Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
25/07/2024, 09:05
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.redlights.be/
Resource
win10v2004-20240709-en
General
-
Target
http://www.redlights.be/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4480 msedge.exe 4480 msedge.exe 1612 msedge.exe 1612 msedge.exe 1544 identity_helper.exe 1544 identity_helper.exe 5880 msedge.exe 5880 msedge.exe 5880 msedge.exe 5880 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe 1612 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1612 wrote to memory of 3820 1612 msedge.exe 85 PID 1612 wrote to memory of 3820 1612 msedge.exe 85 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4568 1612 msedge.exe 86 PID 1612 wrote to memory of 4480 1612 msedge.exe 87 PID 1612 wrote to memory of 4480 1612 msedge.exe 87 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88 PID 1612 wrote to memory of 4076 1612 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.redlights.be/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1612 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c7b046f8,0x7ff9c7b04708,0x7ff9c7b047182⤵PID:3820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵PID:2292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:82⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:12⤵PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵PID:972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:2580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4336 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5880
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1808
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2912
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo1⤵PID:4420
-
C:\Windows\servicing\TrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exe1⤵PID:2292
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58dc45b70cbe29a357e2c376a0c2b751b
SHA125d623cea817f86b8427db53b82340410c1489b2
SHA256511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a
SHA5123ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e
-
Filesize
152B
MD51790c766c15938258a4f9b984cf68312
SHA115c9827d278d28b23a8ea0389d42fa87e404359f
SHA2562e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63
SHA5122682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD5ed951afb801f7d452be608067909383b
SHA1bf60b50f276c971e3c0238524c61a7ef559ba421
SHA2560313ab3160327ae5ce491d2b12dc2a286480007980b1df7abe1f32e6ec233042
SHA512ccbefc89cdfc2c00c1a7cd902eedf0961b96b6b1dcb011042030b0cd564053bcc46b54015f191305fd42c8b7f1cbb18b6f1872ce73152cb54f0a26f03b781cdf
-
Filesize
1KB
MD5775aa8a34f32d6a1b6867fbe26ca70bc
SHA15979acd79f16e1dd09e8a2ddbb03dcbd0088ee71
SHA25662048438a0649d723d1f527a6242873f125222d3529b1cf3a86d549f8275d614
SHA512d5710f19db026a68f6b7dfcae52c7b6730cfe188145cff568c1612a26faa3eed95325e941b5ad0abdf0aee8748ca3dac75b9e8857bab3df5dd1d283f21add6e7
-
Filesize
5KB
MD59e69528a53359d194bbe6933c6e3a362
SHA1475f34a907cc8b1bf7c9c3d82980f2c16c09e953
SHA2561d57c2a98578a42523d4469538740408a5460d23d2222e74e93a0c761bd0cf8b
SHA5123cb09075eb1eb4ef9c2b2a27756279df3e74ac14168a1d34bcc81d1022ddbea6e333041c788f3d5a868f2cf459949b27ddcd953d82ab24ecfdbff1091a646138
-
Filesize
6KB
MD59c327ed5d7e67afad49b1cd32eee1901
SHA189fbc987b30ab6a5a91d0453749830d4e734dfce
SHA2569e7633bff8357fa940ac55c623ca6bae89e12963925d391d219da5c3821ff2a3
SHA5125232e3e27f39a20bb4c470b7b7b15ec01da8e7a5c113e056e3e10d5024485624a3b366736007956e19810ef92c93d0ecbf9d60d728b92631d7d89b8f9f851794
-
Filesize
534B
MD51f61740fd2a5da403b6901dad4b10036
SHA1061fafac1e3fcc18675714dfb39745cb83e9ffd1
SHA256fc4b6ea2f001cb8b953906907d62e84c2dea6c2881f15ed21001f5ff75d96c4d
SHA512b15469351603a56f0b385c9518d6a934aff70463c0bc9eefd327302a951d7ec3ec513d19cf2ec8a69f1b63dc5a70e23149443180853b096c51c521c10eec122c
-
Filesize
536B
MD598d45f4c363fd8fed0faacf3bf5c89e4
SHA115b01b251bb5ad0a104eb153eabeda6b0d4747ce
SHA2562ac9118a771b4cac1251ecc0ffc8970f486045196f47a08be2fad95682f4cda5
SHA512a84d3e859058468d2b2dd14e18570b61254517ac5e0d0877ecc3c685e97fc4c58f0e975971e32fd2925137f354504d46433c85777f458f7c42f7ce4420c38e27
-
Filesize
534B
MD5c840f817ee04f80f4771deeee1f9ac86
SHA1c07a77487f2264cfbc131e3287690a59e90fe095
SHA2568ac95bf8418d2e2c863d6c3176da283e30526589a4f82eda8c1433d094d4cd54
SHA512726f03ac66d42d86d2db0dece92a2538de70cc1dd78851dd882444c4aaf6ac338f0e552a0fbd74b902656014aa2b0644faf8b75b76de1ec72ed97feefea57c9f
-
Filesize
534B
MD54ae37f4b2036a775d5da94a230c445b0
SHA1273825eeca097ac98126a23a6c7f0601af02c476
SHA25696d286c931751e359ad21dc548abfc2d935e87b54f537677b14f3c2e2dae4340
SHA512cf80d4e0a1aea9ef1fa93d696746e64f19b0f09e728bf2b5fd4a05f15877e2cac5ab63e267a59fbd2a5c439a59fe121d0d5bc18c33b5d8d29807141b78614fb1
-
Filesize
536B
MD56e575414b58165fc031839d29f2a712c
SHA1e754fdef01ad71ab63482283f794c926d2f0d030
SHA256203dc6d2644dcb16b8e55a84d2d8d710cabd1396530e41653c4e05a01588304a
SHA5123524678aa4ba3517dcfc9d82c4b53619609cbd6d2b4ba42fe8c8420121f91c30c8661d67d236f44456b992eb3da48d440a9efeca1fdde2d3b5cb56523f5cdb83
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD59ac6975bf523f08ea4324617eede5132
SHA1075f2a8bc92d7d371c302e1b5afdc8e9fd0aaced
SHA25694c63b33cd9fbda54ec009c489fbd71a95e9ff0101cdf1d63d4df7fdb066850e
SHA51255db6d706c87b441cb102edd91e64d55b5a64139c9af3aebbeed52447c4ff48e7bb72feed0fa3019094223c69de12da29b92ed2fcd8e94083fdf81003abca201