Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

URLScan

urlscan

https://tinyurl.com/...

windows10-2004-x64

3

Analysis

  • max time kernel
    63s
  • max time network
    66s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/09/2024, 19:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tinyurl.com/AOKDTFIX#[email protected]
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:516
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ff9835546f8,0x7ff983554708,0x7ff983554718
      2⤵
        PID:2176
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8575601983702324200,14054088538807421598,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        2⤵
          PID:2156
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8575601983702324200,14054088538807421598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4764
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8575601983702324200,14054088538807421598,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
          2⤵
            PID:4384
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8575601983702324200,14054088538807421598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
            2⤵
              PID:2924
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8575601983702324200,14054088538807421598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
              2⤵
                PID:840
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8575601983702324200,14054088538807421598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
                2⤵
                  PID:1000
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8575601983702324200,14054088538807421598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1700
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8575601983702324200,14054088538807421598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                  2⤵
                    PID:4844
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8575601983702324200,14054088538807421598,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
                    2⤵
                      PID:3032
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8575601983702324200,14054088538807421598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
                      2⤵
                        PID:4788
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8575601983702324200,14054088538807421598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
                        2⤵
                          PID:3252
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8575601983702324200,14054088538807421598,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
                          2⤵
                            PID:3780
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3168
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4156

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              ecf7ca53c80b5245e35839009d12f866

                              SHA1

                              a7af77cf31d410708ebd35a232a80bddfb0615bb

                              SHA256

                              882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

                              SHA512

                              706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              4dd2754d1bea40445984d65abee82b21

                              SHA1

                              4b6a5658bae9a784a370a115fbb4a12e92bd3390

                              SHA256

                              183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

                              SHA512

                              92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              696B

                              MD5

                              dd50a9ce7245ab65b97d00a9e92b794e

                              SHA1

                              ccfe1082bc44d83abe7ce18d73f741f456ea09fe

                              SHA256

                              ffd3c51bf8b2035934dda141db368160610380b76cc13ee3cf80706f69c674f0

                              SHA512

                              4541847bb9d8fb331f7b46b1ea7d75bc9e18f2230260a5e1bdd014251c181894c8f7058a21b994b605fb1d97281acfab735cf09af66c3bff406a1f70770a5a06

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              61c96d3d6a599aa3078c5e5f8c7cd6d0

                              SHA1

                              1db12aff4bf9f43976ca6dcd0e6aea2b4ac88b51

                              SHA256

                              bebd4250d86893662b070fcf1d2fc9911fb93351980bfc0e07350d66a343afcb

                              SHA512

                              6676733ea3b36e68943359824723d8d75fe9b21ca8f43491f9b6a2b9851376de1155ae08c6d62dc108c54e449172c34c68678820ebd2be76c44ecfa8af14b239

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              5cd10b85ce81707450461d80a1019c40

                              SHA1

                              3b217c2a36bf71869de0abe4c1a0feb10c8acbd7

                              SHA256

                              1558390965915bec71fe661a8975b83308e1e7850c5a193c6402f71f7c4aca40

                              SHA512

                              d328d6e4fd2cc8d25fab0a55fc26bdd190d6d4a97babd1e29bdb56e9ad25d14c218a9bb71a83226a9638bf9bf3d16aff179d9305d8a9dcab09c93ec72b78ee39

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              8KB

                              MD5

                              b49df6e33df6463a34bc629263259e7f

                              SHA1

                              573e50c440122fe35241fdedccb653bbf52829fa

                              SHA256

                              21b4eb4ef1d22702210d29446f28d02814e56b51efd4d0408c99ca5915ab944e

                              SHA512

                              060a5834c73ab8136af6c2f2a8c6a54d5506b9abbb0ce77ccc450be9108ba6348bb9332ff2acdf5e8ef72268480885021af519ec2ae351e03e8da21ca2432344

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                              Filesize

                              2KB

                              MD5

                              c126873a14158c99638c276721821b9d

                              SHA1

                              de84eff2388f6f08b83afd14d82ed4c94590b5f1

                              SHA256

                              b90da9ac92250624e05e57b903cc48500e3d7d2a7d36e0f5c83622c10137e77f

                              SHA512

                              622c52f739c700e16ef2a2731aeda40e37b28b4ba54c773d898a1d6a5ac21c558ab6d7233944b94c86376072ad71d01906aee01779269f46b99248626c436b21

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582565.TMP
                              Filesize

                              1KB

                              MD5

                              bb7714a58b1d44339b0d076a947cb2da

                              SHA1

                              d1a75f979a2e3816816b8c2572b6ae51b8a62369

                              SHA256

                              9efb1d947436717a28b4a53c6227b560527c7e406ea2546989dd779559bd3f28

                              SHA512

                              2300d4bf69d520965ea0024a0b1d0186ec40a87986effd02283d2f2c56aaa8bb418263b1d4b2012a2ee724b6ef56742f9fd449c9f8d91e859b7ce3086a0d65fc

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              10KB

                              MD5

                              12e799ac74e51a060af520544c3bed12

                              SHA1

                              f4a8520cac35d15f1c977f428004e1e7a5216553

                              SHA256

                              b6233081e397b1e8252e408e6fdaefbb343bd974661066dda31efe1ea023bd62

                              SHA512

                              68b0ce0223402b564c13102253adaf3e6e06ecb68d508302149e4572dff805a93c7676d6965bb417ccc1521a5985c91d3e946cc43c7cc54d36b54c5e87fac9bb

                              Download Submit