Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

redirect.html

windows10-2004-x64

Resubmissions

28/09/2024, 17:49

240928-wd2pla1cre 4

28/09/2024, 17:48

240928-wdn4ha1cph 4

28/09/2024, 17:47

240928-wcyasayapr 6

28/09/2024, 17:47

240928-wct85ayapp 1

28/09/2024, 17:46

240928-wcpnms1cma 1

28/09/2024, 17:46

240928-wck1fs1cld 1

28/09/2024, 17:46

240928-wca59ayanj 1

28/09/2024, 17:45

240928-wb28cayalq 1

28/09/2024, 17:45

240928-wbt7qs1cjc 1

Analysis

  • max time kernel
    51s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/09/2024, 17:47

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    redirect.html

  • Size

    6KB

  • MD5

    6128e2da322af8a3562db916755b2bfd

  • SHA1

    eec78e14b2cb67c03f760faa021a2910347b37f4

  • SHA256

    3e69556870577730f7ab51f65b03e99cba32a0cd9edda179135a59c11a1ef9eb

  • SHA512

    8b12e9cbaa28bc2260fa6fe6a921b21c2ac597794d68dc137d057eadad2c3c46ebfd8f0ef468a7150bc0d85645cfdf0cfe461464b54be7ef5cdaa4c416b4bd37

  • SSDEEP

    192:dTHLxX7777/77QF7LyrN0Lod4BYCIkaOQX26:dTr5HY40+CIkaOQXL

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\redirect.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc457746f8,0x7ffc45774708,0x7ffc45774718
      2⤵
        PID:1424
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
        2⤵
          PID:2592
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2988
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
          2⤵
            PID:1092
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
            2⤵
              PID:4748
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              2⤵
                PID:4940
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
                2⤵
                  PID:3500
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
                  2⤵
                    PID:4396
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3304
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
                    2⤵
                      PID:4420
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
                      2⤵
                        PID:4788
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                        2⤵
                          PID:1680
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
                          2⤵
                            PID:2348
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5980 /prefetch:8
                            2⤵
                              PID:4760
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
                              2⤵
                                PID:384
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,8523347837465611910,1659094514874148363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:980
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2464
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4468
                                • C:\Windows\system32\LogonUI.exe
                                  "LogonUI.exe" /flags:0x4 /state0:0xa394d855 /state1:0x41c64e6d
                                  1⤵
                                  • Modifies data under HKEY_USERS
                                  • Suspicious use of SetWindowsHookEx
                                  PID:4740

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  f9664c896e19205022c094d725f820b6

                                  SHA1

                                  f8f1baf648df755ba64b412d512446baf88c0184

                                  SHA256

                                  7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

                                  SHA512

                                  3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  847d47008dbea51cb1732d54861ba9c9

                                  SHA1

                                  f2099242027dccb88d6f05760b57f7c89d926c0d

                                  SHA256

                                  10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

                                  SHA512

                                  bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  2KB

                                  MD5

                                  914a7e288b24dafcb9b79faa89903022

                                  SHA1

                                  b18cd1ff36a2e29c48ccf1620191646678fe3834

                                  SHA256

                                  72aedc1cd6bd6b5a385ba8da3609dded3664ad19b53b3d04841ce5b0561bf4cd

                                  SHA512

                                  09e743c9ee9e37cb301f1cb4651f064a2ac13ffc7c4a9ada2ba83445589583110ab5b8555ca4fec6b6a4295a745d8f8a4b8c0eaa8fcb9c922376a55fb003c662

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  111B

                                  MD5

                                  807419ca9a4734feaf8d8563a003b048

                                  SHA1

                                  a723c7d60a65886ffa068711f1e900ccc85922a6

                                  SHA256

                                  aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                  SHA512

                                  f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  fcfeb5c6268cc308c643faa4b3387b20

                                  SHA1

                                  405d4417cfbb8c7ffd810c4aff457898fb74a170

                                  SHA256

                                  862d47694cabae9337021b27008e6dec5e32f4fa869f68740bd9836b5f98d63d

                                  SHA512

                                  2574b5df74982fbbc110f651582ce6927da9d6e08ce13c0653d38a840d0d81a68b700b2ec21f24122ac09eb707ece6d024fd7aa546ace681e7076f29ea1a7d78

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  8aad88fc62a2bd079f172a1fbc307a96

                                  SHA1

                                  b141f39db72b21851e5164a3ffdd97604ad70efb

                                  SHA256

                                  67a1e334a1ce13555ad6cdd5f9b82b6c84770bb85019d7b76eb0c362e56aa00c

                                  SHA512

                                  98089c4eb28641f5da395312c35a44597758b356b6f64589824244349d363457020d5d4c0949158260ac92a3d837917b293277b90796ad1eca61d2aa4dfc8cc9

