Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
112s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
10/10/2024, 01:52
Static task
static1
Behavioral task
behavioral1
Sample
f0d88627fab31d35cdff51e9d405c6af5e1311c0f87d07cde176284250543e2cN.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f0d88627fab31d35cdff51e9d405c6af5e1311c0f87d07cde176284250543e2cN.html
Resource
win10v2004-20241007-en
General
-
Target
f0d88627fab31d35cdff51e9d405c6af5e1311c0f87d07cde176284250543e2cN.html
-
Size
123KB
-
MD5
d84bfdb33dc981a4f0a6a8e71f7c8e30
-
SHA1
93051f545ba58cfbd345c49645d47e1f8b978c5d
-
SHA256
f0d88627fab31d35cdff51e9d405c6af5e1311c0f87d07cde176284250543e2c
-
SHA512
2802a63bc287979014e0b3dfd59780d2933e70b3c050b2d927197fed912cfc133f08ce4b9e146c36b09295591b4d87a97a23efdf67a4135e2976d998870fbc30
-
SSDEEP
3072:y9+BeoYnTMEAZEA8CQ8O+363gh8QOfnQeqc1:y96eoYQicYgh8QOfnQe3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1804 msedge.exe 1804 msedge.exe 736 msedge.exe 736 msedge.exe 4948 identity_helper.exe 4948 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 736 wrote to memory of 4344 736 msedge.exe 83 PID 736 wrote to memory of 4344 736 msedge.exe 83 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 3748 736 msedge.exe 84 PID 736 wrote to memory of 1804 736 msedge.exe 85 PID 736 wrote to memory of 1804 736 msedge.exe 85 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86 PID 736 wrote to memory of 4376 736 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f0d88627fab31d35cdff51e9d405c6af5e1311c0f87d07cde176284250543e2cN.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:736 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffded3046f8,0x7ffded304708,0x7ffded3047182⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,105844277924189129,2217557775456745802,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:3748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,105844277924189129,2217557775456745802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,105844277924189129,2217557775456745802,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,105844277924189129,2217557775456745802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,105844277924189129,2217557775456745802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,105844277924189129,2217557775456745802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:82⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,105844277924189129,2217557775456745802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,105844277924189129,2217557775456745802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,105844277924189129,2217557775456745802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,105844277924189129,2217557775456745802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:12⤵PID:2836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,105844277924189129,2217557775456745802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:636
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2024
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2224
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
Filesize
2KB
MD590873cb7c895cd60a779b4f9b4d8d3a6
SHA1702eba9bdd5303fb1083f321b58ded37d928cb9b
SHA256b761e279ce1fff3882d661d3f9228069d10bb03306114a31e37780321a9ae14a
SHA512e75b1510d20f2b95dd60f89e19d98dfcec6eb036d3c1f0de8d3439916950b608d3902946bc4c2c1ed0c20ee74e6fdf0c413ca1db71ea3b7072f8257b9425c0f3
-
Filesize
6KB
MD5d93242f58aaf7024aa785d05aee44b1e
SHA120f9b3954894c647fa03548cbce517550d28cc75
SHA256b9c0473c32d9f44c2b378a8f1a328c9e2aad12cd6adb436e8319742dedbf8c55
SHA512e53818aad230e080b55f6e7990e21b2a947cecac4ca9095381a999cc605a9f84c70201c5b8707d59bd3980ac50c454bdede3d5109ef6728b36cff57000c1950c
-
Filesize
6KB
MD5458336a1338e277348d011ade277454f
SHA102482376a81188d0ff3af583093750673a057401
SHA25686c92120564bad264857a81cbe8c8101019bcc29a5c5a9117863cec8c9ebd549
SHA51297d68fc4bc516ad1021b204e7cbed16c2acc0681ca7909fe1ed3f0a19ab5a15109f8180ed872b2be63ff186d9426cdd03c1d2fa328bca76c792090828f2b12d7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD50b8b06108e6d4c613e164227bd0b9aff
SHA124cfa1e1af9563cc9e28e2a2576ef51b4a6e3d45
SHA256ab3ff60c534063e71f605b8e702201400e1984208256e72ece826c16e5b62142
SHA5126b183dd267adb429540148754038f6a687a742a456fe48f9f6b7c7e6f54b592b995193f004e9a970052c34eb32487f5d2b9b31d5a491d782c637a49fc422c7c4