Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
17s -
max time network
17s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
14/09/2024, 05:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://flappybirdgame.github.io/
Resource
win10v2004-20240802-en
General
-
Target
https://flappybirdgame.github.io/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2904 msedge.exe 2904 msedge.exe 3324 msedge.exe 3324 msedge.exe 5308 identity_helper.exe 5308 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4284 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4284 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe -
Suspicious use of SendNotifyMessage 26 IoCs
pid Process 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe 3324 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3324 wrote to memory of 3244 3324 msedge.exe 83 PID 3324 wrote to memory of 3244 3324 msedge.exe 83 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2148 3324 msedge.exe 84 PID 3324 wrote to memory of 2904 3324 msedge.exe 85 PID 3324 wrote to memory of 2904 3324 msedge.exe 85 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86 PID 3324 wrote to memory of 4120 3324 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flappybirdgame.github.io/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3324 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffe8dff46f8,0x7ffe8dff4708,0x7ffe8dff47182⤵PID:3244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13897210865375933754,14778051757325693150,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:2148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13897210865375933754,14778051757325693150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13897210865375933754,14778051757325693150,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:4120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13897210865375933754,14778051757325693150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:3816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13897210865375933754,14778051757325693150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13897210865375933754,14778051757325693150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,13897210865375933754,14778051757325693150,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5436 /prefetch:82⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13897210865375933754,14778051757325693150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵PID:3044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13897210865375933754,14778051757325693150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:1016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13897210865375933754,14778051757325693150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13897210865375933754,14778051757325693150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:12⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13897210865375933754,14778051757325693150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13897210865375933754,14778051757325693150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7008 /prefetch:82⤵PID:5144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13897210865375933754,14778051757325693150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7008 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5308
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3320
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2696
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2ec 0x5101⤵
- Suspicious use of AdjustPrivilegeToken
PID:4284
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
Filesize
16KB
MD59c6b5ce6b3452e98573e6409c34dd73c
SHA1de607fadef62e36945a409a838eb8fc36d819b42
SHA256cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA5124cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7
-
Filesize
5KB
MD57e3c7997ee8397c335ec973076a57763
SHA1f7718a294b952764aaca8a65712f42e4c90d40cd
SHA256c956cd7efdfc678ca37baf092030900bc135c17cc8e8a1b3270d69795902ff5a
SHA51211fdc4e1fcb1dcb83683e4b9a4ef653097cbe39f0a599d39be48b9c641f36740b6cbdb9f2ae91a60cf01591ed6266cff57b59b55161586bfd3d9f269c5bbce25
-
Filesize
8KB
MD5a35151fcc55e91e58d20a332ed40b46f
SHA1471726ab7eb0f891bb71fe391ede4871ee9fe83f
SHA256a09a7bf90031362059029d47562242a518daa56b472cf20f9d8093fd0ea5fde1
SHA512dc552a592c92e8eed2eed7198aa92f8cf8aa7b64a52aa7ef9deb9f2248ef94f2805ba76c443a4a6bed63303c542316018a738af690ce3066fc2b84c8f9853e76
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD573f704da8ea3611d4cc9acc63f51f5e8
SHA10a48d30093443df54af2f3752098115039b6b861
SHA25608dded65623a0fa7e29c01d1f65e9135e389bfcd501dca210cb10edfdfd3711c
SHA5120eacb078a9897a5b27f9184bdd241dfa663afbd5a8f203a74d22b7581980416236f2e3bc78bcacc8e208595fff09727add54871bad487d5ea3715a94ad58587b