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  2f533881a661476560f027a0c5fbebae

                                  SHA1

                                  402c47cc0d0ba95a520c9990c13bed52fc18434a

                                  SHA256

                                  02c522405059d4990c40f90cfbfe7bb9751e40d5098b2f40387b91681c5c7455

                                  SHA512

                                  019332224dc68d91b423eeb7f0142a4fe083911e06158130cb8f7f1f4b4bbe0c4c3bf072b28d7e3bc6d8049e587c41fcfde1f66742b350ba77a0c0d8670b715e

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  d9fe77aef205959d80b3448fffac2e7d

                                  SHA1

                                  6b17b4603fdb385aeffebe2d60b245b7280dd380

                                  SHA256

                                  f3719d109e198b88a5de00096197ffe8ad6c81c86e807cb18e4d424d99514e5e

                                  SHA512

                                  9c565d5ac686e5b1746e66bf55a944c4f01359ff81559b6d03a2563c5f61854d928a1af682779acdb41268a4be9fc8aef0f4d4a28cabeff02781788094b1241a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                  Filesize

                                  1KB

                                  MD5

                                  121a4c7ab8de02db76898ef529f6018d

                                  SHA1

                                  ff0259d548116b7e5a88adc2162059e5fb047409

                                  SHA256

                                  81c2626da404ff75b344d70cd2e80b1d11fd372fdf72400bcf6def1998560360

                                  SHA512

                                  42d86a04389b76fa7a794b4b940c0c1f0ea9380e41c41a92458e57d4f0c846b59262a9cf6135518c6f1448391e28605f5ea5fbd7b8a1a7fd29c80b41546aa39d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d513.TMP
                                  Filesize

                                  874B

                                  MD5

                                  fefdd956d62a6a748b21fa0fb065409c

                                  SHA1

                                  8e67d676c6f153a5858298f97eb4abd7bceb8c25

                                  SHA256

                                  72403cedb0a555ce74e6c2292c6a89ba264649eed29297991597f14aeadf5966

                                  SHA512

                                  8b19b389771d193e3e5a79a0bae6cbb7c74f5e313c8f7863306d488c9503e70a296f4be354bf85417fe63dc3bf2cc7b505483f4b1becfd64e55a1b3b3591b864

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  ef1ef24b900c21ea41cccd424176e5df

                                  SHA1

                                  3f6bfdbe20ccfa645f2ad76e265bdd69e60b9911

                                  SHA256

                                  36d793622b56ee3b7cb037634cc32cb909ee08e7ca9afbad4576588814f6a9f5

                                  SHA512

                                  7b2b796fda757cc2b2eebe4f87f53e32ef18af29d9a6c631423b8d7d1fe96542b0eb093639ca3ef1bfb527904b4790042e11ff79632450bbf195d5a840667463

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  3cb09d2c62ce5b2c95f8e2063cd3daaa

                                  SHA1

                                  f43378abd60f0a88b32810e1a5d304aa4f238ecb

                                  SHA256

                                  ac33ce5aa2b78d495a1d2f3bc16905d376a01ac004b456e81a8fc08dc9f71f9b

                                  SHA512

                                  625dee275613f701c7abdf7c728da3f283f18799c69becfd624d5fb6785ca6c9c723f7e18636641fad0399d1eb163aec5250481b814821f604b131ce6bb5a45a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  6fe20f6d2062767a29091573cd94fac5

                                  SHA1

                                  217637516ea0b8ed732f029140113823d64e8c05

                                  SHA256

                                  b98aa39653c80185738270e3bc1d75ebca73cc5c7820f10dcf6928e837585f5d

                                  SHA512

                                  5039daea40c85e9978ea7c5500516dbd383829bac04b358445d6f80cb4d95a9cfa525c89d8095d8965d843a189cd69e28958f669e2d50a43bcd039b2cdc2c194

                                  Download Submit

                                • C:\Users\Admin\Downloads\NotScaryFile.rar
                                  Filesize

                                  15.0MB

                                  MD5

                                  b8bf0843ebe241b26bed3860c60efc73

                                  SHA1

                                  1aac5609f43d051c6681f3baebca971a8338085d

                                  SHA256

                                  f9b46e6d9b70e52141aaa716168e8209f093a979d52b388db85d9cc34f604997

                                  SHA512

                                  f697109bffa8f9339cd5ab637276203712996cab94d13de0eb160822bf9ddabdf48c5603b67b0718c7571421ea2c39bc78ce5ef875db5d71cf923ace99ddfa4a

                                  Download Submit