                      msedge.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN A
                    • flag-us
                      DNS
                      www.google.com
                      msedge.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN A
                    • flag-us
                      DNS
                      www.google.com
                      msedge.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN A
                    • flag-us
                      DNS
                      www.google.com
                      msedge.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN A
                    • flag-us
                      DNS
                      google.com
                      msedge.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      google.com
                      IN A
                    • flag-us
                      DNS
                      google.com
                      msedge.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      google.com
                      IN A
                    • flag-us
                      DNS
                      google.com
                      msedge.exe
                      Remote address:
                      8.8.4.4:53
                      Request
                      google.com
                      IN A
                    • flag-us
                      DNS
                      www.google.com
                      msedge.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN A
                    • flag-us
                      DNS
                      www.google.com
                      msedge.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN A
                    • flag-us
                      DNS
                      www.google.com
                      msedge.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN A
                    • flag-us
                      DNS
                      4.4.8.8.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      4.4.8.8.in-addr.arpa
                      IN PTR
                    • flag-us
                      DNS
                      4.4.8.8.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      4.4.8.8.in-addr.arpa
                      IN PTR
                    • flag-us
                      DNS
                      4.4.8.8.in-addr.arpa
                      Remote address:
                      8.8.8.8:53
                      Request
                      4.4.8.8.in-addr.arpa
                      IN PTR
                    No results found
                    • 8.8.8.8:53
                      www.google.com
                      dns
                      msedge.exe
                      300 B
                       5

                      DNS Request

                      www.google.com

                      DNS Request

                      www.google.com

                      DNS Request

                      www.google.com

                      DNS Request

                      www.google.com

                      DNS Request

                      www.google.com

                    • 224.0.0.251:5353
                      msedge.exe
                      466 B
                       7
                    • 8.8.8.8:53
                      google.com
                      dns
                      msedge.exe
                      56 B
                       1

                      DNS Request

                      google.com

                    • 8.8.8.8:53
                      google.com
                      dns
                      msedge.exe
                      56 B
                       1

                      DNS Request

                      google.com

                    • 8.8.4.4:53
                      google.com
                      dns
                      msedge.exe
                      56 B
                       1

                      DNS Request

                      google.com

                    • 8.8.8.8:53
                      www.google.com
                      dns
                      msedge.exe
                      180 B
                       3

                      DNS Request

                      www.google.com

                      DNS Request

                      www.google.com

                      DNS Request

                      www.google.com

                    • 8.8.8.8:53
                      4.4.8.8.in-addr.arpa
                      dns
                      198 B
                       3

                      DNS Request

                      4.4.8.8.in-addr.arpa

                      DNS Request

                      4.4.8.8.in-addr.arpa

                      DNS Request

                      4.4.8.8.in-addr.arpa

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                      Filesize

                      152B

                      MD5

                      ade01a8cdbbf61f66497f88012a684d1

                      SHA1

                      9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

                      SHA256

                      f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

                      SHA512

                      fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                      Filesize

                      152B

                      MD5

                      d0f84c55517d34a91f12cccf1d3af583

                      SHA1

                      52bd01e6ab1037d31106f8bf6e2552617c201cea

                      SHA256

                      9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

                      SHA512

                      94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                      Filesize

                      5KB

                      MD5

                      c2d51d9e8fda9b87bb886ee486d353c1

                      SHA1

                      4c9cc7afbddffb75821d1f998d484784b1022052

                      SHA256

                      066a0214c949ce2d1a9f68f673419fe583943df611ca1397b5af96b6a0b488aa

                      SHA512

                      9fa0c3110cb457d40742d52ea2ae2d9f21d58e722a720f726b022ff4706a83c09f7d7aaea947d46322da0cb34cdbc60b99122fee3a7e4e6f1fa32033616cb44a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                      Filesize

                      16B

                      MD5

                      46295cac801e5d4857d09837238a6394

                      SHA1

                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                      SHA256

                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                      SHA512

                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                      Filesize

                      16B

                      MD5

                      206702161f94c5cd39fadd03f4014d98

                      SHA1

                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                      SHA256

                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                      SHA512

                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                      Filesize

                      8KB

                      MD5

                      beb96ac1acb4aa2ea2f9ca91447287dd

                      SHA1

                      f0347b3db5e90b710241d4fe9ba5d992df6bbc7b

                      SHA256

                      307f4d2f83527a5a01cf70718670f11420508dce81bdcd18fc30a7068cc2ff25

                      SHA512

                      48751051d63504154187927c86d5deeab276bf9f26bc6096510490e763818d30e9d8c75d4689157b20c130601ea7af2cb805b7a3687bd1147e8d16dbb4d73db9

                      Download Submit

                    We care about your privacy.

                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.