Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
960s -
max time network
967s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/09/2024, 18:38
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2652 msedge.exe 2652 msedge.exe 4020 msedge.exe 4020 msedge.exe 4836 identity_helper.exe 4836 identity_helper.exe 824 msedge.exe 824 msedge.exe 824 msedge.exe 824 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4020 wrote to memory of 4052 4020 msedge.exe 85 PID 4020 wrote to memory of 4052 4020 msedge.exe 85 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2760 4020 msedge.exe 86 PID 4020 wrote to memory of 2652 4020 msedge.exe 87 PID 4020 wrote to memory of 2652 4020 msedge.exe 87 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88 PID 4020 wrote to memory of 5076 4020 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://myaccess.microsoft.com/bcgov.onmicrosoft.com#/access-reviews/9414a616-c842-4de7-961f-730e8631edaf1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4020 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2f5f46f8,0x7fff2f5f4708,0x7fff2f5f47182⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2430811129469035402,15180978747008963875,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:2760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2430811129469035402,15180978747008963875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2430811129469035402,15180978747008963875,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:82⤵PID:5076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2430811129469035402,15180978747008963875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2430811129469035402,15180978747008963875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:1260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2430811129469035402,15180978747008963875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2430811129469035402,15180978747008963875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:82⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2430811129469035402,15180978747008963875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2430811129469035402,15180978747008963875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2430811129469035402,15180978747008963875,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1464 /prefetch:12⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2430811129469035402,15180978747008963875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:2636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2430811129469035402,15180978747008963875,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2430811129469035402,15180978747008963875,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2712 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:824
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3596
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2656
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD5ac3faa8ebc448c91bed8af5eda3a2942
SHA103f1de4c33f138c5d5ff84ba548cfc5c9466e005
SHA256cf69d113159f7ab3ce5838d5fc50be06eaa6c235db874ed8330805786fb562f3
SHA512c9012c3b82833055dc8faaee429f45c745a5d2a3282b5572320fdd0277b92ff382b8acaac074a772c87562ed226355aeaa6e6580510cff3d3f67cd29f7055635
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5651676026f3333a79c336786d64f07f9
SHA14cdbc2389b9bf6cf18adc2752bf7582331751ab4
SHA256b4cfbe4c44b2fd4683e9273ed47faaeadeae18610ef4bed364c65ce2840be529
SHA512eea7a44dad862a118e58ddb358808a1d56744846d858a9e9c5923fde332f645b5f49118803b9596ff1a240838ad00200f3e60b3378a5c36198014cef0771ddeb
-
Filesize
452B
MD5344113e25f6dd67f4cfba70dc4d308ff
SHA114ed15f5d627b1d20bf1cde4ed322ecc26eddd4c
SHA25656e761c3a32dc0059836b903a4d8c3b8156662b98d2b9810decb4eb6a3e9ac95
SHA512cac1608006610cc7c8606bd5b07227a1d8b3fb7371be4b6f54f90229acc68d3b83be2ef4bd33dcffbd2b9a5bab5053982a911ad1a4369a250120e9f461cf1c4a
-
Filesize
6KB
MD55d21bc4a0166443bc50add312cb5e138
SHA153aad372309867d91de2925ef6745458281a099d
SHA256fcad0e463b1cf708807bf2773c080da16497efa5ddc50a968c3b9a14c5a5e150
SHA51251b6062219d4ace3eb9733cb9901d13eb9443235cbbd64137af16f73fd38a84c53c16701fa8efb0a00d8c042c7fc49c7af5973388d797295345d72a442fbbfb6
-
Filesize
6KB
MD53fc6f52e3ef40c68d60e35a488bdb221
SHA10bc6e713d31ba8ccaf038631a22e3ec714a7214a
SHA256b47cd82a5c8fbe48335ebbb08d39dbdf7c755c585fec9ae07e3e6203bb0d6564
SHA51208397227e83e67f29c6891eb83f4c2735e09a5b81cb600856b5eeb1f3eb8cf39fa007491a54bfe749de312247910e13a5c8c8b012d19143d969698007225dd91
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389