Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
43s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
16/12/2024, 05:57
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 7 IoCs
pid Process 3068 msedge.exe 3068 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 2660 identity_helper.exe 2660 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 552 wrote to memory of 1468 552 msedge.exe 82 PID 552 wrote to memory of 1468 552 msedge.exe 82 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 4680 552 msedge.exe 83 PID 552 wrote to memory of 3068 552 msedge.exe 84 PID 552 wrote to memory of 3068 552 msedge.exe 84 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85 PID 552 wrote to memory of 5080 552 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steamcommunity.com/gift-card/pay/501⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:552 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff927b146f8,0x7ff927b14708,0x7ff927b147182⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3680444274286001727,10654852632477789136,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3680444274286001727,10654852632477789136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3680444274286001727,10654852632477789136,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:82⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3680444274286001727,10654852632477789136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:1904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3680444274286001727,10654852632477789136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3680444274286001727,10654852632477789136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵PID:3788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3680444274286001727,10654852632477789136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:82⤵PID:4036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3680444274286001727,10654852632477789136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3680444274286001727,10654852632477789136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:12⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3680444274286001727,10654852632477789136,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:12⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3680444274286001727,10654852632477789136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:12⤵PID:3008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3680444274286001727,10654852632477789136,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3680444274286001727,10654852632477789136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3680444274286001727,10654852632477789136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:12⤵PID:1076
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3416
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
Filesize
36KB
MD580c484a058ca2ae0f9bc62a38223d496
SHA18315360b781e7161b79df6bc8def9a66db7530a9
SHA256d7530b224b4842c08b3bd6e33a059d33cff50653f06b3080504785c6c3997c7a
SHA5125b3aa4494da9bed0fc7e7fefe00e8343e3e63322b7923bbb959a0d274716da283cbea5ebc4b59f4e508b8167c32479ffa3ce8b36465c6563bc20101aad9f8608
-
Filesize
121KB
MD52d64caa5ecbf5e42cbb766ca4d85e90e
SHA1147420abceb4a7fd7e486dddcfe68cda7ebb3a18
SHA256045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f
SHA512c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96
-
Filesize
119KB
MD557613e143ff3dae10f282e84a066de28
SHA188756cc8c6db645b5f20aa17b14feefb4411c25f
SHA25619b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA51294f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD52cd9352bec2fa5dec55ef99302bfe5a2
SHA1b24d76cd835f6bf2c6b5b8f99c28567c318d4404
SHA2562d90f1fce99e8b7c7449f91a3d9db5efb1f06223e62d2c825ebda8e762cb4ba3
SHA512f8235ff84cef093ab95270f97a9ea2bd457d5740bf94a59be47b97f32c837fcbb1596cce933fd587c839dd9e2bb81b6c1f40697d474786825aa04c4a9dbab98b
-
Filesize
819B
MD548b08c515ee792810e2f3fee0577f443
SHA1fb34b2fd5271ce99c38f1ae7e572d5a822c0979e
SHA256097fe88bb43e293bbd1367abe7da89094bc0ddea06eff707de04ed7ac7c2c580
SHA5120c69c4b12999e40f567915dade7d4541b4918a514fdd8643dbf7c73faa4c31fed99b34e45929d2808eb77eec19d2fa6d961739510718db3092f30bf7f8641a34
-
Filesize
6KB
MD5243da108c9e71010cdd72fed05386d37
SHA156b29185ee0ded6a85a1c24904a1a10366d633ac
SHA256999bc5745364e58934f818ba39e081dffb10ca5f731c30cb0ee25fa748210771
SHA5123b331577727a24ca4750731af529981d35fc0697dabf7023bcfa51c8c8b79ba0056d98e49a9156c22934ae69e23b67c5a97e2638a6534a6d89b31a48c2d36ae5
-
Filesize
5KB
MD5eddccdb12ef7571a921452aeafa95346
SHA1e769fff1f0bb4671bf2fe0c101eccb3735502511
SHA256f78a9da5e828c94d30f26132537896c62cf73f7edf46e2636e034c4d9d6dc588
SHA51205830ca29dfba0320f22d85469056044f840160943a1d6fd3c2afc0453469847fe41a28de525542c4a3bf2a68d52192ae045b9c757f4b6d56b7ff14fa9385f65
-
Filesize
7KB
MD54ab1620713b462809c478fc9a422752c
SHA12e97035cbf5a8372ecaeb6bed2653182e1f6193b
SHA2568b1aedd5880c6018e089888d61a2dd7a626dbe6e40c3f6bace687f312fe276da
SHA5123f919f12ecfaaed86475c68a5196d76c6427316d9e6fa6106393c8f9c7d6ba47918c60753d8e2102ab0080e14912c2c688f795cbab48bd41e530f6ff8233699e
-
Filesize
6KB
MD5c455dd3a4a992095e5864d3af87a692f
SHA1f9e55df0c0457559e73bd5489c16b230c32625fb
SHA256a8206ddaf9380c4dc1f47779ed9bebb45e4b07024d315aedccae587dc8271499
SHA5129f7e63655da8c07543ae1a2d731d82cdc59a298fff8e85b714d68cba574c9ec69d06ba41a19e3c07917f744826cae527b87c70b2dea297827cb36058a08dbc69
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5afc950e1da142c030c87074fc07388c7
SHA156a4c3c89f08da833a2086ef57fb91288da49f65
SHA256c1ef92c3f452c20e710a64e4e4cc45393790ffca8d0d733cac63dbbc16a13835
SHA512101a728bea55dfc6396e665a017176c749514ee70d331b66c1241f58e684aa98d6644c65a76fea4b81e096a0f7fab1276b3f714b2fe960d90018edd5e2046933
-
Filesize
10KB
MD596a115142781ddefc4cb4b59bf4d8127
SHA1a98f9eaa00cb4546fc60299638d683f8981b6c63
SHA25682ade9e8aafecffa2c4bc35ca9b6d783b032fdb2f09379be6d9b1b0217c4727e
SHA5127ff29197e6e64d027f76b6560c8e9b061af92e2f5a9818619f7fdbfedb5f074e54406b6f81f389eed41f7648917be85c5155871a9083a9776721f1c71cbdf2bc