Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
17/10/2024, 18:49
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://lekarzebezkolejki.pl
Resource
win10v2004-20241007-en
General
-
Target
http://lekarzebezkolejki.pl
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3980 msedge.exe 3980 msedge.exe 5008 msedge.exe 5008 msedge.exe 3056 identity_helper.exe 3056 identity_helper.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5008 wrote to memory of 3948 5008 msedge.exe 84 PID 5008 wrote to memory of 3948 5008 msedge.exe 84 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 1836 5008 msedge.exe 85 PID 5008 wrote to memory of 3980 5008 msedge.exe 86 PID 5008 wrote to memory of 3980 5008 msedge.exe 86 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87 PID 5008 wrote to memory of 4028 5008 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://lekarzebezkolejki.pl1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e48d46f8,0x7ff9e48d4708,0x7ff9e48d47182⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8849030319857198957,99794676623485173,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:1836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8849030319857198957,99794676623485173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8849030319857198957,99794676623485173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:82⤵PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8849030319857198957,99794676623485173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8849030319857198957,99794676623485173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:3584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8849030319857198957,99794676623485173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8849030319857198957,99794676623485173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:82⤵PID:716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8849030319857198957,99794676623485173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8849030319857198957,99794676623485173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵PID:3712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8849030319857198957,99794676623485173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8849030319857198957,99794676623485173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8849030319857198957,99794676623485173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8849030319857198957,99794676623485173,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4788
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3236
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1376
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD5ad373c13d6a96f50b9e2e160768d6aad
SHA10a4b82e02fe53f86459cefbb1f45c5793acdbed8
SHA2568e73ea3e48935f96789530a7dd93c563a6c2a9b8c3d57e61f6991272fb3f4785
SHA51202467ff17522adc52c9424de3930c5657f3f439b0e7fbb1041194f399073e8fd20adc37f80d5ed16d7c25bfc3524f24288ae77cc6307dc1f57b3ee5ff3fecf84
-
Filesize
1KB
MD559e4b66598553bc14467db6ab13158d0
SHA1c8dbf63d673d3dc4addc175be101a18439d5e6ea
SHA25619e92adfd8f5bd074c21a84da34cab1f26d2fbf60675677bca8d297126935fb1
SHA512f9e711ab43090266e3771e40e1ee491cc41907380afce0f338df0864a2e982a5abc9b471bb92c2cbe162c08d9766342b7323f548f3b4e67abc01be014707bcbe
-
Filesize
5KB
MD56c71a290f84c12d0ffba6f6c77a64535
SHA1f1d476a9504cc10a0ef4de5314dfd2460f7db022
SHA25666d83e7298daef13276536d2421e9e130adb0fbb5922e900c8c50db8f67c289c
SHA5129643cde32c7f45a21cae1bb4254cbc5fb1b9fd214b18187fa6450a5d03d4a51fd5f62e69772658eab6b939c5c4a5ea45ba7b750a692f6d091d4d5dbf62d7da6c
-
Filesize
6KB
MD5620c4248360daa73f3c3613ec566d5cc
SHA1b6983a938dd686ce11d4482af25e7e60015288ec
SHA256e8c4a94c0592139a775d24efe61f3180133f525a1cff2dbed0d114a04752e764
SHA512664f0c324e6f15c172c4a60836dd439a408d3eefa92694d732d54e345bf8b6288dde44e792dd01591acb10b8375f3af5befd0a74c0b6a541d9f638974a0de55c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5fc2f51028cc03ae9cea9469453add777
SHA13c3a2e9305fd35e296b9753a3ff0b9dc2e48281f
SHA256e477cffe869ffe7bf1b67b4999db7c3045dff12baa5a8c8bd84e277a905e07ae
SHA512314797486859cbbffe0f576ce871863321121639550f0e75b7f198064b82ee358159fe16af42d971a67745a5d1b6536b101af3c2bf655c6aec84d702cdd7e157