Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

URLScan

urlscan

1

https://celestial-vi...

windows10-2004-x64

3

Analysis

  • max time kernel
    39s
  • max time network
    37s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 18:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://celestial-vision-ce9.notion.site/google-cybersecurity-1st-course-8d26822c12b9484c9aa829d7b0a62d3f

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://celestial-vision-ce9.notion.site/google-cybersecurity-1st-course-8d26822c12b9484c9aa829d7b0a62d3f
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1212
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80c5a46f8,0x7ff80c5a4708,0x7ff80c5a4718
      2⤵
        PID:868
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15614443093467100659,12662385284895435153,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
        2⤵
          PID:4484
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,15614443093467100659,12662385284895435153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1364
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,15614443093467100659,12662385284895435153,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
          2⤵
            PID:3364
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15614443093467100659,12662385284895435153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:4056
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15614443093467100659,12662385284895435153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
              2⤵
                PID:1012
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,15614443093467100659,12662385284895435153,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5072 /prefetch:8
                2⤵
                  PID:4816
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,15614443093467100659,12662385284895435153,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5032 /prefetch:8
                  2⤵
                  • Modifies registry class
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4532
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,15614443093467100659,12662385284895435153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
                  2⤵
                    PID:4828
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,15614443093467100659,12662385284895435153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4916
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15614443093467100659,12662385284895435153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
                    2⤵
                      PID:1712
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15614443093467100659,12662385284895435153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                      2⤵
                        PID:3440
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15614443093467100659,12662385284895435153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                        2⤵
                          PID:4140
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15614443093467100659,12662385284895435153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
                          2⤵
                            PID:2264
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15614443093467100659,12662385284895435153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                            2⤵
                              PID:3756
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3112
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2232

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                53bc70ecb115bdbabe67620c416fe9b3

                                SHA1

                                af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

                                SHA256

                                b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

                                SHA512

                                cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                e765f3d75e6b0e4a7119c8b14d47d8da

                                SHA1

                                cc9f7c7826c2e1a129e7d98884926076c3714fc0

                                SHA256

                                986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

                                SHA512

                                a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
                                Filesize

                                21KB

                                MD5

                                b9055816f06e7225b92951231b73e75c

                                SHA1

                                ba3be273a95251fa7066158e876da60048de45d3

                                SHA256

                                324839fda642046c6817f2c496f9149776a248aa9a5d06508c9d416a6bbc4343

                                SHA512

                                0d1ad71b79c25fd488ba3df59845e2e3406bf65aa8f4c1f8610df7a68ce80a00bac6f892a1ba591df20711b1f5057f87cd3f0e7941b793a07b73037e8151f6b9

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
                                Filesize

                                96B

                                MD5

                                30403c9e86706ba48921ee6849264855

                                SHA1

                                c431da514d84b227323a906804d45db0ea4a28bf

                                SHA256

                                6d0878fde19ae6a0b47219655166112f348bcf8171a9120b53cd597572796eab

                                SHA512

                                8bbd4e34fed2969592a4544dfef4144351a016ee3af788b51e77d6913ea8386093513aebf3a8011143b4cbc585db43a35bdba094498b45b253c2c2a236d7489e

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_celestial-vision-ce9.notion.site_0.indexeddb.leveldb\MANIFEST-000001
                                Filesize

                                23B

                                MD5

                                3fd11ff447c1ee23538dc4d9724427a3

                                SHA1

                                1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                SHA256

                                720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                SHA512

                                10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.notion.so_0.indexeddb.leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                46295cac801e5d4857d09837238a6394

                                SHA1

                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                SHA256

                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                SHA512

                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                34cdfac449a0d12116401388e49abc05

                                SHA1

                                787575080a1e9c36f827ecc4c559c0820222c2fb

                                SHA256

                                23ac4dd5c27be5622f94140ca54e6250f9dcf4a721f7e190f65c828e035b0212

                                SHA512

                                d14f4b138e48f78772c3e841b7c62a20d80445341df654b97b75d164a2cba10a3b714bc1c8a02f284165bdf48693748fd3b964eea46552e31e0db067d420bc11

