Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
318s -
max time network
319s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09/08/2024, 11:47
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://docs.confluent.io/platform/current/kafka/monitoring.html
Resource
win10v2004-20240802-en
General
-
Target
https://docs.confluent.io/platform/current/kafka/monitoring.html
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2768 msedge.exe 2768 msedge.exe 912 msedge.exe 912 msedge.exe 4268 identity_helper.exe 4268 identity_helper.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe 912 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 912 wrote to memory of 3904 912 msedge.exe 86 PID 912 wrote to memory of 3904 912 msedge.exe 86 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2012 912 msedge.exe 87 PID 912 wrote to memory of 2768 912 msedge.exe 88 PID 912 wrote to memory of 2768 912 msedge.exe 88 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89 PID 912 wrote to memory of 4664 912 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.confluent.io/platform/current/kafka/monitoring.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:912 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfc5946f8,0x7ffcfc594708,0x7ffcfc5947182⤵PID:3904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,16503187801010873297,606415345950630270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:22⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,16503187801010873297,606415345950630270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,16503187801010873297,606415345950630270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵PID:4664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,16503187801010873297,606415345950630270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,16503187801010873297,606415345950630270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,16503187801010873297,606415345950630270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:82⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,16503187801010873297,606415345950630270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,16503187801010873297,606415345950630270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,16503187801010873297,606415345950630270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵PID:1256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,16503187801010873297,606415345950630270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:12⤵PID:2556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,16503187801010873297,606415345950630270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,16503187801010873297,606415345950630270,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1732
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3472
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize648B
MD5a9bba429aa1d5097ef27a89c782c5e80
SHA188f993bb85e2735c491fcd3334a4c6593f3707c3
SHA2567aed996d904696e99cfb20058188665cd8f72b78e4fdf2598e150c7921cfb187
SHA512ef9b492ad0b5a4445ebd394045e890eb3fb8c763a4f840f1894c412dcb1c0852fe1050065cf6585a4b5cb24eefd8137d6af1c1daf6588b3e0e22a2bd18d1fd89
-
Filesize
1KB
MD5edb6cc85321f2823025135b6fb3d7b80
SHA175ecb2ea91e14e9dcd0c343e4329d5963ff39740
SHA2564d2da7c1015bb42db9733da04be568cf9721aeac35206d2ebb7fc5505bd28633
SHA5123b7277410558054855b275f6026ab1df144d23df034bf229b8015c67bebd33e6a919b4a2905e7bddef467ebbd3db10201bed64db405d06cdda259f22d3a7ec75
-
Filesize
6KB
MD5c4c680572bc34a4d74db3e45490aa76f
SHA1152bfa9638c233cc0e5bac0b28ff8a5cd1d51fde
SHA256bcdfdd77a8e8e3614efa496d0721e9d930d651c74a4e51dac9f814ae059d85a3
SHA512fef7f5337eb8d46e1c7211a30fcad07de83e06e74445e378e92bd34285ed40bf6b16e3fbb4547ad86fdae90be96d61d0bedf2fc5d13f938a004a1e94c5607cc5
-
Filesize
6KB
MD5a874403627b5e6dac607fc41294df2ae
SHA1f58ddcbe9a391ee660a39786ccdd696d1fbfa43f
SHA256870debc55200bb75d8135f6bd1251b5f2af5a454bf6eae68bdafe05ee7fd3346
SHA512e20884e9decd260fcf3bd3dad66484ed3fd0c5db06b67427c2ce635a1f4c572768526ba15532bfb2de0c50f0926582f58afdbfe421750f8855c47d8c1d0d0eb4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e4438d6ad3762c4c175c3d00ff4b3dea
SHA1231260a5ecb456b7e1b9466a25e621a005011ad4
SHA256d4e55ab999ef99b954a44db1630ab0012d11fbdb5ee88e18493639671ebb5de4
SHA5122657fa0af4be3e0bba8bd4a9061ad1dcabd22912ab2761cca32a89e1522e5180f14c10425151e96320612b773ce772f906f68e257d0c3e316e9df9889a15306a