Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

_HR Travsp...1).eml

windows7-x64

5

_HR Travsp...1).eml

windows10-2004-x64

3

email-html-2.html

windows7-x64

3

email-html-2.html

windows10-2004-x64

3

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    410s
  • max time network
    428s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/09/2024, 13:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    email-html-2.html

  • Size

    15KB

  • MD5

    b0483dbe488701b048359c32a95f2398

  • SHA1

    2347aaf295077b06770bde6b8446399e7a55e26f

  • SHA256

    1be2231696aecfdba12d53beef07c39b91f6cdcbe6c84be6de698ca63ad99d5a

  • SHA512

    ef1d60436086352bbd12c6bef61231e0d0bdb0078e633d9b81bdace8f420d1ba94bf82f890eb21c2ea46227386da639a4fc49bca8f020269851ae8e652fa80ef

  • SSDEEP

    192:EekRoKaxx2PUx2Sx2Bx23Bx2QGx2gBx27/TF3l:RkHs7BmOTcPTul

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1588
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdcac46f8,0x7fffdcac4708,0x7fffdcac4718
      2⤵
        PID:4876
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,13086416094304276371,325428839217665194,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
        2⤵
          PID:3076
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,13086416094304276371,325428839217665194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:684
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,13086416094304276371,325428839217665194,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
          2⤵
            PID:2028
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13086416094304276371,325428839217665194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
            2⤵
              PID:3244
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13086416094304276371,325428839217665194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
              2⤵
                PID:4764
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,13086416094304276371,325428839217665194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
                2⤵
                  PID:4484
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,13086416094304276371,325428839217665194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3876
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13086416094304276371,325428839217665194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
                  2⤵
                    PID:3472
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13086416094304276371,325428839217665194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
                    2⤵
                      PID:4276
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13086416094304276371,325428839217665194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                      2⤵
                        PID:4384
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13086416094304276371,325428839217665194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                        2⤵
                          PID:4548
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13086416094304276371,325428839217665194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
                          2⤵
                            PID:4892
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13086416094304276371,325428839217665194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
                            2⤵
                              PID:4860
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2588
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3928

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                eeaa8087eba2f63f31e599f6a7b46ef4

                                SHA1

                                f639519deee0766a39cfe258d2ac48e3a9d5ac03

                                SHA256

                                50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

                                SHA512

                                eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                b9569e123772ae290f9bac07e0d31748

                                SHA1

                                5806ed9b301d4178a959b26d7b7ccf2c0abc6741

                                SHA256

                                20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

                                SHA512

                                cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
                                Filesize

                                264KB

                                MD5

                                aa63b907916c7d07e80eec271572a7d5

                                SHA1

                                a7c3726e26df3ab0b917d161d824c0a809c805b3

                                SHA256

                                f232914ab6db275a4275ec11fcd018ce8b986da2f7878975241a3aa1fbe57bd7

                                SHA512

                                94f863daf3e6d181ec3a418309dace4a708555980ab0fbfd99d85592c11014318e8853d99e8ed71ace1a1bd6bd1015ddb44416a3570102d61d2435befd75544d

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                9dad3b2fe95ba54aa9f7ffd242c22ace

                                SHA1

                                8b92c2892a3c102f5b2dc43b7d70eaa62178b9d4

                                SHA256

                                87b8b3986abed1e6a092ffbe6561a84d8a9e68fcfbbd0b486d7293294e6ea517

                                SHA512

                                2cb4da2fd45fa056220a5d1ee7427009b21eb98ba9ebf2e119c0cd4978fe02fd62a93a430c92eec5a7c8f1bb3e7a1740085a65d523d4d60bee54ff8d1dfbee15

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                08e7df0581b47fd095f3947bfd3d6e45

                                SHA1

                                bbfecf7630aad9d02aba4d4f1e155c3d21a9511a

                                SHA256

                                5716cdfdeb66823085eceb03c2616d7687dbd002fe06f6e8a0731174990baea9

                                SHA512

                                e946ee1a121046a4c1de86ee990f47d7dd04e90fc72cd074f5ed24d60e98170c1e57a0230adf3ae377704509383be77df47d1c5eca03b1681d51a971690f946b

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                035ed07b2c2185487bd110540e03bf7d

                                SHA1

                                dcbc17fb4a4b8f6aa2096c9b67765787c166cbff

                                SHA256

                                be9f7fb41b384102ad0c060159d79920b1acc8143ff96ddfa1109a58a869efcf

                                SHA512

                                ae4417ec1a8cae8c7fe0cbd48daadfe30812698b135ac63d758412bb0d7f259396845c9901ff15a4751adc58c4c1d97a34af586ccd22c79c1ad795d606a7f293

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                11KB

                                MD5

                                3c068f12de3df90444148b7ec6221add

                                SHA1

                                25e100d4e02be5309cdd1c7183b2d55f1992a373

                                SHA256

                                08c50f4c0a0f53b08866e8700e079c1e5999c2f83f3053ba86b804d23cec94fe

                                SHA512

                                f23f0889c62df9cae2520ed0d6376f392a09e638b2665132d2078066186e6a9f99d3b822c206368cc0f6fc0c7ebb1eddb3a8f19672ee104e5fed414f1d98a20e

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                10KB

                                MD5

                                128fe792378022c5bb75cc72a5c558ef

                                SHA1

                                38ed3e41368ca7b108b9ea58caad735adbc2a9cb

                                SHA256

                                eca97c8c4c8a12ed34231dde4ae4d46785e071f171cc3f4a0dd1ce32a2479fad

                                SHA512

                                2a35fe4443a7b42da5eb802ba37d7a462fde4fd81badd24ddd4926458e0b8e35586c01786972a410ebdb261add81f9d66b9c8066708a71fbc8b158a3f221df50

                                Download Submit