Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
289s -
max time network
288s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
16/07/2024, 09:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://cheezit.xyz
Resource
win10v2004-20240704-en
General
-
Target
http://cheezit.xyz
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2300 msedge.exe 2300 msedge.exe 3120 msedge.exe 3120 msedge.exe 3696 identity_helper.exe 3696 identity_helper.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3120 wrote to memory of 4088 3120 msedge.exe 85 PID 3120 wrote to memory of 4088 3120 msedge.exe 85 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2468 3120 msedge.exe 86 PID 3120 wrote to memory of 2300 3120 msedge.exe 87 PID 3120 wrote to memory of 2300 3120 msedge.exe 87 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88 PID 3120 wrote to memory of 2304 3120 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cheezit.xyz1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3120 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90a6f46f8,0x7ff90a6f4708,0x7ff90a6f47182⤵PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:2468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2356 /prefetch:82⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:82⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵PID:1528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10376867930886593722,11012907072899715113,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4600
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1368
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1972
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5210676dde5c0bd984dc057e2333e1075
SHA12d2f8c14ee48a2580f852db7ac605f81b5b1399a
SHA2562a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5
SHA512aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017
-
Filesize
152B
MD5f4e6521c03f1bc16d91d99c059cc5424
SHA1043665051c486192a6eefe6d0632cf34ae8e89ad
SHA2567759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1
SHA5120bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e
-
Filesize
6KB
MD5517d67ae5bb465b53b821102c97c730b
SHA117328daa0c9b5f60edbde254d074995f35bd8159
SHA2562d504e2ccd98bdd4fc2bab5528a4febcd7f43003d72a4843940f1db52fd5f5bf
SHA5124f8e681929ce0ab7aa8654ae96f9895f9ecab23d3b20caf791e1611d61a01d6ac9c626be6b6d73bbface2b0b1bb1d51305ea50e078c69a7776907db8e4102486
-
Filesize
6KB
MD5d3665aa8c0d339577f9c60b91de9de33
SHA1f4a748954f9df0832f889872e8bd2bcd4a7ce72f
SHA256a91084e10aabc9ffbeedd26ab2832c014994e3cd9e90f812a54a652cfd7a0df7
SHA512960155b08667d10b07ef72a74abfae5445f9f5150d0d5fcf8cd39d2eaef5212cac49f7af50d09e5293591f102aec5092aea2aa02c70ba75380aa11e884a0a18c
-
Filesize
6KB
MD542ed19da255f25c08a81b1f067d2ccc7
SHA1d74bb3fa6051753c4b99c225d1d1b56103a27b21
SHA256e8ae7882ff4e68c572277f82962734e0e48d34f0ac5e29642c806e364265d21d
SHA512bda8dd87f974a1ce9c643c57280c2a7e86a98c63200203b534cc7f497f1f6e19f2132d9ed7f7a690d855c13ba7fb2e6f51bcbad99c5ebc3f88e0d3ccfd78d875
-
Filesize
6KB
MD55c85de333314227fb43c9697e3cd295f
SHA11b253a1fe516a7cd89704d6bb91ba7812ef25f97
SHA256ee66a70ff0a3abb89a855ba9bee2c487e249c9ea4ad79fd556d80dfc068ca432
SHA512ddc2e4589da7d32833d5b256ab0ae24c887f34cfa16b76649ae24e626478ba2fdf77e7cada7c8108d1e34d9bc95d7f14fa8648635c5dd10868de4a5656411ea2
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD55026a25b76d10a89638c7b2d9011dbab
SHA1d2f6558a4c5393fb280acf2afa9da55f0a59022a
SHA256ccae650ca8c2fa4483dd15734544d1f49a1fcfef936698d724d46b1a6d134f16
SHA512c169b390dadfd1d133a12ccb5ec13a567bd4b92fdd84670ff7342a41ab132becde4ab3cbcb1945e6208a0231eab91bf3d2a51c257a0807b46154b25e572cebca