Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
63s -
max time network
66s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
19/07/2024, 22:09
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://t.co/9YyPQhwHTm
Resource
win10v2004-20240709-en
General
-
Target
https://t.co/9YyPQhwHTm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 5100 msedge.exe 5100 msedge.exe 3104 msedge.exe 3104 msedge.exe 4644 identity_helper.exe 4644 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3104 wrote to memory of 4336 3104 msedge.exe 87 PID 3104 wrote to memory of 4336 3104 msedge.exe 87 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 428 3104 msedge.exe 88 PID 3104 wrote to memory of 5100 3104 msedge.exe 89 PID 3104 wrote to memory of 5100 3104 msedge.exe 89 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90 PID 3104 wrote to memory of 3024 3104 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.co/9YyPQhwHTm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3104 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91d1546f8,0x7ff91d154708,0x7ff91d1547182⤵PID:4336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,6773073241159325227,12702875730713768251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:22⤵PID:428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,6773073241159325227,12702875730713768251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,6773073241159325227,12702875730713768251,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵PID:3024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6773073241159325227,12702875730713768251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6773073241159325227,12702875730713768251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6773073241159325227,12702875730713768251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:12⤵PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,6773073241159325227,12702875730713768251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:82⤵PID:4288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,6773073241159325227,12702875730713768251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6773073241159325227,12702875730713768251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:12⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6773073241159325227,12702875730713768251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵PID:1852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6773073241159325227,12702875730713768251,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:5208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6773073241159325227,12702875730713768251,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵PID:5216
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:652
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5060
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5584971c8ba88c824fd51a05dddb45a98
SHA1b7c9489b4427652a9cdd754d1c1b6ac4034be421
SHA256e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307
SHA5125dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726
-
Filesize
152B
MD5b28ef7d9f6d74f055cc49876767c886c
SHA1d6b3267f36c340979f8fc3e012fdd02c468740bf
SHA256fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37
SHA512491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5dad51bb131e0a6280e252e3261281223
SHA1f09ba3b46cd90de16aec20600f93fa57ab372c62
SHA256e181ea231674b22bed6825314c8aa9bc93c05dc69260f2cb134fa62b315c7a19
SHA5121dbecc25043c629a235262a12f5f6ed82a7938f50db4f19088134bb6ff6c3bb56dd4d8a313a24e7b2c23f0b5c56e05e7e1d045b981b19bd30e20a330dc90357d
-
Filesize
5KB
MD51e11bee0cf015029698be3bb39c3eca2
SHA134f5b10217ccfa66e3b6a93c645e3384a4369405
SHA256b02bd7448a5f24ec7223f48582024d407d3dc4e3ee89c7ff88855795d26440f3
SHA5127b4f14d656202455519aeca51d0c518a5bf0dcec5c5cec0fd766ae56e80f9eab0bf119af3002c1070f33c062fb2d1a05e28415454cc2f8b7404a1ebc3e1f4c62
-
Filesize
6KB
MD5ce063d9b000709b642b0a16ae8651a06
SHA1dc819a0e16e6aa088ad849f9c028a26c647705f3
SHA2568f4f5d9d0c370c23e07ab736b087918e985c6ed5820394fb881b34ab2ab43204
SHA512df93f3304d5bf8c3d57f441073cea18aabadb0af95c8c7e1aa25e7186204ad627561afba7f4c398407c656a6eeb8a960f4498bc98de77a535951ca66081d4acc
-
Filesize
367B
MD5f8ebd11ac878d7e22af20d9d2cd22887
SHA1c595e312b3877bc5591c10269ab25dc9e8af11d1
SHA256c24a42cb49252aa4e5d20ac2d0a9752c26d23ef03819d07dbdb114570ec8e48a
SHA512a58e9e8d23c96bba9d2db337db2f77ec8d80a97f6d6a72ce10985f0c880ed0a30a2554c014ddd96d929de1f24a3e27e7fa329ec76f6c454e0877b063bfa6d11c
-
Filesize
367B
MD5fcf4aba85b828581b36d716e8bc71e2b
SHA1e5866713a2b6fe174a2b58f59f53119e8b2a89a6
SHA25655b607c867fafab42ec7ff8e8da72528b72c1c88f3dadd1a7cccf9469df790c9
SHA512e513da34eef908385a284c648f8ea79b320c8ceda12231173a2995711f94f3ef94a7a489dbb970bdd349b9616473445cf5c5fe2e800a6f1d576f59242e7c5f50
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD553ef67f8414440d9e10b1acec1130695
SHA100cdaa2e21df55960b6f2c29953f6f7549e44b45
SHA256bdb0b75f6c25a10aa921641706bfad1eb273ce0f2951b2a80d18085807276b96
SHA5128ef34219e64c9846d09cc186fc80d50c985e3461510e0325b0c2b500c5092b3ecfeb50f1523169dc161c831c253504e3223014ef13038b9c891f47c444dcc221
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84