Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/08/2024, 06:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1AAODgMXbl4o0j8KGZWKbT9ceAEswXWbI/view

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1AAODgMXbl4o0j8KGZWKbT9ceAEswXWbI/view
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1040
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce45246f8,0x7ffce4524708,0x7ffce4524718
      2⤵
        PID:4820
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        2⤵
          PID:1256
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3204
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2432 /prefetch:8
          2⤵
            PID:2456
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
            2⤵
              PID:2584
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
              2⤵
                PID:3872
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
                2⤵
                  PID:468
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
                  2⤵
                    PID:1992
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:704
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                    2⤵
                      PID:3592
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
                      2⤵
                        PID:832
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4864 /prefetch:8
                        2⤵
                          PID:5252
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
                          2⤵
                            PID:5260
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5272
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
                            2⤵
                              PID:5356
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13508291938597508545,9056066261617428043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
                              2⤵
                                PID:5364
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3744
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4484
                                • C:\Windows\System32\rundll32.exe
                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  1⤵
                                    PID:5904
                                  • C:\Program Files\7-Zip\7zG.exe
                                    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap1295:130:7zEvent15614
                                    1⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    PID:5984
                                  • C:\Program Files\7-Zip\7zG.exe
                                    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap28236:130:7zEvent19759
                                    1⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    PID:5620
                                  • C:\Windows\system32\NOTEPAD.EXE
                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\2keyAvast Ultimate - DriverUp-2025.txt
                                    1⤵
                                      PID:3552

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      ecf7ca53c80b5245e35839009d12f866

                                      SHA1

                                      a7af77cf31d410708ebd35a232a80bddfb0615bb

                                      SHA256

                                      882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

                                      SHA512

                                      706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      4dd2754d1bea40445984d65abee82b21

                                      SHA1

                                      4b6a5658bae9a784a370a115fbb4a12e92bd3390

                                      SHA256

                                      183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

                                      SHA512

                                      92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      408B

                                      MD5

                                      3faffa5bb41245b60b1618e18d7b6d42

                                      SHA1

                                      cc24862cb5a5f97c05c439499d71e222378e5053

                                      SHA256

                                      68861ee298bdd61d0791ff56ac0154d783d04d376103006d05b0733b0c321eb0

                                      SHA512

                                      b5623d898ea73d698e6614784a26590ea564897f1864f4c19db3195c7524f3eef13bdd3accac977875cb4450a6d0b236e1d17743a9b5f5e4bd2aa2d427219244

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      3KB

                                      MD5

                                      25854b0f2386653a2b6b4626adda229f

                                      SHA1

                                      82400f0f10559965d0aef46300a245bdfc4e909c

                                      SHA256

                                      f1a099114a13b7e6c57fc2620684ab5b20162a5ccb102a7c7aa21f8a9764baf0

                                      SHA512

                                      3c01d010e80dfd0e00bb70db8a00bbb4849de982c8feed7ccefc5b3213bfe9bd12fef57dc6c53f09fd3f805556a784e9524f0450c83a5e42b3530e47c2ee2e0e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      c69bba0eabce5d18d02a6515f5e3f9c2

                                      SHA1

                                      55033aa68c65239db5006c02a0d1646ebd3b1098

                                      SHA256

                                      5f02d2f74fb7d0996680e47689ddc5b6646fe7d719c30d67582699ee45f34f49

                                      SHA512

                                      3ab54782c1930b8a6903de1d269f7802e78b151d821668754b2282853579f27bb7e8732944a7dc15d36191347b5d1cb9ba927a49e5c67b5050e9673b268d7a67

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      8fd6a294acbbbe2b73e74b78212a23ec

                                      SHA1

                                      00c98c30425063d222a003c3df54826ed1144485

                                      SHA256

                                      04d0977791b0f28da44380c819b98b17dda7b5fb3c1b2cd4aca81ac66b2661ac

                                      SHA512

                                      c763c0426295279de949cf732e4cefeab5293b10ddb154eab788dda27e00d703f70c4eacab593444b6b22d597a7234a813d0bcc48ede2abebf26c642ab7d20e1

