Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/08/2024, 12:04
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://na4.docusign.net/signing/emailstart.aspx?a=e8638af0-a814-44b8-9337-8e917c8bdcac&acct=ef61cf65-24e6-44f1-8517-7066c5645a09&er=0b1248ca-0768-4e56-9b32-26b52bc5265e
Resource
win10v2004-20240802-en
General
-
Target
https://na4.docusign.net/signing/emailstart.aspx?a=e8638af0-a814-44b8-9337-8e917c8bdcac&acct=ef61cf65-24e6-44f1-8517-7066c5645a09&er=0b1248ca-0768-4e56-9b32-26b52bc5265e
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4408 msedge.exe 4408 msedge.exe 2968 msedge.exe 2968 msedge.exe 4484 identity_helper.exe 4484 identity_helper.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2968 wrote to memory of 3668 2968 msedge.exe 83 PID 2968 wrote to memory of 3668 2968 msedge.exe 83 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 2488 2968 msedge.exe 84 PID 2968 wrote to memory of 4408 2968 msedge.exe 85 PID 2968 wrote to memory of 4408 2968 msedge.exe 85 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86 PID 2968 wrote to memory of 1256 2968 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://na4.docusign.net/signing/emailstart.aspx?a=e8638af0-a814-44b8-9337-8e917c8bdcac&acct=ef61cf65-24e6-44f1-8517-7066c5645a09&er=0b1248ca-0768-4e56-9b32-26b52bc5265e1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc497646f8,0x7ffc49764708,0x7ffc497647182⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2820140283440379704,2341661037178924124,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:2488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2820140283440379704,2341661037178924124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,2820140283440379704,2341661037178924124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:82⤵PID:1256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2820140283440379704,2341661037178924124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2820140283440379704,2341661037178924124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:3456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2820140283440379704,2341661037178924124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:82⤵PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2820140283440379704,2341661037178924124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2820140283440379704,2341661037178924124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2820140283440379704,2341661037178924124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:4444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2820140283440379704,2341661037178924124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:12⤵PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2820140283440379704,2341661037178924124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵PID:3988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2820140283440379704,2341661037178924124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3772 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3820
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:708
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1552
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize840B
MD59aa78c6a66ebcee813974ff0e3b5e518
SHA12b804c7d0acb7caf2a192c037d13fa36d70775a1
SHA256f36ffc61c49e1776b502c52ed6906a5eb86801f01008ae361ec7c176f06590bf
SHA512fee73aed68ae68d7cf11ec7af059eae6a5cffce163a020dd7dbfa17ab6bdaddab13b97bf6d4d0db798af5ddee6e784525035a2ac2c1b0d9ce8231792e25146a0
-
Filesize
412B
MD5a02e7e96239ec00b405096af6359eaec
SHA11c6ee63d62a015a92e3d6442cbb3d8a33c0711de
SHA256789f9925f702339f5b7e2882518a4be877d6697ac662ff8b16e73dbb58705283
SHA51266b50764f0a0ca9d7afa5c39a4e334919022ee62b50d0c98649c8ead09e8175fe7ca8f5ee3388e028f824f8c6c5c49f73adddc5f08529a11ac61dc7ca4fea216
-
Filesize
6KB
MD59e26e4f86aed1fd1a569f9bc3da113ec
SHA12f0b673db958314956d4840d6d1548637ae066b0
SHA256cd0b0a71791e0f90b87b82020cbba5e9c2a0993dd4a72602e07e246feb0c2edb
SHA51264d97352bed052afdc4f79adefa1fc913e975825eb532e1137e9807bcfa8c6952b0112ff8dab38ee974fdd267bea48c36a159fa7879cc2506ac3196de95c1e71
-
Filesize
6KB
MD5760391d09482192229e4c0d0d90e106b
SHA12f92cb92ef06b43cd144b90c90c0d6e1037e418e
SHA2568b2fe73478c23cd70a735add50ec06820acd97828f4036a92ad7a3bd9ec151d1
SHA5123ffd2323e8a41890f87316f628e5d6c568d8ba1976ad14cbebd811dc35e300c64ed035256bae843416b04a60a8ae5dc3f766bc505c62a8b2c8bf50d2bd826ee0
-
Filesize
370B
MD54022ae0ad6409d5e09adf63ed5bf2ec1
SHA1d54db810b2865f1e14fdecc160411448d8db1001
SHA25657b3fd54947c4ddabe20225faf6e5380f3de200011b61acafe525d3126ce8b0e
SHA51203e7fe2d7ecefd5df79eef13ef450bde1722114ede5e3038e5ed35b241d297501e81bc398b38e6e4f2df8aab102b2a69230a96bf6b20ab04cc7c18eb2792f28b
-
Filesize
370B
MD5f5e9a00dcec93138e6e16cea06e9e579
SHA11f03174d7f06474875aacca7ff4e565ffc8742eb
SHA256728942bc43d2603604a943aff80cfbeaaefe0b6177f780a452b5f3188c00fa65
SHA5124f414f9c4f135883e644f97de5596f416735621028f1100d2698772db314e3c0bd754883de4961b75e9a55fbe137c50e2cd60380b54045058e3f58e217225a1d
-
Filesize
370B
MD5c5b560fe7fe3c9247edf719b5f46f23c
SHA1484d0fe39218f1c3313dbecba49f96380941b85a
SHA25621dac602afecf729de42316e41a8ae87f4a42a6e264d48509512163a4be507de
SHA51243ea69cbf661925a67a54f6ad6608b905d5734089b722f814815dec471c991e5956a1375b684c73c6c15d03fc743356542521846420e1e9ec0e3a5e4e784de40
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e92b3ebba1a4d330987c217da0668f49
SHA1b35c9b694d987ebe2bb91ab8dfcf0f25a51f51a9
SHA256e04ddeb0ce930c7ebb541eca59112b2ab73e08ac67c404bd2a8a17007464388a
SHA5124d4172d96e7cae831cefa77543c806802ac190d81d1f9240fb554b187a0fbe6c1f5039660e44ea84e65c94521d248cedd5023af247a4dd14adee09d57669b2e7