Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
57s -
max time network
52s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
20/08/2024, 13:59
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://techtest.org
Resource
win11-20240802-en
General
-
Target
http://techtest.org
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 776 msedge.exe 776 msedge.exe 5004 msedge.exe 5004 msedge.exe 1616 identity_helper.exe 1616 identity_helper.exe 3508 msedge.exe 3508 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe 5004 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5004 wrote to memory of 4560 5004 msedge.exe 79 PID 5004 wrote to memory of 4560 5004 msedge.exe 79 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 4808 5004 msedge.exe 80 PID 5004 wrote to memory of 776 5004 msedge.exe 81 PID 5004 wrote to memory of 776 5004 msedge.exe 81 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82 PID 5004 wrote to memory of 1144 5004 msedge.exe 82
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://techtest.org1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5004 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde88a3cb8,0x7ffde88a3cc8,0x7ffde88a3cd82⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:22⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:1144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:12⤵PID:812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵PID:2656
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4952
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2500
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5026e0c65239e15ba609a874aeac2dc33
SHA1a75e1622bc647ab73ab3bb2809872c2730dcf2df
SHA256593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292
SHA5129fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569
-
Filesize
152B
MD5228fefc98d7fb5b4e27c6abab1de7207
SHA1ada493791316e154a906ec2c83c412adf3a7061a
SHA256448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2
SHA512fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56
-
Filesize
174KB
MD5a8345a04de89c967e96182438c4d9118
SHA1fad9c10333b992f396d45a43cf203ee7f9122cb3
SHA256e8bb780fbb935a7d0cd102218417c2f9ee0b4283e40a21f936713788660c8917
SHA512c5cadcef2e198dc3d62f76179ede0233c413f5e0b01009d0f943d32755cb2adbaff904019553abf692c8b103f23b8ae123f09e3d5b55f0b61bae223ff8471e22
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5ba2d6e90e77ad233ad02ef6ecab707d3
SHA18e0027f0ac162c08b41a9c2d434a8909343a0bb8
SHA256e3a9c63aadc41cdb153264ee0032804fc072d64b8c3b717201658616453ae460
SHA5124331ea65961c706d966613b7425f8382334c8fe26f82ad54332a8227c8fcb7e4737c5a4a130ea1d991c49a40a6c236eaeb950f4446f1287c601c02d15492ef16
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize984B
MD5e17235e41160975729970a2c59c6d4d4
SHA16cd17c8cdfd0e556d8a0706c85a0116be8c0f15d
SHA256f62c2e57cfeed1b369959998c6ab3ebb452f29bffdd1cb3d3f85779e5ec33e3a
SHA51282bdd3431fef97b6bb6357af2c779a989b3229f766f22ac4d0c7d802c7e4de1b4f625bd5c5a3a4bb897f24645c9e7824b2bb8db116689ba595e6d0c8374900f8
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD56c0f4624ee26b281406653531c6fefad
SHA1a358e37d96f1f70a1f13684aeffa0560a7dd0240
SHA256f978087fe2956c75122408a42e1f214189374947902fc9487e5cf9b7275f8298
SHA512ca44902c95626ae88bcaddbed7043a1a68aa86cb7817f80aec408da210888c64cf0b03df8c443595f5404aa83778b6e6757dbc3d620e5ad034010ef4dcb00085
-
Filesize
6KB
MD5ddcd0755a574a4f38e12b9862544000c
SHA152ef41ac225349b1de8cbae1b9e9f9473eb52fc8
SHA256fcc124330dc8d465ac99b509265ccca8d98d520000bb77e93e1543748058c446
SHA5126cc7bfffd2796ebdb263de535ff5851fc321f86d3f68a8cd6c5071297711026a35039a24a55543f6c8fdaba5944c89d1d4d63238381360e7662b1daf953c1bf7
-
Filesize
6KB
MD5d5f3de12f40eb442b1b00fa3ac2df94a
SHA11cdac5ab07868df15f7164f6da9d70a53e2ba9e3
SHA25616c092968f2767585dfaa3e99f2e0c352d95ce66872003fddd69c479ad2d9062
SHA512faab39f52607d8848ad65e3036243af5d4c8237725a228353e52e5741989b0f849ae8c444b4b2e706ea8e7ee575f57909605513772f00f2c845b228e9c947095
-
Filesize
538B
MD506418b4c3cd01dcfc78fc419d5682c5d
SHA1c547ad86c0915548bcfef45dab54c180b279ecfc
SHA2564e6af989ec249bbe415457e0a99492e6588f4c970915c8ebe67f2912b6341b5b
SHA512bcb9fce30887a4cae3a93551d1a2212e46f69c6a9b241650955e508a30482c8a3f2486fd83b47a7577d9d7451658eb526d2826b1ea6db6e3a63924401a20c788
-
Filesize
538B
MD5ddd24666ccf967ea9a3313fe363a8b07
SHA1ac925e6aff8dd58d957272ba955de05069a5a0ba
SHA25677cfc048b4393c38966302cee3dbf4bfcd26272322bde4f89cb55dfa3d19c71b
SHA512fe7558b6b31fa23332471b4cfce7fd3f1d5229f1c2da860dcad2b475d1759bfede157bfa93bb3ab797bb2edeeba1040c2b88b977355f0bb7ff81cfe15573ce8c
-
Filesize
538B
MD537f9a04f8b3b024bb296d780f877ed98
SHA1d49054cec8d3839a03998f15da339389a4cdfff1
SHA2567886d90894d08366ff54180a24d2859748d6e7cc1da7b45463a21cdb1387ae3d
SHA5120365a1f3a3e1d51d61dafe73dc4a7706466471edf3aa38f3d022d868d972b130731a4b5ad68298e118a6ee9056a08443a9ab5a71bcbbe49bea2b0e962717e526
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e79476f3e6a194ac445da514619e6c91
SHA1324be00c2c7fda2a038baa7b2393e7915d0852d8
SHA256ef05fe8d9191fce3c294926daa6a6665d64c7b5d17435483bde609b7fb2b3fde
SHA51213d806beb2370a55bf3cce8c4b709fb028e5cee82de01fe019e273927229f789dcb95f58038b202e17745f71feda54b4a65b8760b97c2552ce97a12b1638c120