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                faad05b2216bf8023bec2630b1ed83c6

                                SHA1

                                3a9fa3abb78178d53d12ee1a36be0aaa2ffe7d4d

                                SHA256

                                db6274ecfc1259c4ab790bfc43dffe5c1a8dfd58ee93c923f0bcdedd718a3597

                                SHA512

                                708e18493ffa58a5e9e9cafa15783e49a317b225238a903d3d5cd0d6676b99bd3ebb34af842bed963842c92ab71a2baad440d771d665248222dba3c60601ce8d

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                27097385c2964ae0b65cc5407e8a829c

                                SHA1

                                f45d7afb326d4eab86eb8d3d04d8c3ff1d30e125

                                SHA256

                                bf63b1d658263fd5f376b690b5f69e8fc792c1e262f73c71126a7659bd93adf4

                                SHA512

                                3841d1c03df477da83ab53ee129c3235929003f8057cc28577b4a02993e206fde768ade6be0dde0319e90b0150466fceb1c310be4dfc753ed0d036acd18e7265

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                172b8e1e118c857922c5cfd3322536d4

                                SHA1

                                7d650132e4e1ddf52628e818b85b68db4a74b82e

                                SHA256

                                bb9fbb8100cf927429ae5e1dcfcd1be7a338032e5c286927cb860cdc3078773a

                                SHA512

                                7caba525430a5de23cf3fedd4bee17a94df79603a6cdfa8de7bdafef62710a63acf4d9fed7f923c2d1ef3a242837782f849e393ca8303656185dd660e0a98982

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                Filesize

                                704B

                                MD5

                                080b3effa03ae08693b764f37c5ff35d

                                SHA1

                                9a89b9f00af81d219dc0e676ce5e289b030a617c

                                SHA256

                                8f95b66899515363bc04a682fea7dafd8273b397444ffd217eed8b3cb8fffbf1

                                SHA512

                                312bf8a7ea70c16b008dcdf1eeb6cb47253f39488c33092cd6cdf77deb5a200745899fca1fa559699e3e9c129383ffeef87fe1848e3543f3e0b56b7185012a5e

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                Filesize

                                704B

                                MD5

                                859fcff3ed86ea319e149e8fd4acfa6e

                                SHA1

                                a3b562f6fedea50d7a48798a9942978e46eb05c6

                                SHA256

                                4ccb68fe3e2560f5f4fa978a5da7cd4ff9b016af3296cd880ce2f3a429a5c1ef

                                SHA512

                                0538544f6d2f4b004b0f5f933450ca34cef80e458e2522e266b10a508469a5744d1adcee0146c3623e274360d9db46161a1991743bbf048f512b1b6a23225d94

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f405.TMP
                                Filesize

                                704B

                                MD5

                                f51a8840bf4b401b3d1bef3d237a0d6a

                                SHA1

                                aa468ea1169c3dd1e21cee041ddaa073ce58ead4

                                SHA256

                                efef867a47b90675e72827b49959d9fae974bf7cc79adf2212a90c6ff5890364

                                SHA512

                                4a7cbbe0f35faa877212a506d1b329fcb46d752a7adc0b77aaea43fd9fb1c1dd7a553259db69444e5e9886e1e106f8540fcd374b5e42d192534853ee42f96794

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                10KB

                                MD5

                                bc642c9768ec42e2fa6e4b9ed47698be

                                SHA1

                                4c60e284cb12f6c1152de308fdec1903b05e79c3

                                SHA256

                                ce086589d916977fd715383fd9e37ac6ccdca7386501ea9179fcf6696ecb9747

                                SHA512

                                4c52ae629f9a0d230f009ac80a07579e2df33a05c15c105593593ce68d8ade61cf8dad88a359ef47ae4fc89e0d5b2cbf0794845a4c29f6d52822cf85649e8920

                                Download Submit