Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
112s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04/09/2024, 08:58
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://get.hidrive.com/8Xy2gJnH
Resource
win10v2004-20240802-en
General
-
Target
https://get.hidrive.com/8Xy2gJnH
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3812 msedge.exe 3812 msedge.exe 2912 msedge.exe 2912 msedge.exe 1372 identity_helper.exe 1372 identity_helper.exe 2400 msedge.exe 2400 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe 2912 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2912 wrote to memory of 3788 2912 msedge.exe 83 PID 2912 wrote to memory of 3788 2912 msedge.exe 83 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 4516 2912 msedge.exe 84 PID 2912 wrote to memory of 3812 2912 msedge.exe 85 PID 2912 wrote to memory of 3812 2912 msedge.exe 85 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86 PID 2912 wrote to memory of 2756 2912 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://get.hidrive.com/8Xy2gJnH1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2912 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9f5746f8,0x7ffc9f574708,0x7ffc9f5747182⤵PID:3788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2352 /prefetch:22⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:82⤵PID:2756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:82⤵PID:1664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:2576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5184 /prefetch:82⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,8677259607892184280,9450554994626479083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:12⤵PID:4536
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4580
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:328
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD556450abf39a4158137722014ea0610c6
SHA1835a4082eb14873b7485b19855290bbce5db98ff
SHA2562d7b3ed7c88886cbd0421bd091262ac80abb982164347c07c5ccbed33b416e54
SHA512489ef5c8f7ceb94959fc3da8acf7e25fda18d08aade240b9812341f5a09d60ab80293061938c5765409ec820f2cb56cc596c857a0c37945662d811b31b4e2db7
-
Filesize
563B
MD548d26a28b94c29a6e28f615d5dc2d3bd
SHA1631611d556304daf3d584e7af5d22723047e5061
SHA2565b833b821654100baf9435f5137110020e63dfa68499c221ddcb8ee735a22379
SHA512ca549af0d15999ac59e77f0461e76af4579645b1946256fc91ce59894a36fe907d02d048385f85c8313c38e688f5c136374a37dc9c3e22d8d0b5fc56dadd0d38
-
Filesize
6KB
MD51a7ee242fdbe3ef1d339d0c455e9d3c8
SHA1f94dc05247b65f060904e4895edb6c3d537915ad
SHA256b10bee63c622544cc4d15794c8d648781467ee12577cbe335e9cd09a029004d3
SHA512f5455f2d84226b63bf1242c592f07842e0b12193ba15489252237af8582fa8c5ecf06f72b46f122443959b5ae52aa5de9d51037f2879c965c843fd486a2177b2
-
Filesize
5KB
MD5ab5106a3b7e7328a9482fc9f30f687ab
SHA1b534e62f1b23646aa94492801d1c752a9477b566
SHA256c4643dbb3c227acaf365c9b4f7f4b62c6159f9d3e4ffc9d37437e2b363bf20db
SHA512a7d99e98c0dde1fdc98b76c2314a0659af905e9643a690926f8bf4824880e974c34759f92a345e7e6d171facc258a44c6b858a7ac6b869637675262c0a24790b
-
Filesize
6KB
MD501bdfed3f3476aec7e499d0a7a3861e2
SHA14f9a09c4d976a8f4b6e8677cb20162a1c6ab74ce
SHA25687d320c0bc3ca4631a1f76a43789b0ad40d40fcd7c1e7531cca3ce4a55ee7301
SHA51299ca64262a668fa40964a74c230b0f10f243b2a85a46c835393ee62411cbe2004eb6022a7c3118437b7a4c346b8b93d25d8a9217d97d32069925e8fa8fb826a7
-
Filesize
6KB
MD5683b1119650d9b12218e1aff19b82d9e
SHA18c0c4ccf7524491dd4e645dc820ff11fdf513e29
SHA256d7d3aef754e1e0ed9a8712e4b2fb377de81a6be1c1d2bfb529b99b9dd6950641
SHA512fae4dda8a802d71c324a7c21e75da0bce8f788e08393304e098f0fb6c15d83ceabff6673dce71cc76f19daed8276a46186f4efe0f16e2c149abebe03ee95635c
-
Filesize
203B
MD58920ef58a219ac533f70710ea6124f5b
SHA10b7aadd0abe54326daac85add2b00c85da2538be
SHA256cea198d936a993f99a7ffa390921b44393a539ff031746cba3bb513e7f75ad44
SHA512aa466c491c4cc0e75b8292997b6f583b0fabef1ab1fadf79b8c1b8f10c0476d0452ab25decf4a4e877fa1e8a0da7cd842dfe87badcb01c0e712459480f9cc3b9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\df1bdaad-5076-4a47-bd9e-20f22cc0cf1f.tmp
Filesize371B
MD58ea886668ab9d2148ce38ac390fbd454
SHA1ab3342bf90c71c0fd7a2cf810ed6c03115875b9f
SHA256ed2b2856625fea81304f398bd432781ee5717813981910824eb6184747ab5966
SHA5122392552baef53cfb055244330511727d77e2662d6691e911387ff5aa4a4e6c21771946c6de048b7c9602217c0d9a817c9265b69f39e9dec9758c67f0de7dd296
-
Filesize
10KB
MD578364b256191acada98d1dc919a6889a
SHA158c50f0fa6b0d66a0084d21012daba2e0ca40c11
SHA25651a0a2734a438ec9868d051cd883b9d50d966934ad25909e1997dfee95dc4023
SHA51293dcdf916099e354e33bef9c41544d359f5b4f625332212fc5890e882d8b929032f7b4a726194831609ea28ec0a9ccfc167316b10ec58723c739b4bd935a45ab