Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

sample.html

windows7-x64

6

sample.html

windows10-2004-x64

Analysis

  • max time kernel
    83s
  • max time network
    84s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/06/2024, 13:49

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    sample.html

  • Size

    514KB

  • MD5

    a4b864d6d8693a449ba42abb51e042f0

  • SHA1

    1a6bb7f58fc9315558b9536830f76e46b5995683

  • SHA256

    380f91ebfba5778d5d84650c2e0116cb8300a44ce8bb48239a729efd5c5718cf

  • SHA512

    46cd05245b4b29b5e0cbbe8fad6fd3a19d829ca599adb9bd0fe79707e27e11d59b1aeace94b1b9e1daddbd76e1fecac56a4d1ecb764e425189d0f4efe4e43d92

  • SSDEEP

    6144:VMQt8gt8qt8ft80t8Ht8Pt8rt8Qt8wt8T8Txbi:V7tPtbtqtztqtWtAt/tttk8Txbi

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4840
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd15c846f8,0x7ffd15c84708,0x7ffd15c84718
      2⤵
        PID:2256
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,10561956648805923211,14424144989690790233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        2⤵
          PID:1224
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,10561956648805923211,14424144989690790233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1200
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,10561956648805923211,14424144989690790233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
          2⤵
            PID:4704
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10561956648805923211,14424144989690790233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
            2⤵
              PID:3212
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10561956648805923211,14424144989690790233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:3164
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10561956648805923211,14424144989690790233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
                2⤵
                  PID:4316
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,10561956648805923211,14424144989690790233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
                  2⤵
                    PID:2616
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,10561956648805923211,14424144989690790233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:604
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10561956648805923211,14424144989690790233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
                    2⤵
                      PID:4724
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10561956648805923211,14424144989690790233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
                      2⤵
                        PID:2156
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10561956648805923211,14424144989690790233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
                        2⤵
                          PID:3180
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10561956648805923211,14424144989690790233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                          2⤵
                            PID:4880
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1792
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1936
                            • C:\Windows\system32\LogonUI.exe
                              "LogonUI.exe" /flags:0x4 /state0:0xa390a055 /state1:0x41c64e6d
                              1⤵
                              • Modifies data under HKEY_USERS
                              • Suspicious use of SetWindowsHookEx
                              PID:4900

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              81e892ca5c5683efdf9135fe0f2adb15

                              SHA1

                              39159b30226d98a465ece1da28dc87088b20ecad

                              SHA256

                              830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

                              SHA512

                              c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              56067634f68231081c4bd5bdbfcc202f

                              SHA1

                              5582776da6ffc75bb0973840fc3d15598bc09eb1

                              SHA256

                              8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

                              SHA512

                              c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              1KB

                              MD5

                              97bd1afe39da1fb08533846e59e8d96b

                              SHA1

                              d3a0436ce8067b190c0617d1a7547e77e4df78bd

                              SHA256

                              9a15978cc78203393b05783464390e9431243992293020ca8d311374b60ca0b6

                              SHA512

                              8523d19a4fb6fb82604fdebfaaffb1912ddf3b69ec5fa8b14da11e2b1130d4ccf86b73795df4b0cbea094b36ab8c820a475a219fd60baf7a9d0c2edaea1c2f9a

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              23db52ea6f9614f05bad0c322cc5dff0

                              SHA1

                              af08424fee9ead4102c811aa21b791176e2968c6

                              SHA256

                              562fa3a9ffd1c27b8d2ce2c16a51a52a2bb64e45626c602d167e108e6584e8be

                              SHA512

                              759cb68deb4d34075487322133c089a3b999669fa9a29747981781a44493c7e9251505e07ad93e3035c54bd69f3f7e811c064651b4c185aa1e7dabae5544a778

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              a9dfef1488bd6327878b3bd0bf99f16a

                              SHA1

                              3e8688a5de6d4975d68ccb2815ad07ea5f313b4b

                              SHA256

                              b68286c9592ac4058d769471cf92e6629d1ad870d85cf17695305649aab61163

                              SHA512

                              03e13a2f33aeab76446f6bae68b56131468ee0a1c1cc84db48aab0c2568439555d022693c475036bfbbcac5265d3977d117163d1d528f2f74817e8c70e7d7502

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              8e76e4375d36c472493dfe1fb01f04e4

                              SHA1

                              aacdea5f43b420a81e4e1e2ce7e2968498c2800e

                              SHA256

                              7359ef1b387141e42361ecd827463cc4b6fe710353d6efc5d90626b62052ba6c

                              SHA512

                              3ccf477f6d7b3481d49230043b7d38f70d299238c98e2ce0f927d473ea11af1840484974dcf3b47363b924cb08c2dc91a68a8d83e01e6ff20476d5ec07c69c18

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              5fc2d1741da51a4fa872cab21cc4c9b7

