Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
243s -
max time network
247s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
20/07/2024, 22:43
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://8.8.8.8
Resource
win10v2004-20240709-en
General
-
Target
http://8.8.8.8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 224 msedge.exe 224 msedge.exe 2064 msedge.exe 2064 msedge.exe 3424 identity_helper.exe 3424 identity_helper.exe 4380 msedge.exe 4380 msedge.exe 4380 msedge.exe 4380 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe 2064 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2064 wrote to memory of 2808 2064 msedge.exe 85 PID 2064 wrote to memory of 2808 2064 msedge.exe 85 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 3636 2064 msedge.exe 86 PID 2064 wrote to memory of 224 2064 msedge.exe 87 PID 2064 wrote to memory of 224 2064 msedge.exe 87 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88 PID 2064 wrote to memory of 4396 2064 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://8.8.8.81⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2064 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb5cce46f8,0x7ffb5cce4708,0x7ffb5cce47182⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:3636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:82⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵PID:3112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵PID:1936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:12⤵PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:2460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12401436103599628868,7607794028556989582,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵PID:4372
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2308
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3300
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51f9d180c0bcf71b48e7bc8302f85c28f
SHA1ade94a8e51c446383dc0a45edf5aad5fa20edf3c
SHA256a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc
SHA512282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785
-
Filesize
152B
MD560ead4145eb78b972baf6c6270ae6d72
SHA1e71f4507bea5b518d9ee9fb2d523c5a11adea842
SHA256b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7
SHA5128cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde
-
Filesize
6KB
MD5367540f7f1de0506f17af0d3085dba7c
SHA1523d0f559b975b25b275c638b8298a9e48f30111
SHA256d89b722067008c26270b62808f3af2fc5bc2cde7876359734bdc6b08be212947
SHA5127a498e9b1e8f3113dcca268b379856ed85ad3a52fe5face21561b596a1feb9e79c10e41175ed93c84f812a63e9c6169641b6451777ad36a98c521c90ddac1f25
-
Filesize
5KB
MD5e04a816aad572fe2de941d635d299bba
SHA1d76fb55eee13432bccb2745180c5cb4caec17f60
SHA2563c2965ea09292d3fee24f17e75ecbaefe6997403b37d9d3195aa708df29d6ac2
SHA5120308566fd01d6c1cc71c673ee4754c3c27ddd1e18b504160936e8f32c09e431f94ff8a7e626fd8381d147dbdff2266af7db24009f4784cd979e70318b566ec3c
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5b13d2c6fe7b372ee2c8feab4b13166b3
SHA1d0b85b75a816aed4185ac00d3627fd3714197629
SHA256309ff184ec068c19fbed6b508cb947cc56155903db6c82db4c92f08c7b7bd24c
SHA51259d18772ca8dadb2f646d5fb91042e0cca1ba98cd5495a010380a982b2f53de89c8e701d4438534238f417a705feb4977c19868a200e6051a21a6b6abb12102a