Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/09/2024, 10:23
Static task
static1
Behavioral task
behavioral1
Sample
dc64f01b6c09bb3dfb6f08879785f94ac0edd407c34808087b2203d6e854a9e7.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dc64f01b6c09bb3dfb6f08879785f94ac0edd407c34808087b2203d6e854a9e7.html
Resource
win10v2004-20240802-en
General
-
Target
dc64f01b6c09bb3dfb6f08879785f94ac0edd407c34808087b2203d6e854a9e7.html
-
Size
45KB
-
MD5
ba7543f5c0dd6215798b5ee21b909d70
-
SHA1
391ee203d4c5a7f44e443e3e488b5fb1d41febf3
-
SHA256
dc64f01b6c09bb3dfb6f08879785f94ac0edd407c34808087b2203d6e854a9e7
-
SHA512
4c18183717e19ffcb226f93610a1589343287132cefd39e81acd94f5230bce2b65b3af504fde0f54145d91cf28ebe553994c7b278e3fc39f87f6aea6985bc7d1
-
SSDEEP
768:+FY5IRIOITIwIgIJKZgNDfIwIGI5IWJ7SBIRIOITIwIgIiKZgNDfIwIGI5ISJ7SI:RIRIOITIwIgIJKZgNDfIwIGI5IWJ7SBY
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2736 msedge.exe 2736 msedge.exe 1352 msedge.exe 1352 msedge.exe 5080 identity_helper.exe 5080 identity_helper.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe 1352 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1352 wrote to memory of 2168 1352 msedge.exe 85 PID 1352 wrote to memory of 2168 1352 msedge.exe 85 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2820 1352 msedge.exe 86 PID 1352 wrote to memory of 2736 1352 msedge.exe 87 PID 1352 wrote to memory of 2736 1352 msedge.exe 87 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88 PID 1352 wrote to memory of 3276 1352 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dc64f01b6c09bb3dfb6f08879785f94ac0edd407c34808087b2203d6e854a9e7.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1352 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3dd746f8,0x7fff3dd74708,0x7fff3dd747182⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2300,9236361981832998332,2251383948309527969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:22⤵PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2300,9236361981832998332,2251383948309527969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2300,9236361981832998332,2251383948309527969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:3276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,9236361981832998332,2251383948309527969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,9236361981832998332,2251383948309527969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2300,9236361981832998332,2251383948309527969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:82⤵PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2300,9236361981832998332,2251383948309527969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,9236361981832998332,2251383948309527969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:12⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,9236361981832998332,2251383948309527969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:12⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,9236361981832998332,2251383948309527969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:12⤵PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,9236361981832998332,2251383948309527969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:12⤵PID:2560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2300,9236361981832998332,2251383948309527969,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1404 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2044
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1228
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
308B
MD58658667a6366f6e2742a2d80b6d89c33
SHA1b80e9aa71bd5ca8402f386d7ed7627d942f22852
SHA256bfda058ab030e519e0cf3054d1003ce2e3e95833554d8e5a71bbaf89676d12ce
SHA512b579b1a8cd746bf48a522c61c9533266a2111809dc1be7f4d791eecf9cf443bfae4c2b3a52aa7c52586a1dddbdbd8451f87b81f4f0d4236249f91f0619b3e858
-
Filesize
6KB
MD5c3badcef66457340818f78c12eb1f5e8
SHA11710ea0cde3a21dc7b1793aaf328f3953b5f7cac
SHA256fa845de11f8b2613b47db7ae22f6e85111828ac4f2aaba5bbd0dcf3276f32fad
SHA5124cd71105739e89480da1f8a1c89b5cc02205bab8fcf22736537dc2f09d688dc6c3136caa4a4e485bbb0fcf456a1c840d9ed0c8bb02d194be2aa3c1b245e08a4d
-
Filesize
6KB
MD56e1d6d9a826980a6ce26a39d040d9326
SHA1585276819c581fd9e60fccfa56b9efa06ce40694
SHA256e60d33bfa9f5e0f60d15cc6a3a60de4df5d9f8818e6ed62cca015bace898dc66
SHA5127a73d2453d6142b1b8ee8f579c2e2f343954fb9a25bf3d8b189f3d95ded536b20303ae1cc78a9b750ef1aca386b81b08144d7f2d0077f047398810a63dbb3543
-
Filesize
6KB
MD5a2efe95f060f4c89ea9d5f5cd287be03
SHA125e43c473a38b6eb557e59b5173adae5d6aee468
SHA256373f12bf58d6907fd6c8cd53a97c5ac4abb82647890b271386a3e87aad781a0a
SHA512f3ab4525ec1bdce4a01e0a645eecf8da1ba11736f9ff9858aec423ee49583ca7dfca1da66ca30272d60806325777aeece06db2c96aba426d0e68aae63ffea43e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5a45e681e8ae4bb5db92b663cb822df70
SHA1364be5c0653ac292538f0966258f588b30f987f4
SHA256ba66249519725f145bdd778671341c707f133168bb89119b8627c5d6a3df6c05
SHA512d122a92026d0b6fcd3c46e7effd17f69e64c7804343abfbd5302a4578ee3b97a270bd78bf9537f02b3749ccc48db0966a51787915e46f490b75b76fcfe26a1cd