Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

URLScan

urlscan

1

http://safrareal.com...

windows10-2004-x64

5

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/11/2024, 09:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://safrareal.com.br/yoya/v40xkxvchmuwrr0rvtfwek2sltriwjqgpmez7/Y2JlcmdlckBleGNlbGxpdW0tc2VydmljZXMubHU=$

Score
5/10
microsoftdiscoveryphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand MICROSOFT.
    phishingmicrosoft
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://safrareal.com.br/yoya/v40xkxvchmuwrr0rvtfwek2sltriwjqgpmez7/Y2JlcmdlckBleGNlbGxpdW0tc2VydmljZXMubHU=$
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5024
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3e8846f8,0x7ffa3e884708,0x7ffa3e884718
      2⤵
        PID:1512
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,17570175928915421221,7935256824154833964,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
        2⤵
          PID:3024
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,17570175928915421221,7935256824154833964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3452
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,17570175928915421221,7935256824154833964,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
          2⤵
            PID:1648
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17570175928915421221,7935256824154833964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
            2⤵
              PID:2284
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17570175928915421221,7935256824154833964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:4448
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17570175928915421221,7935256824154833964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
                2⤵
                  PID:3096
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,17570175928915421221,7935256824154833964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
                  2⤵
                    PID:3916
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,17570175928915421221,7935256824154833964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3408
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17570175928915421221,7935256824154833964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
                    2⤵
                      PID:5088
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17570175928915421221,7935256824154833964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                      2⤵
                        PID:4068
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17570175928915421221,7935256824154833964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
                        2⤵
                          PID:1812
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17570175928915421221,7935256824154833964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
                          2⤵
                            PID:4772
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,17570175928915421221,7935256824154833964,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5588 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2148
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4340
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4248

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              b8880802fc2bb880a7a869faa01315b0

                              SHA1

                              51d1a3fa2c272f094515675d82150bfce08ee8d3

                              SHA256

                              467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

                              SHA512

                              e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              ba6ef346187b40694d493da98d5da979

                              SHA1

                              643c15bec043f8673943885199bb06cd1652ee37

                              SHA256

                              d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

                              SHA512

                              2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              192B

                              MD5

                              55026d738a7fb2f2128f1efd3ce57388

                              SHA1

                              32b4df2e9a890a20a82ab7a518d211fe6f4fb9cb

                              SHA256

                              db67c6fa425c3b33ed52a6150abcbe150b517f4e2fb4ddabf25e49a363ba923a

                              SHA512

                              d56f0e001301e7efb06fe1372bc8357ce827129f494e3590b498170f1c8d2b7ef6251014a7fe4cc69a0a3ca1abf7fd9407c430897d5f669baeb783315d4732eb

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              297B

                              MD5

                              abb5b3df4adae386d28ff4db55021767

                              SHA1

                              711b1508aadd6e9e41de7d23ae2cfcef2833944c

                              SHA256

                              ca95bf76672deacd6c03a1512b3d8d0abcdb6392d5fca45f0257b79dbbf437ce

                              SHA512

                              717e1976024d7ff8242b1c24a755c7b10a751951bb6bec96e0741e2b682447bd7542cd1cb2b71ec5f3a04b2318ec1fc7796c5efef0ccf7d6fd9ddd8f1f89dd32

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              111B

                              MD5

                              807419ca9a4734feaf8d8563a003b048

                              SHA1

                              a723c7d60a65886ffa068711f1e900ccc85922a6

                              SHA256

                              aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                              SHA512

                              f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              b599db69f6b16b1814b95f675b0c3a2a

                              SHA1

                              cd6c3a7dc4064c28a6da8b71146ff9b20e99f175

                              SHA256

                              d2100951b52bf2d7c3943e90afaf5f3095654e6c32002c14fa5277008494b284

                              SHA512

                              4a550280e85d575b2845ab5b227674e24d6e94251e495d62b8cb85f4bde4dac659a8c1761cb0b6f2efe314f3e8362d62fb461367edaa5142ae3ddedb6ae623ee

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              a4a2789e6a9984af9aa37bad4b40af44

                              SHA1

                              031bd7b7aa8748768c872ae8029308f6470f9808

                              SHA256

                              30346270bb3f9595c5b7e08e094b47ea2346d0b6ceb907b31f4430c9c1ff7274

                              SHA512

                              ba77f5859b07612e72db32e4b14f735c3f53e176e740ee7649e9b3e098073233ff8f257f6a778c12ad733ba0bcf5ee6367c9186250ffbb85b5136834a478f747

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              10KB

                              MD5

                              9ce29b22eaa1400a9c2bcc091cdddeb6

                              SHA1

                              59d25799a692e036960829c0bf5e3f74da25a26f

                              SHA256

                              db8b8ea18a2e464a212bde548701eb952ee640e3b28591ac89feaa6300d31209

                              SHA512

                              92dacb7058b40e44ecaff36d35cdc07307de367f3ccfb7bd9e4b5547828197f5ff8d6a2b2f515b6008ebf3263b50780a8f88de03a9b3bf043339d2249516f640

                              Download Submit