Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
24/01/2025, 13:14
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://stemscommunity.com/activation/id=15615238573
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
https://stemscommunity.com/activation/id=15615238573
Resource
win11-20241007-en
General
Malware Config
Signatures
-
flow pid Process 24 2200 msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2200 msedge.exe 2200 msedge.exe 4988 msedge.exe 4988 msedge.exe 1060 identity_helper.exe 1060 identity_helper.exe 1620 msedge.exe 1620 msedge.exe 1620 msedge.exe 1620 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4988 wrote to memory of 4860 4988 msedge.exe 82 PID 4988 wrote to memory of 4860 4988 msedge.exe 82 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2032 4988 msedge.exe 83 PID 4988 wrote to memory of 2200 4988 msedge.exe 84 PID 4988 wrote to memory of 2200 4988 msedge.exe 84 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85 PID 4988 wrote to memory of 4460 4988 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://stemscommunity.com/activation/id=156152385731⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffb61b846f8,0x7ffb61b84708,0x7ffb61b847182⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,2535553234443949975,3245626421451227409,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:22⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,2535553234443949975,3245626421451227409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Detected potential entity reuse from brand STEAM.
- Suspicious behavior: EnumeratesProcesses
PID:2200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,2535553234443949975,3245626421451227409,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2535553234443949975,3245626421451227409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:1760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2535553234443949975,3245626421451227409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:12⤵PID:3936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2535553234443949975,3245626421451227409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵PID:3488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,2535553234443949975,3245626421451227409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,2535553234443949975,3245626421451227409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2535553234443949975,3245626421451227409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2535553234443949975,3245626421451227409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:3724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2535553234443949975,3245626421451227409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2535553234443949975,3245626421451227409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵PID:1268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,2535553234443949975,3245626421451227409,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5000 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1620
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:532
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4172
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56960857d16aadfa79d36df8ebbf0e423
SHA1e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA5126deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe
-
Filesize
152B
MD5f426165d1e5f7df1b7a3758c306cd4ae
SHA159ef728fbbb5c4197600f61daec48556fec651c1
SHA256b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA5128d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD524f7dffea857f0aacfd215f81097f5ff
SHA17145782bcb9bd708f7366f13902984d4956e0a34
SHA25606cdc5a34be8d0d283486e61168d715423d4147fce75c004fab0ba5cded645f1
SHA512dddf20b59be35a97694dd00f95738d9d19bebbdf9e5bd8d414f71afcc79b49f421f0c03704c2cc420ab412d64c8c365e4ac7d3189271987b762353bc4d0b48a2
-
Filesize
871B
MD5ba5b896bbf161b91bcb7a979dedbc065
SHA16c4c3372492695cc7124d126d75d1e7173462bc0
SHA25651dfd2e7ba10747e801321a342a072506a7522d79ed4d349cbe591a9f33c994d
SHA512eb542c4d55669386f7b101b01ad8a59965ee62df8dbc3919b0a1c1a28ab56a878dbdf9da5d5956730fab18edcf98c7bac2cbe5d4e4d4768c2724794ae13529ab
-
Filesize
6KB
MD54737f9b9c7f8f599d9efba204b675548
SHA1db5342e5107321f7b62ce70a7518920934909c61
SHA2564d4bd7a5a553eef809c889d653f32c4e93c60ba34f5f3fd2d08713385b7c34a0
SHA512fc6773227e17806dc8ffa047c342cf9204f3f3d9743c38dbbe80087055d9b59c80ba1c834ab38a3ab56aa9c1223dd004dee428877f538190f0ac09430c2dad22
-
Filesize
5KB
MD54f3aa2e80b4689169fef5ae1c5926b65
SHA1046cf53c28df1f29594e0951a6a396c88e14cc72
SHA2566155071d4e317617cf5bdebc37d199e189a8745651e42704a5e2bc815ae3acb3
SHA512002b6fd404808b6bb84aa34cc6e33f66893fc0dadeeedfdf378f5a182778030dfa4e2c050254356c768284c2824f7ff9a709b3935000d69b2fe361c722e56b56
-
Filesize
1KB
MD56a11e4e42ba212a5b42b04220b1e3e49
SHA1139a9ea4ce07ed8f87b2e4c448b7c79c0226bc11
SHA25642400e3ff5ab92893b0c47cbba565f6e11f8b84364cbe7c8fe044ec2d5b4d97f
SHA5127ebfb7692d43138cc6cb83888d46ec2b85c7b1b76643e70745e2ca9a045a9233a2ef1d366ae0b452992245dc2b09cac0f977d10a6abe4452501d4746e6e5f9ee
-
Filesize
1KB
MD51071e9e6d5cdf1e4f39d9d7f9b5851c5
SHA113f179f55a234d4707e1d02e9ef678e54fc43549
SHA256fd303973bfb003e0e760974e3cbae0b6575beb7c8bf9544dfa6e333f12219e93
SHA5120ace8fe1dcf3f0cbca07ced2152e25d6c5675ebad099d24c37db41b6abfa74419469b46e8b271f68a9ffff2e8fc020ee319cec3acc42cc4b3505382a2efb2d9d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD58770caa777f48205ec5db5871bb6fc19
SHA17e185d8de954617ba8ba0fd166e8ab24bb3cdf09
SHA256892fe46c53c2c52c99f196e169337a2db110b9b1848c5113ee4fec032c3a832e
SHA51222f77a9b7fc646db65cd22fb61f60d58f1447469838191cc17e1f4f162616fdd224a616472fa652781b93a9d53f9c59453985a10c737c69c4b1f783cbc811540