Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
240s -
max time network
279s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
01/10/2024, 09:16
Static task
static1
Behavioral task
behavioral1
Sample
OEBPS/Prov9789132163562Pojkenirandigpyjamas-1.html
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
OEBPS/Prov9789132163562Pojkenirandigpyjamas-2.html
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
OEBPS/Prov9789132163562Pojkenirandigpyjamas-3.html
Resource
win11-20240802-en
Behavioral task
behavioral4
Sample
OEBPS/Prov9789132163562Pojkenirandigpyjamas-4.html
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
OEBPS/Prov9789132163562Pojkenirandigpyjamas-5.html
Resource
win11-20240802-en
Behavioral task
behavioral6
Sample
OEBPS/Prov9789132163562Pojkenirandigpyjamas.html
Resource
win11-20240802-en
General
-
Target
OEBPS/Prov9789132163562Pojkenirandigpyjamas-2.html
-
Size
1KB
-
MD5
cb60dc42c367365fadf2743f5abfd0e6
-
SHA1
643608a731e3e994e339175c942b3916f1028efc
-
SHA256
d2780351ab4feb4de769ce51bced57d60953b49ae59c0c12f7b92a2807b0d95e
-
SHA512
5365774d356e46984c416119366506cf5c2e57070fa767ca733989665b2d4d3948f1bbfd4a861b79e2d6ba72b57519b9a3ac8ef78bb932abbd4f34b5cf52770c
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4772 msedge.exe 4772 msedge.exe 744 msedge.exe 744 msedge.exe 4080 msedge.exe 4080 msedge.exe 2320 identity_helper.exe 2320 identity_helper.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 744 wrote to memory of 4956 744 msedge.exe 79 PID 744 wrote to memory of 4956 744 msedge.exe 79 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 3340 744 msedge.exe 80 PID 744 wrote to memory of 4772 744 msedge.exe 81 PID 744 wrote to memory of 4772 744 msedge.exe 81 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82 PID 744 wrote to memory of 2296 744 msedge.exe 82
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\OEBPS\Prov9789132163562Pojkenirandigpyjamas-2.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:744 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe42c73cb8,0x7ffe42c73cc8,0x7ffe42c73cd82⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,1881627462677819643,17184936165126814363,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:22⤵PID:3340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,1881627462677819643,17184936165126814363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,1881627462677819643,17184936165126814363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:82⤵PID:2296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1881627462677819643,17184936165126814363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:12⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1881627462677819643,17184936165126814363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:12⤵PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,1881627462677819643,17184936165126814363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,1881627462677819643,17184936165126814363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1881627462677819643,17184936165126814363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:12⤵PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1881627462677819643,17184936165126814363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1881627462677819643,17184936165126814363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1881627462677819643,17184936165126814363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵PID:332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,1881627462677819643,17184936165126814363,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3576 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3876
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3152
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2788
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b4ae6009e2df12ce252d03722e8f4288
SHA144de96f65d69cbae416767040f887f68f8035928
SHA2567778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d
SHA512bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1
-
Filesize
152B
MD54bf4b59c3deb1688a480f8e56aab059d
SHA1612c83e7027b3bfb0e9d2c9efad43c5318e731bb
SHA256867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82
SHA5122ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9
-
Filesize
5KB
MD54a1d1e7dbe4cb751c6301266030161ca
SHA1a18a5dd38bd18020705cf4c4b0a1c90422e0522e
SHA256514f033d9357cc853224ffbb90c6128129b1469d1d4811f411c4529015137a31
SHA512c845ce4a4fbf9a52d0bfb5ff28422958805b68a2dac5a69e8f229df48dd426fbc4d539441ef40a71f100f2efe231783f1819b8ff445d670e435f3dcf873f4f21
-
Filesize
5KB
MD563c20df7359c3961d2d5610b9a6aaa4f
SHA15a450b7b0ec9dd5b4461c73d89b3475d3086cd3a
SHA2563e11edb59eba5e98b4de21b08c05f488f7a09d16bbe82a42f8a465cdbc4c7751
SHA51203353ee305dbf2e488a865f046c4a6cb1e23b49a031b4d34a4c8a7cb3776ec053d15525f752ba682cf7c10742103685c594e734487bf6fb4bcca2e08442ba4cd
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5eb64baa3522a7414492997554f933eda
SHA147e56ed2db93e93957dd52c4f71c38dcbeab7448
SHA256153462d648dea6bc2c0a1c96977cbdf7e2f3ecfe342cb914fc5cc9e05395a74d
SHA5128809c8ac0e90de8b3b4ca7868e200a4ab54b5b28c3230128268049e62db13d48edb00b2cc146339e195fd62794757b8fbe967aa2a61a41642837fd6e73f2b9c1