                              SHA1

                              03db5d913db4b8058300199af20024a1d347c23b

                              SHA256

                              e58e92e0d3577c1ddc4864010b7cbfebdd745288f06b0392f68ecda904edaedb

                              SHA512

                              eed3b24afa0c1092a7279f1f58e45d450576c6c27615b6d9ab78231b58600c10bfd489bd46cd89de99b7b21b89195a827ae61402dd5a8503339b443a5ae76f6b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\c71289fb-2b56-4b1a-b87a-a4f69895c591\index-dir\the-real-index
                              Filesize

                              1KB

                              MD5

                              c6c140d2c575707d90bf177fc5aaa8af

                              SHA1

                              941dfeaa3ed40870b1ff83c727d26685b68535b3

                              SHA256

                              134e9ad955b79405b953e4c07b51cee2225b92cca628ef719da575f333d6931c

                              SHA512

                              84bfd17f85833bf61d1703b543d5ff68dc1084884b38fbeed8b1afff204db91af472e6a81f040c8d0b51e19504ffc6a0536b2b7ba36d4c9d8a85ff88500f19e2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\c71289fb-2b56-4b1a-b87a-a4f69895c591\index-dir\the-real-index~RFe57ee96.TMP
                              Filesize

                              48B

                              MD5

                              b7f81fdfbdeff2c69bc851fe81aefa14

                              SHA1

                              394de395b55153adafaf66c89be9612c42f08498

                              SHA256

                              273295e0856c0618fa74b564e1630cf811552572b231f3ba2b21d56c9073ad60

                              SHA512

                              eb8ceee1176ffc56dea755a8410cf91ab0a2ba10da3b3b16d7dabc8d2c8a566ad819bb832ffda8031464e16493d23241ef927412e848f40bc9424997d9dd2bac

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
                              Filesize

                              73B

                              MD5

                              d20d03771917adbe6c45156c852c7c4c

                              SHA1

                              52ad81dd94b4d5bfc97a02bd48ed68154c9e8258

                              SHA256

                              5ec7189d36f16d706ebe14ef32faa7424cf746cd5e9ebd4442b2d43c37097346

                              SHA512

                              a81849f0d8a9311d5bb88971109a92f4150f4dbf1c2a4aacc16bd03a62cf3c5f98ffe49b4b7bcf3e19d6ca8e70780763329a834bdf8829396ede23c0ff77d63a

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
                              Filesize

                              130B

                              MD5

                              41d5ae401f22efca791a7a8fc287fa94

                              SHA1

                              67090594fe5f547ea3c20e62272aa726f58c424e

                              SHA256

                              0acabb9c18f783f323b31458728f17442cd7546c22b32581088f04f515af4dd7

                              SHA512

                              0fc1410f0e399938e2d0e02b0eeb12709f7cc447baad6d970795b00f14257d93d1bb32b497eb3f1587cfb3e9ae8351c59cdd7380cbea188cc6cac32e17ff48ac

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt
                              Filesize

                              68B

                              MD5

                              8167b7ce357c57c055d91cc08e2c4e4e

                              SHA1

                              6699908402a91de91b909cf058d26648fed06314

                              SHA256

                              0d621f4cb45a6a8cd0ad4ad3bf10a8dc1e925c0fba2d31d6909a5fd84fc5936c

                              SHA512

                              fb3b52ff13b282c3693cf05513cf37176e152d9954c85b89624299ac101ea67bd98c20de8884b1b94992495b12ba36116f4467de2657c58c221d83ef1148d03f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt.tmp
                              Filesize

                              66B

                              MD5

                              2614e042c238bc1dba775d1558e0f0e8

                              SHA1

                              fa9171df8d8cde04244066ec82765e0e565c16cf

                              SHA256

                              e1575ffa4cef4518c0d81193318d2716c8fe4f9a475efae714263c5fc90eda8d

                              SHA512

                              76bcff2ecf318085cc4bf7f3158cedbb21cf91bfe55de95c13af06a145e7adfc2bebd4b64880354ce4ab0946696d15ad652f60ac0972cf798eb8d5c0aef85d4d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              12KB

                              MD5

                              cf2688fce669dd5470aa1365d3097441

                              SHA1

                              dd397701b4f94115274598cbde1c66a8edbea274

                              SHA256

                              796b06990bac05d5943f65930ab05b0ad39fe8fc47ac8cc5d4088dc86758a1bc

                              SHA512

                              f0416c20b46c65140e28cc9e22c72ca22e86ee7b9f118e3906f9a5d8631ae8828c96dccd2e1a3a1e8b6924bd7ffdda82a769bf762caadca94ca944e3c2683853

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              11KB

                              MD5

                              a0a60a158ce2f698b688bf30c6831697

                              SHA1

                              c5b52f1ed123f2588dc99792543643e2a1440546

                              SHA256

                              aca9ebadc94892cb70a1990b0f376d8a601b57b62f335b83f7bea40edfe01a3d

                              SHA512

                              a31ef223f0bbb93334eedd39e4502a9c058ba34d7e4516e3432cfb017a37d34401ca64c0d59240bb3a570caa394cb56952adcd9929b3a76e5947cde75918012f

                              Download Submit