Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
67s -
max time network
67s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
19/01/2025, 08:50
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4788 msedge.exe 4788 msedge.exe 2664 msedge.exe 2664 msedge.exe 2988 identity_helper.exe 2988 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2664 wrote to memory of 2652 2664 msedge.exe 85 PID 2664 wrote to memory of 2652 2664 msedge.exe 85 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 632 2664 msedge.exe 86 PID 2664 wrote to memory of 4788 2664 msedge.exe 87 PID 2664 wrote to memory of 4788 2664 msedge.exe 87 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88 PID 2664 wrote to memory of 3708 2664 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamtickets-20.com/s/KEJA21⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2664 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe262f46f8,0x7ffe262f4708,0x7ffe262f47182⤵PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9336935270362569897,6393669238649844036,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9336935270362569897,6393669238649844036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,9336935270362569897,6393669238649844036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:3708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9336935270362569897,6393669238649844036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9336935270362569897,6393669238649844036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9336935270362569897,6393669238649844036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵PID:4160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9336935270362569897,6393669238649844036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:82⤵PID:4168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9336935270362569897,6393669238649844036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9336935270362569897,6393669238649844036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:12⤵PID:3008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9336935270362569897,6393669238649844036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:2876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9336935270362569897,6393669238649844036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9336935270362569897,6393669238649844036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:3280
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2864
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1956
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7cb450b1315c63b1d5d89d98ba22da5
SHA1694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA25638355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8
-
Filesize
152B
MD537f660dd4b6ddf23bc37f5c823d1c33a
SHA11c35538aa307a3e09d15519df6ace99674ae428b
SHA2564e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize528B
MD5bb89e202375b29e3f66c0bac86742a5b
SHA1520d1b92f5b01091570e4a4f86bdf2c5f4e35e31
SHA25613688fc2c79b1aac018f7bae1ef86e4681f1c0a5bff226f7c79912af0a65af15
SHA51257e51d742e40852e72dd09b4daf3e6fcbc59054a5924263d19567d9ffc175c068066337526bd4bbe6224a4e46f863600b42a597633dea3fb66ccb66f38b3aabe
-
Filesize
1KB
MD55d5eb0b6736f2e7317841f06031d397a
SHA10286f3a9be0c9418fe23aeeaf7e7ddaba430458e
SHA256646b3b0bb884873e816d194cf624d00db7def6728d114a87b2309618f3868069
SHA5125b9559f599c42263c8cce0e77337cbb1b18c4d5c1d8932bec538728d7338a672e876d19ae70df4573f115f9b86bc2996cd22fd7184aa1c4f61541608738df96b
-
Filesize
6KB
MD54f81ce7c5eb0ada63f56bf894c553e55
SHA1459bbce741112943f61bbe52f06b0f2e1a847f8b
SHA25635ef1fec28a116d092e9a4c06df3646216cefd7e5592771a328dff0d792a924e
SHA512fec200fad3a3140a4586caf8cf1201731ae5931a7ccda8f870c1fca93121e71a21634acfe4ccafc5fc0faffd0ccaf015cea75afe02ab3371baae2c2b2c745d90
-
Filesize
6KB
MD5e3907bd776f23ebbd8daed8370a60ca8
SHA1e16bf1bfeecc39dec129d66526f994b5bf39cf06
SHA2566ca853dfb980c4362c0c3ab9df81f5defaaf3a47e551f89fa01fe93ffb9fb1e5
SHA5124d3c797cca57c4a2e1eb3ade53b970b2fa2dc8634c3d52fa8d243e031ef15f8cb3d79dfe2ed7ddd131fa64dc8b0005d3ee691f1ab901c9d46d87e6315c77dfb9
-
Filesize
5KB
MD5cad63a34a513b77b62ec643b5696af65
SHA1220dbc0783bff0be2e62949833086f8538a48eaa
SHA2566db016cd790b586f114da974172be3852e26db2fc92c0101f6496779d0f07d3e
SHA5127efd36e0afbf59313f98ec838976259b8d56c2a2e40db3b68277c5f924a5631a37ac5a1673996ac8c9c5c2b62f7dcb7fa6ecb939928d272142de73dbc7746b17
-
Filesize
866B
MD5f267c95f1069c7e38e901614970a59b9
SHA1085cec38a6bd1667fbc7c2ae718efb1afdcc9b93
SHA2561054eda031de9d1b020cc7c3282df26159082858a4c73481eed71aff039d8a94
SHA5120715750d0788d887e938e072f8d9d95b1ff269a91235ee097ddd410012a4bf812e7aa9727fdad18445bb76f063580cb4c0f1eb3df8c3cd103235420c057fca5d
-
Filesize
866B
MD513aab1adbd0ad124a4c6810287aa150d
SHA160c14dead379aab970267884dcefcbf89e9ff1f6
SHA256e9b0f666c219313a511f13225fe173c52e33ae42addee633cb7261b8442f5357
SHA5129dc147eb490b8b64f3beab90e1608f3eac89ed7b0dc0f80b2a5661ab83bb88b1d3033e1d4bc597aee2cf3938edda24302182c26fd7a88b5aa35a8f64320bdb49
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD509c9cb930b4c8a525c61d6f4ff831938
SHA15ab3ff5420e05110660675eb791fabbc0c531183
SHA256ad8f98b655158ca6c09b07fb1b41e46ac70295aebfeab1da5a6b9a34579f96fe
SHA512761f80922c72aaa38a306c33d96119138125da737f396f9a8b684583f7034d6bbe9418280e54e08a1bf1de5dbbfad1dd9c58d0af835711514944f3a19a697907
-
Filesize
10KB
MD5e63b6bd01a458b5648f1ecdcd5727477
SHA18fa835ac51492fb54b9f8b0a2046464c9a37c893
SHA256101216542624654647f279d087ac7ab2549d4548838b948419d8be785b8f1d1c
SHA512812218f86c7fdd2476267fd11d1f218e929a3d778482fba466d2a70606efedcddd792a20f304359ede6aeb2d93e64e496daf78145162c94886fb9d7e36844968
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84