Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1680s -
max time network
1685s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05/09/2024, 18:23
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://oldgamesdownload.com/file/32145-3/
Resource
win10v2004-20240802-en
General
-
Target
https://oldgamesdownload.com/file/32145-3/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3896 msedge.exe 3896 msedge.exe 2384 msedge.exe 2384 msedge.exe 3048 identity_helper.exe 3048 identity_helper.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2384 wrote to memory of 3460 2384 msedge.exe 83 PID 2384 wrote to memory of 3460 2384 msedge.exe 83 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3880 2384 msedge.exe 84 PID 2384 wrote to memory of 3896 2384 msedge.exe 85 PID 2384 wrote to memory of 3896 2384 msedge.exe 85 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86 PID 2384 wrote to memory of 4816 2384 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://oldgamesdownload.com/file/32145-3/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2384 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd472946f8,0x7ffd47294708,0x7ffd472947182⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14263403632152559429,16028617111576528433,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,14263403632152559429,16028617111576528433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,14263403632152559429,16028617111576528433,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14263403632152559429,16028617111576528433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:1548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14263403632152559429,16028617111576528433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14263403632152559429,16028617111576528433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14263403632152559429,16028617111576528433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14263403632152559429,16028617111576528433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:82⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14263403632152559429,16028617111576528433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14263403632152559429,16028617111576528433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵PID:368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14263403632152559429,16028617111576528433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:1904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14263403632152559429,16028617111576528433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:12⤵PID:1984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14263403632152559429,16028617111576528433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14263403632152559429,16028617111576528433,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1916
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1000
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2456
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ab8ce148cb7d44f709fb1c460d03e1b0
SHA144d15744015155f3e74580c93317e12d2cc0f859
SHA256014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4
-
Filesize
152B
MD538f59a47b777f2fc52088e96ffb2baaf
SHA1267224482588b41a96d813f6d9e9d924867062db
SHA25613569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA5124657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b
-
Filesize
211KB
MD5e7226392c938e4e604d2175eb9f43ca1
SHA12098293f39aa0bcdd62e718f9212d9062fa283ab
SHA256d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1
SHA51263a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize696B
MD52631f58b3e4c3b2f2126c2fc2c7181b3
SHA152f23bb869ad81a89dee0445fe4db227c316ad15
SHA256fed26cc7523a22c4a5e21ef18624afbd101ea108a098b0b0b38a82bd916012ab
SHA5124108cd93d40e775416dd3e95da8777bc26cbdda8208556fa25a713bc55d9c1ae70fbed019f53d2e776c7066e4a4063329de20f59cb99579911769bf21b8a4663
-
Filesize
2KB
MD50d1a5e05ac7e0a8d62e29a8687fd8b12
SHA13b839b4d8afa288936f5fd013850edae82111a58
SHA25618d1ede2455997e934cabd556200609422cd1d29b65ec6d2ba248b238e8aed61
SHA51243527c9fd4dfcda3b2112e3cc2f8950c6f55bd2cb3e40adfa84dc6fd7921e8d58a5790ef8bdee8039c22d4c50b1257fd5378fdd3e58ea9865c1cda18c1ecb1cd
-
Filesize
5KB
MD512ae3583d29959af22678f613dacc40a
SHA1fb4fdd9168e85f7eac674e57f1113171e69e565c
SHA256804c1ac14d1f5c2a8cdcce9f1ea892914b0630b1a172ef940e14e5cebecd6e26
SHA5123ed1ad9ec87be5a073db8e3e566ade2ccd9661c62f72b3ac1c6301ca2b18975200d1bb7f62175dffcd6350d0e907201aea13c7faaab0ffb8ac83e8e8c84ca0d8
-
Filesize
6KB
MD55ea276fe7738d5004d5abb25a1aafc24
SHA1b1ae65a33c43e1942ad11dc7346b1d0576806e2c
SHA256b40ac759af74a5d7aae5e96cc86b10b94adb6987602fe42999c00fc45f1c9c8a
SHA51204a29a6cceeeb4e73ab353e6866594875d1959f0ae4347f1e1da35d45508dced49c59ab5d88c3ea33b9eb3e5b95ba21251fbf671c7f69ba367009d39141463ef
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d19423527e2ebb01a214735213f9ea1e
SHA158b861167f841eeac747c34ede5c18d7b2b5b4fa
SHA25633d65434b6447dde19f7a8c18b1854d7525085f35bda893789023805502302e4
SHA5129af0da6c031030cee9b6955abafcd71a9d4075628fd252ddece9a948e1b83acfc34ca12a70f11f3e5ec998f30338f6925cf93bc2541af413d5e6cb90e0489f7a