Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
25/09/2024, 11:44
General
-
Target
http://go.microsoft.com/fwlink/?LinkId=521087
Malware Config
Signatures
-
Detected potential entity reuse from brand microsoft.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?LinkId=5210871⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdeab346f8,0x7ffdeab34708,0x7ffdeab347182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5440 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5336 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6616338972448451629,6799584502763378643,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ab8ce148cb7d44f709fb1c460d03e1b0
SHA144d15744015155f3e74580c93317e12d2cc0f859
SHA256014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4
-
Filesize
152B
MD538f59a47b777f2fc52088e96ffb2baaf
SHA1267224482588b41a96d813f6d9e9d924867062db
SHA25613569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA5124657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b
-
Filesize
64KB
MD52923c306256864061a11e426841fc44a
SHA1d9bb657845d502acd69a15a66f9e667ce9b68351
SHA2565bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa
SHA512f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea
-
Filesize
138KB
MD5154a6bd96b94c382c9c7ab1041df5bf0
SHA1ed61a1b099848a7f44f7595ba07dc8e85968a864
SHA256b8771e1c388025bb16ca4cac567c13f0e5bfa1e1ec3d15f48b77fd8b271d1b86
SHA512700197b31144e48a6d0813227db78347105cb279dcb753768b402154719b02b3874d02f016ecbe6035c2f0a2623633f7bd923d4019fc78ef1ae53f52d06777b8
-
Filesize
88KB
MD577e89b1c954303a8aa65ae10e18c1b51
SHA1e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73
SHA256069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953
SHA5125780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597
-
Filesize
3KB
MD55923873ac70526d472ddecdd830f9a90
SHA1e4c5383f1745cba4a7271238d3c8cf74eebc5381
SHA2560afed4924096185b447df9aaf459a8b36890130e7553468e3dfa084ba4778a43
SHA512fe844d470c969290d06896a87982598c380e23b0bbe56aad49ee15a6993bf1b075334deb23d1f3f9c9764d663705cec93b0c2f5b39d7a97c36fe216c68426451
-
Filesize
1KB
MD5859135f7a024abf4d06831c24d00bf0d
SHA1ca7440e8175d4f7ac2129cf485fcd0561d82d239
SHA2562e6eea3fc64da8b97383132a4ba6de37916d17be35c061817f6282e5b901ccf5
SHA512204d4479e229f607b59e210c580b53dd3745117233ab4b7549e9fb8b23731da1b99e461e4fe1359bd4026d49e9214d03068471ce953360f357f17c00e9014051
-
Filesize
1KB
MD541b57d9036dedf47706bcb3f4b85a272
SHA1d36873e1d6c91b3607b148b4e33713336727551a
SHA256a14b9b0223c893478621f40ba99366a06acc8ebed836224913713049ef5c0969
SHA5128a3a82fd2040682f50fc350eedc8c6043df36dbd39f42d1e2a38386a3f41bcad221115efea55838d6a79fac109bbf2883fc4b43a6f0d0181eec03213b7010ef4
-
Filesize
5KB
MD50eb94d669567f46610c3964821da95b1
SHA10c09336288f52ef7b5a4e6cc5c63e72b4282caed
SHA2564314caa0a3eb4e16ed347b7f6220f386ff6d94ad5dc7d105e66092f6507aa23e
SHA51235b6b00b930283c3863eb3f8c655691c22cb371ddd55750448b9c96084a77fb4c2440b3c42a8ad9c2a77ea650a4a05f6c52110a9a10cfd8d7a3b5330ade5bcba
-
Filesize
6KB
MD547061caf772abfcb1943aacd0c92b169
SHA133f37897ec7dd055488f230bdc65b16f588e3fb7
SHA256e977d917ccc0470756234c5e20797e8cad2d2883099b0c5aaf3e6a54b9e52997
SHA512e2fa3e8c7798171900d4a29650b3ca04c3a77c8f1488fc80c2ba4c685cc547dfc048bb7a589283f9935ef22f6f67714eb1745dfdd59384cee28ae03ccf678c12
-
Filesize
6KB
MD541a8576cb67aeb8a0c4bdc0ba2fde7ee
SHA12f1b526db1e41b5db2bc9a6b97c365e402f3b5a3
SHA256de828a4dabe468e5e6e91a59aa867b5e9abc815e08878fd9dd6dd33dc315ab5a
SHA5122bc4611641fbbd71cda6a23f7ee61544a5aac656e8ea174961e8223b91131c2c42e6511b590efee7e163f64e3487837e51d5e123a3b059867779065a78fa6bf0
-
Filesize
6KB
MD592291b03e846c99ac8f05da943362182
SHA1d4457448e5bb8622a2487c0bde714f89a6992c4f
SHA2563cbf5bc141f7140f9d628dd4863513dfd7eff1a40502f68b0ebf680a9a600c34
SHA5124372f7c381c07f727cae21c526e77312b19bfb616c93418d9397fd437e8af7ae2a2dbdf0f36ed62339947dffbd002d08afc992c4fa9ead03b6ebef189788b5d6
-
Filesize
869B
MD5cce529c407eb6ad092a417f30f3c2115
SHA143dafcf5a61fa6bc55995f1a24e0afbc90340a30
SHA256137e2e5dc6532e98ccfd973cc1e9b8fd95bfdd2107b716dde14a1abcb205a2d9
SHA512bcfbf1f8321aeeb2fa20557596abbed9c0855aad51ab05397a4b3c9cfe1deb748f19826fa3bfb07e04cbfb457f87ef953ba733133e4fbae8a2925f770da836b6
-
Filesize
1KB
MD5b0b72e1a7254b2a3c4a0d795d71532c7
SHA1b95879b10b008b1ed37229be04941c6000195b3b
SHA256602a56e8f6253614147dff11fc65541eabffdfaab520d2a36beae624cfeaa2dc
SHA51231e293a43d4182670db99b51c1951446a630970370de0f8f47f0ac5fcf480f7fda167c17bb18a45bb0fde51273743583c66cab61688e606c4d9fd90eed48d874
-
Filesize
1KB
MD5b5f68108ded9ee08ba43a3ca18edcfa7
SHA1770a88564a9f1bf0a6810eb254d1bb93cc289012
SHA2565f2bfe302b989ce35b4b6e7e8f07d480f798376091935b028458cb0f701ac079
SHA512288bf99202a454c5469e1b51cc28dbb5ddbc70ab69ecf1b370732c523ef13ffa232edc0d42208e4a4e9fc1b444c418b328847da94381e1b7363e2d1856b413ac
-
Filesize
534B
MD573f897be7b1667261571b9f651f07cf6
SHA1427097f0bbf6a049e6b3e46c1a0161b173716eaa
SHA256b03c61da01d4889ce6ea1ff264d8e34a594c5b2097d361c768d0b38fce98613a
SHA512f0bd5307fb7274fded4a1276845b9dd95d94cbefda524469266bf314328020852ad50bc633556ce6a57bb4a9d0aa441bbf8d333a201ba5b76c38ffe80b0fe12e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5162ef9c9165b82b306e232057299aada
SHA1c9822c02312966401a4711bb3220cf1fb3df2cd9
SHA25601d08abb0f62e7e1617fab2c32975310b5c2616abca720666f2e0cfe89d1ffb3
SHA51216b3d2c0d30b4114bd8347e999e2e4dc1140d51a70eaf6d8110145acb38b46baf4eb560a79361856a2f3c48e55c188ba3ea5c1c97b4bd65fe040c06337997ab7