Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
24/08/2024, 06:19
240824-g3a6lsyfnk 3Analysis
-
max time kernel
73s -
max time network
81s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
24/08/2024, 06:19
Static task
static1
Behavioral task
behavioral1
Sample
genpatcher.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
genpatcher.html
Resource
win10v2004-20240802-en
General
-
Target
genpatcher.html
-
Size
55KB
-
MD5
1650e6a40cdd616e6db139625a408089
-
SHA1
c4ff3a99a1ab275b6d44eef40b31c65240c198f4
-
SHA256
ade195731d49f270a68783ea82943d4fc06cff942fe49d14f7750eeddd759a50
-
SHA512
1e69ad9687805ead24dfd959dda6e2e0cfc9325873c882f968f22b484ab25f5e0cfe2f7dc8dcda245759581421bea11f2608138fc66913a498f2735506ad0041
-
SSDEEP
1536:/oJu04eeUeeeeeIxg0eeeee4eeeejfB0E4JHmPCvNs4K/LJNJNmmrT+:/axgHm62Xy
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2064 msedge.exe 2064 msedge.exe 116 msedge.exe 116 msedge.exe 2072 identity_helper.exe 2072 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe 116 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 116 wrote to memory of 4768 116 msedge.exe 84 PID 116 wrote to memory of 4768 116 msedge.exe 84 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2708 116 msedge.exe 85 PID 116 wrote to memory of 2064 116 msedge.exe 86 PID 116 wrote to memory of 2064 116 msedge.exe 86 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87 PID 116 wrote to memory of 1584 116 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\genpatcher.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff636c46f8,0x7fff636c4708,0x7fff636c47182⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17435020117183843276,12052598743570062871,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:2708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17435020117183843276,12052598743570062871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,17435020117183843276,12052598743570062871,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:82⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17435020117183843276,12052598743570062871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17435020117183843276,12052598743570062871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:1908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17435020117183843276,12052598743570062871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:82⤵PID:3728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17435020117183843276,12052598743570062871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17435020117183843276,12052598743570062871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:4836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17435020117183843276,12052598743570062871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:64
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17435020117183843276,12052598743570062871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:4452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17435020117183843276,12052598743570062871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵PID:2972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17435020117183843276,12052598743570062871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:12⤵PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17435020117183843276,12052598743570062871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:12⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17435020117183843276,12052598743570062871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:12⤵PID:220
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:384
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:100
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
848B
MD598f13bf853afca5e743ce8d86145643f
SHA16f826db8a97d0d12c9a1d1ddc7240bbf1e044602
SHA256793f08499a3cc2d6fccf9b62234efb7780f664e3a1c44833273612184087f566
SHA512e54b9f17379581e72e1454e3c9498ff2f66a289e67b5c5465ef1ae0553be505fa68ccb759a1405920f32b97364b78a1e80b3b68867a8fe8065705d23549b29d3
-
Filesize
6KB
MD5372054e34ad976a65d3660c895fa639f
SHA18faa2bfeb25d00723ad8a0663e27aa797313a978
SHA256a93563916d830f224400848ec66031de6cfdd4855171b757dcfd5d5768455224
SHA512b58e13fc891095fea90747cb40362864a4c8188d8d7abe8f68dd823e2dbf4dc10a2ce5a915d32064bb33579d025bd93391c89847a89b037133621e705f62c512
-
Filesize
5KB
MD553d8e58e759f1e54d6ed3aa60ef6c297
SHA190a1339b0621deb4caedd83c45daeeb85994ed9b
SHA25662e0e75ef50771a681e47ffe1f6629ea568c2dc03a1db122cf89e44e4c01ba43
SHA5121e9f5ce90de383e0af69a5c5ae1b0889d505d7637dbcb8c860aea26bb82d0eebd30d2fbddf6329b7896e61da114278a72fe3fcabaf937e3f313fbe08a791b54e
-
Filesize
6KB
MD55031871a52048eeb34588ab7b452c286
SHA184dabc5ab0b83a55374e8c8b3f88f47653b9ae44
SHA256678f80e1eb8be6c6ac7989864a365eace8ca96f6f427d9b336e878367ffec8ba
SHA51215cccd80ea5df9d3cc7fdcd744779fb3044236abb0b547c3dcb39376467735d82fcefc44b976e441c14277da83a962d0c6c089160f17644f44c8379b4db250ef
-
Filesize
6KB
MD5e2fcf65375db0d5885f6e16d9957e80a
SHA107d003f5b33b4352c519bf47538cc4ea8b79e4f5
SHA2567ede96281c7e0a6bda1f737606f812dbb34961bbb8c0f510218c32b601fe33b4
SHA5124a3e42ade14c9f0d6d85d501abab921ea62bb60f784588657dc261ffb77e75d952a5254ade3ec0711044c7c7e6ddb0d516d95ec743d4f031b82372b6dfecfc7f
-
Filesize
707B
MD5bd405070791cdd61d10a214c27ec12d2
SHA1f495f6c7bf7d1c4bea9c811a5ac9384eb93c8cf1
SHA25683785edfd6355c335ef2fbe8c5cc52e9b3cc102c8bd0c815f7031ab8ef7cc2f1
SHA512ab7c3290b792f012b6db54c914b1fefa059f1ca14a02a3cf7bb528e1e87bc543fabca6c34cbae5e23709dc6b9d220523054c4352e1717742502da026c0cf5885
-
Filesize
539B
MD55abe44de15cf02eb0173b67a94510887
SHA151f2fb07c686e5ec3815ca60694154059961f904
SHA25678102ce56016146c47e2a253ac42ea30ffe99bafe1574b2574d1ae413962ba4d
SHA512961898dfcc6099f54df0b76c4f3d2ddd873b3b5bebecee54850236e08fe116d30c8913f02d5d6a7ddfe28f440d967c0374e7d39f1abfa33998d9767ac4d0f363
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5dbff8f93a411f9ca7fff685eb92893fd
SHA10d7c979a473ac4a86639f58603b0b5d38ac22d06
SHA25610d2c14bf70b6a9460d9bfecc169b0cbde6e52675335c6602663071d1d30b7d6
SHA51274ba845ac24f27e9c06ebf60355c72a1d08fe81f74a713af50cbba75a95039465b54da6621f21aae8f75fbc69086e69fe1be48b4b68f50186acf79f593084f0e