Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/09/2024, 05:13
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240802-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
27461f4dd141e67e395a2c7bb3c68ed0
-
SHA1
169b184da6212708dd7462f08b7867c525864bf4
-
SHA256
7573e668cf6d6d5912da3106f67d042950baf420abc7cb03d62f090262659771
-
SHA512
30fba84450ed8ba738a502eca08b799f4ff60aea27b59bdceed7bebbb99e83dbd0b12ef6737376d2e223b339bd89c7936ee503d6b79e5e24764a060cef6bfa2e
-
SSDEEP
3072:SgwO8RvoBBRyfkMY+BES09JXAnyrZalI+YQ:SgwEUsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2120 msedge.exe 2120 msedge.exe 2964 msedge.exe 2964 msedge.exe 1732 msedge.exe 1732 msedge.exe 1732 msedge.exe 1732 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2964 msedge.exe 2964 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe 2964 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2964 wrote to memory of 880 2964 msedge.exe 82 PID 2964 wrote to memory of 880 2964 msedge.exe 82 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 892 2964 msedge.exe 83 PID 2964 wrote to memory of 2120 2964 msedge.exe 84 PID 2964 wrote to memory of 2120 2964 msedge.exe 84 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85 PID 2964 wrote to memory of 4268 2964 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2964 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a90f46f8,0x7ff9a90f4708,0x7ff9a90f47182⤵PID:880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1575287763409524567,15656389241393146999,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,1575287763409524567,15656389241393146999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,1575287763409524567,15656389241393146999,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:82⤵PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1575287763409524567,15656389241393146999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1575287763409524567,15656389241393146999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1575287763409524567,15656389241393146999,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1732
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:368
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1664
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
Filesize
5KB
MD58259e854ef6bdad3bd5c3a596ef7a253
SHA13a25422fa3a72bcf9dba873e768968310968a812
SHA2561787f3c01ee830c4f9484b742715314fb74282fd8e9cd99f81494949ebc59e74
SHA512bc634a9ee393ebf6e3ca4c811419a85a45e4d6ce8cffc18b78945f1cf2d1560aed1e7e861f922573536ef5eb083c0fa83dfa6acf9afe5f49b26e723a1024fe1c
-
Filesize
6KB
MD50c460070d5f284c7ec8c0eecd55e4981
SHA181ec91a3b26aa629128d2e71f1287a570604a804
SHA2562d2f827bb16af03c120f3100099687459adf19b1f67c369812ee1d59a3c4e467
SHA51257f32123257698d4f696d2e86fc1d79f52b1577cd1f82271e879fd6baba50a6866d27691563aadf4cbc30ab5ecf6351e6a49058c63e1bf1d26c4d259330e863c
-
Filesize
10KB
MD582a4d5bdecc8e9a38e3a0fc544dcbaba
SHA14cc2b7797f78e2eea51548d84590068dbb9f96ea
SHA256d5d005b51fadbde8a793d9bb02ee3ca918edad5c224972b77d49608e2fc45ceb
SHA5120b080170ff47246123e2ed95e1361ddfc2cde2e26b02263c454f1260726f99e11cf429b3f3ea65d3bee0ea8ed0996abd838f5f345eff2aaa12d609352c981df4