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      d2094dc3a0837a9729f82298e0006901

                                      SHA1

                                      36d03ea24916f530d18fed24f6aeee71897e9afa

                                      SHA256

                                      6365e41d6e132fde81431af998e3392c48cf8f676d288b97d00d380fe43e2125

                                      SHA512

                                      9e5d8fa600a2a5c8a8567cfb64b8e0ce6061dad3cff6fd57eee40ac4802db716eb6ead3b4a87ee8f6030025b090a0a2d41c02cfdecaaeed003a9d489f3d55f0a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      f849e6f30b2a9f99d9c414cba190172f

                                      SHA1

                                      04c000ec60169615374d7d5775f934dc0f27c28e

                                      SHA256

                                      965c8514d3ff26069c97f43f18abb238d18da24486dfa7140ef7b8e6895a30c2

                                      SHA512

                                      e82dc5054bda75a3e43cc4ce30aaa67d255a9bd25c57274f2344aa4496804285e9dad1c64c11d33c06fe1c99718d822abdd6d42c8020bf8ddd1b0e94817832f0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      206702161f94c5cd39fadd03f4014d98

                                      SHA1

                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                      SHA256

                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                      SHA512

                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      a415170023f87be3e4286423452afb2b

                                      SHA1

                                      72331c8c3d3713d47edd003ac81cfcfd58906519

                                      SHA256

                                      d4468693f369d0efee791d75fe60d2eaab3e415b7aaae16cd1d4a44a85fa1356

                                      SHA512

                                      3724768e10bdb96cdc6687027ac888508df9096d6eb80b27a771f8396ccb589dfd7f5050dd2af5efe45f930675efa9fa29071fb7e9148a449bc8d2a197e04c5c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      0a266241651a64718bfff259d610e527

                                      SHA1

                                      252cb5a8cb1bbd7d31325b1a3db2ba37cf435cc3

                                      SHA256

                                      417f39a632b91932df28dda0ea1b919cf8fdf29d7f2ba8e4917e225e386de288

                                      SHA512

                                      afc1dea84bf7a8d850152543367f02aecde55550ae91836457386e8a5a6f5ad5a6c9d5542260aeec6214e85179f679372bf74ed0510c625ae23161ab20508ab8

                                      Download Submit

                                    • C:\Users\Admin\Downloads\2keyAvast Ultimate - DriverUp-2025.rar
                                      Filesize

                                      349B

                                      MD5

                                      24cd3e96d80b0d49fef29befaf50c56a

                                      SHA1

                                      f3ffea654ce1c00b508a2df7f894b7f3774381fd

                                      SHA256

                                      6ad0e26204b122e4cbaf84526a9e3a55be4107c1211ca90db7fdffc26804452e

                                      SHA512

                                      cb59d8fabe9287525411a479fca7850f63eb00a32fa01a570ee409304267ca37d4c20e8804391f6a84013e2151bd85eddb4ddf11d2cbc4fd73bd3f802ded2ee5

                                      Download Submit

                                    • C:\Users\Admin\Downloads\2keyAvast Ultimate - DriverUp-2025.txt
                                      Filesize

                                      559B

                                      MD5

                                      5da5a59a29cd2e34a880ca3a47175568

                                      SHA1

                                      97c2a5aa0b98423f7834598603afdde6d939b12b

                                      SHA256

                                      1f01823142d241bda33bbf92bc7ad58622aa658b2a98f10fd47a5f2c4346aab5

                                      SHA512

                                      6d7d00650ba6b4727e3a7f95c713be3bf67debcaef02a807caf3c3e3e7fada9de66a84bc9b1712e3a41093f18ad9faa8728a1b52950c9a6814e88830b9be1df4

                                      Download Submit