Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
01/09/2024, 14:31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://venkatramacalendar.com
Resource
win10v2004-20240802-en
General
-
Target
http://venkatramacalendar.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3168 msedge.exe 3168 msedge.exe 1072 msedge.exe 1072 msedge.exe 2028 identity_helper.exe 2028 identity_helper.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe 1072 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1072 wrote to memory of 3244 1072 msedge.exe 84 PID 1072 wrote to memory of 3244 1072 msedge.exe 84 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 212 1072 msedge.exe 86 PID 1072 wrote to memory of 3168 1072 msedge.exe 87 PID 1072 wrote to memory of 3168 1072 msedge.exe 87 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88 PID 1072 wrote to memory of 2040 1072 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://venkatramacalendar.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1072 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ef2a46f8,0x7ff8ef2a4708,0x7ff8ef2a47182⤵PID:3244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:2184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:12⤵PID:2512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:82⤵PID:1416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:2680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:1880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8939552411274636263,10015399329888949044,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1172
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:680
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3648
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize480B
MD59c2ecbb414e83e2f973417088bf26995
SHA15cd6c958047f801dfd31247e8012443985387352
SHA256a653367ae9b0fc57ae188bd6b5276222db9c3f4a084aa6ef48d20bfe0f2ba2e9
SHA512bfc77b8e7f3c62bac4d0261f3b8781b61cee91922cc029708d49af31c70f35bf471987fae93d266aac6475b3fdbafebe27392c6f83a1493cef86990165202632
-
Filesize
2KB
MD5e493314b705e6cb6b8365428ed98c814
SHA1f62b04280dc6783b8cbd2c6cced5a93ac73db370
SHA2565ac4588d38776a6214464568fed24e25398383cdf529d7472ba3aeedd8619379
SHA5121f639e8d32c945dd68b54569d8dbdcc9b1a09e495d7622481bc86e55ee0ff514a8c5d01291bb5d95673a90f8617c71929d528228a4046c374b3bc049d1fd17a3
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD503bd76c6c893a1e368062dd2f2a3196e
SHA1834be1dd0164d2f552914a9b4505fa2b10cc6d51
SHA256f63363a186358427be1aafd8756d02f4588feac4ca8e3e2883a3dc4d2b7da7d1
SHA512a157ec80789af6cca6af5b037c619963fea0aa723c316dfe10b88aac18e4e1cf722925f87e0215676acecb8c72acf1481018cc6f718a571bd4cd72a7f23d2e2b
-
Filesize
5KB
MD5c292ed5f424f9280541734722c6a369f
SHA1a16573726888fd30abb3d041cf59904fcf9987b2
SHA2561d3df7644985cc7b86e1497326ae6b01a59f3004651534785150a0176c11999b
SHA5120d48e2b4694bf9ef22b586e9d11461e6e93a091c0abe75c496947f2d515a896c0879699bd027bd770cb2ca532aaf6a8780adbbd17c4e345ee4d8759e09913332
-
Filesize
7KB
MD50821f66a82d646fe6d96ca586884dc21
SHA1cfdbdbed2af242aecc7a8c5d84c31495e74789d2
SHA256a650e744c248806ceeb2be89d67bcb5ac6682ce9691297c6e3e7784d0afd3de0
SHA51287ff1e31eb2a7f9a800a2bfc191a31c4be3b0258458fe642330619954fe98bcd573cac3d60ded5a89058881cc4848150d58a2b702af2ca76382df4f621eaf3d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD5c736737422f6451f04e458f3f2219c26
SHA17538c9a0753d993e07586bd6e0eb4e960a5891c7
SHA2560c559ae854f011bef399f8d149891161e5d13fd87fe819d4392cc416da4e6e58
SHA51257431d4120e26dd7c37eb6944adb708b2f3481663b1425b42fdf21627d57b3c00624f9636eb44b379ab5ce62ca9173abbaeb63ff6a5a6177b7dca480a663b57b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581807.TMP
Filesize48B
MD5a7ef1f5b20f23f90e9a158609e1c05ae
SHA138a7205b7ef1284f08c29213aba9729377627683
SHA256a6f75750a367e454d8001e77d49d8375a763e9a228488c89ffe46adb0b12f2f8
SHA512f46ebd437870ba6bf7f3c8f9fea39049a40b4b0fd92c9c2d2140ec961256193d00b4c9fe32ebd5776389e54b693f571c823e1de1d8ae2640605ed4e3246ee380
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5380875d687ba4b161ede2bc7c6958f5b
SHA16e87aa48e448d83c139395a3e501e54f0c76ddca
SHA2564bbf0f78f002791215dbb55e3dc81dca4257530d1bb97251bc3bb235a75b958f
SHA512acb4e60d7176c3b9b26acc953d5025874f2a0994e25d4310aadcb5895bb4dda0c5c77128264eb2e9bebf6c4abe03629c763c4eb22c6750e41851b570643cd6ad
-
Filesize
10KB
MD575effc49d65b29f10458f05d10014827
SHA1cf1717dcee28da705b4b6802d1c796c04ef68ed3
SHA256937130c7ec8466fa3d35e2dd3e500a7e498a9863f1b267c59e61750ee2c9e54b
SHA5125de41bfdf892fb71bdb98e17ea31687f84732c8b3fb3d6d928143428348d74075a3a79fef778635deb1f312249c45a402bc2529da6866e7d1d3b6223872386d5