Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
66s -
max time network
68s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-it -
resource tags
arch:x64arch:x86image:win10v2004-20240802-itlocale:it-itos:windows10-2004-x64systemwindows -
submitted
05/09/2024, 08:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/simplyblk/EasyInstallerV2/releases/download/v1.0/EasyInstallerV2.exe
Resource
win10v2004-20240802-it
General
-
Target
https://github.com/simplyblk/EasyInstallerV2/releases/download/v1.0/EasyInstallerV2.exe
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
pid Process 5364 EasyInstallerV2.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Non confermato 578182.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4408 msedge.exe 4408 msedge.exe 2672 msedge.exe 2672 msedge.exe 4356 identity_helper.exe 4356 identity_helper.exe 5236 msedge.exe 5236 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe 2672 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2672 wrote to memory of 2560 2672 msedge.exe 85 PID 2672 wrote to memory of 2560 2672 msedge.exe 85 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4252 2672 msedge.exe 88 PID 2672 wrote to memory of 4408 2672 msedge.exe 89 PID 2672 wrote to memory of 4408 2672 msedge.exe 89 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90 PID 2672 wrote to memory of 2344 2672 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/simplyblk/EasyInstallerV2/releases/download/v1.0/EasyInstallerV2.exe1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2672 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa888446f8,0x7ffa88844708,0x7ffa888447182⤵PID:2560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --lang=it --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --lang=it --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:2344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --lang=it --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵PID:1528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --lang=it --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --lang=it --service-sandbox-type=collections --mojo-platform-channel-handle=4788 /prefetch:82⤵PID:548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵PID:2632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --lang=it --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5800 /prefetch:82⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵PID:3196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --lang=it --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --lang=it --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵PID:384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,9163937793530576278,11146572630351383561,131072 --lang=it --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5236
-
-
C:\Users\Admin\Downloads\EasyInstallerV2.exe"C:\Users\Admin\Downloads\EasyInstallerV2.exe"2⤵
- Executes dropped EXE
PID:5364
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4852
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2880
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ff63763eedb406987ced076e36ec9acf
SHA116365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA2568f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f
-
Filesize
152B
MD52783c40400a8912a79cfd383da731086
SHA1001a131fe399c30973089e18358818090ca81789
SHA256331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685
-
Filesize
6KB
MD5b951f44481662188fbe914457dde1454
SHA17d40ca051adf81dcc75c62adc33b34ac3f1b776e
SHA25631be0092660220b16a5c0d6934693bdac070ae9a71960b694b4f509455b289bd
SHA5126abba05ed9e2181d3102735ea725c6f72de9a3ef14b05c59c22dcb57e2afe5fe259b8786295de7eb22991ae31de73ff22fbf592c4ea2f6a48bddd3b3926307ef
-
Filesize
5KB
MD53061afcef23a4adfee7cc049802838e0
SHA1246557d1c4b9ab05294ddada5e5f4f310b61ec41
SHA25624cb72167a7da0ab7e91728c27f359a7f3ab021b20e8301d986f2116cfbe9610
SHA512cee1a7b64d15a75d46496c3c907955382fec0d32f4a9ab4b3a409eaae7ca9c52eb2aa929f5e9922f1e229c795675de612d9bac3eb4ae979537deb83b49e71a4f
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD52f3a035d5ff24401297cc232fc1a4c64
SHA1bd70797e8dbf4cc0bdf3b664138aa7ed8bda3527
SHA256e6d9655dad596bd58e2b5b93d695286fccb49c0e2f982eba1672dc7d19a67000
SHA512a7ab9c9a6794a48563ac517e35b43f585eaff9aa8e4429e5a975c6db7a8e84afef3cfa2e1dbce97dcbe71d5214c8c65be9919e92be52b54578977aa03bf55a33
-
Filesize
10KB
MD5b8575bc3985d21b044213938b6d0d7f2
SHA11656194d1910feecf623a20f4bcb75d9a5913497
SHA256d3069631d6b4faf7a55efdda7fdbe371839aa78e13d6321e8ca25e0434862f5b
SHA5120885ead819dbe579f1f807baf61b5fc534864f6f1e6a1ad267a8f5fe0968b6bcbfd94619fae596fe2a47437c2ade8dd0dbc3574657e89945ab4e962a83fa2d4b
-
Filesize
962KB
MD55a46b28921b11a5609dd6b00bb334b40
SHA14b1f6bfb295aa65203554ee7f13ef146d2f419a4
SHA25618f755483c9b4199160b0fecfd8b1ba0751e24419b743cbd27a95acc5cee10c9
SHA51278207fa2a4129af4f57a8036223a6743f177b45ea1f950085d8dff2341e882f0f8fb21834d28d7c30878b6f971d14f4651acd21188c0fd6abf45f4104dcc224b