Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
12/09/2024, 06:48
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://datasciencelab.nl/
Resource
win10v2004-20240802-en
General
-
Target
https://datasciencelab.nl/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1112 msedge.exe 1112 msedge.exe 1284 msedge.exe 1284 msedge.exe 1388 identity_helper.exe 1388 identity_helper.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe 1284 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1284 wrote to memory of 3116 1284 msedge.exe 83 PID 1284 wrote to memory of 3116 1284 msedge.exe 83 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1844 1284 msedge.exe 84 PID 1284 wrote to memory of 1112 1284 msedge.exe 85 PID 1284 wrote to memory of 1112 1284 msedge.exe 85 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86 PID 1284 wrote to memory of 4300 1284 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://datasciencelab.nl/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1284 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9991f46f8,0x7ff9991f4708,0x7ff9991f47182⤵PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:2592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4068 /prefetch:82⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:82⤵PID:2292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:4140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵PID:1328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10163948138176014677,247035861404196115,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4452
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:996
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3652
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2ec 0x2c81⤵PID:4588
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5de8625806f682be231a7a3bd30234d43
SHA155d847124e2e8399c8e105b6e4f466fd88eb4b0f
SHA256e10c7c4b1737ce0123aa6b53fe6f3a5585fdf5fdd2df6ab0de1b6cf12e34aca8
SHA51204a467416ec417c8536748924b62485bd5111398f3128d00be16352981d2595a0ec9821b24c7ad46f08d27fc1f49151a7b22784de87cdc0d61c30b117c8eed0b
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
1KB
MD5d2064bf91e5b8bd78ecc8e0c332a138c
SHA18e094b10b2565494d3967980d9e98a70f6a93928
SHA256280016dcd4657c9c13dc4dcf30f436f790ebdb10083cd3541c56ec72ec7c893f
SHA51218014d3e66a411933339fd976b421a5bb074db456ac8a5511e0fbd6bf6bf90ee9272855c1a238ef4ecabe9a126091ee17459c73351e31e7231f6aa21aa30de83
-
Filesize
5KB
MD5053099f6baaf821cc4d2d0bfd1039f81
SHA17106a98b34039abaa550ef4941210875ee2bce86
SHA256c37ca89ffdcc2b903465e40c098c085ba772376efe141fd319e91942f8b4a39a
SHA512daa2827582ab703735f4fa4832a3e32d2b0a018f40c2b616ca534943acb34c9e13d2ab7e12efa798bf556ba7f62e8edbd85b2885b487677e638544da7bbe7c25
-
Filesize
6KB
MD5247d5804efb90caedc0d8229b01444e6
SHA188debd6aee092b05b194165dda6087dd1846aa78
SHA25656df60f3b72bdb09953da032f3acb042175a80eef30b1048737240e260dccb44
SHA5124188230d6c3a10bf79b9e2f600721899c7c31597c0827a5c082f30f0b28134aa7f6ccfdfe371d4da4b717bf1ae64c922e660acf6633bdb51b80b2bdfb603a032
-
Filesize
6KB
MD53366bfb62c80ea41b3eff72db17e16c9
SHA1b36084a77d237d076d5a23e4d63cab72a370f852
SHA25696fdc1282d15d4d607ada3150997d96761c49543cece7394e6c6cd5072dbe97e
SHA512d6c0858e8d34985862b6032e239dd1f002430ccf1a06bf98020ad440d359bc46d918559309df596b2386fdc6b86d86d2cd45b62233c4435c50ea2eb8c1a555d8
-
Filesize
873B
MD55d98ebee50528cbbf7f82a508a05b99c
SHA1ae74687caa3ff18066e214baa0e12f82c386b139
SHA2566dd835983859cf50d8213be17b0fc3eb1b53fa1421a9f8a256e386ccf14b558e
SHA512213eabadea14d72f78322bb2139bc5f49b8f440c543ef1bea4512b8b4a1677504bd412b349b458a3b9a6d9e24042d2010ca1ebdeaeaff3f8a7e6aaabd0fa4ce1
-
Filesize
706B
MD567d266c578be2640625e47faeb529500
SHA1c96af532c9f706db2ccf28683fdd1e1f86d550d3
SHA256bc62c522332966da0ccba6ccfd5aa6d2052e6ca460bd3306a69a23f51ebedc35
SHA512fd6aa366805994a15f9d04920da601fc9de4dc91ca08304c509e01477a02d120c1752b89eae928ff5fc3929d82dff028438420b8b88e2ca21b291a8539c98b41
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d61c5148941987cba4db3694f753b1e3
SHA19125180412c6c8c981b5c26895945156acc8d807
SHA256be70814fac984e1b5e1640bd7118aceaa78593b5483b4f0817a4e2929c790476
SHA51254f47b70d7c1b6a9b74e59654bcd0077619f5fbdd1533b225f348b4731a3cffae1980e94e9f4bb78755e51ff58dea93a3df5ad8ac469ddee80903605dc547da8