Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
51s -
max time network
49s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
24/01/2025, 19:07
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
flow pid Process 18 1532 msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1532 msedge.exe 1532 msedge.exe 4644 msedge.exe 4644 msedge.exe 1128 identity_helper.exe 1128 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe -
Suspicious use of FindShellTrayWindow 29 IoCs
pid Process 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe -
Suspicious use of SendNotifyMessage 28 IoCs
pid Process 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4644 wrote to memory of 4124 4644 msedge.exe 83 PID 4644 wrote to memory of 4124 4644 msedge.exe 83 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1040 4644 msedge.exe 84 PID 4644 wrote to memory of 1532 4644 msedge.exe 85 PID 4644 wrote to memory of 1532 4644 msedge.exe 85 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86 PID 4644 wrote to memory of 2320 4644 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://stermcommunity.com/gift/id=74659041⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4644 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa14a546f8,0x7ffa14a54708,0x7ffa14a547182⤵PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,7409174821349402339,5339558477292173027,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:1040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,7409174821349402339,5339558477292173027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Detected potential entity reuse from brand STEAM.
- Suspicious behavior: EnumeratesProcesses
PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,7409174821349402339,5339558477292173027,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:82⤵PID:2320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7409174821349402339,5339558477292173027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:3272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7409174821349402339,5339558477292173027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7409174821349402339,5339558477292173027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:12⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,7409174821349402339,5339558477292173027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,7409174821349402339,5339558477292173027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7409174821349402339,5339558477292173027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7409174821349402339,5339558477292173027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:12⤵PID:4912
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5012
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4408
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD585ba073d7015b6ce7da19235a275f6da
SHA1a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA2565ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3
-
Filesize
152B
MD57de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1010da169e15457c25bd80ef02d76a940c1210301
SHA2566e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD575ca48cbb779993bd12d050c7b48b109
SHA1890e3661ec6f87098101762b7140dce491954b7d
SHA256887a3e2c976d183ce3febe230d41f9d1bc78b5981a2e9f10c7f5f7c4d186bc8a
SHA512fb782250b52acd2636eed3bbcb6d1a9159bcbfcaebd1fc7108c6eef70d73903a9785145597739cd09ee84de0754ab2d3b778fbc40141f59119b5465edaa56725
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize576B
MD5256051f5bc752f66c58c37f88b9902c2
SHA1fca6a264bd54d04a4abf6d2235d398e15019a2c8
SHA2564b685f75befaf127498ad56aac3de4ffed3e1c6c81ec176ccb379af7eba01b12
SHA512528902ec8bf6067a8f253d7378631517ea4654ab3c46b50ab2d68b89cc0a4eeb2593b842211e992751bda933f2eb00be44ed116d0df287c8b37b828d5532bf8c
-
Filesize
5KB
MD5e7016dd3aa15356ab0518bc932ae8752
SHA1402e097495577d4c8a3f12d1196370a2a135dddd
SHA25666ec010b1dec6d23467168ec47211eb55e48d209e16242f2d4ca42ac3f4682be
SHA5121ca10ee3a8ca7eb86b2f23f8598471e34e56ff954b8be8ae2f731f3346c3604be904ce0b77f3e09cae4b362295b1198fa87e42873242ec365b0c4288feee692d
-
Filesize
6KB
MD50b85db45afd090662710f7097838d5c6
SHA1b6fdca46a5b0f8c4d65b2181f47293839fbabe67
SHA256fafd36d9dd3f6827d7fb2bfe0a8a9c08fa293291c9d4cfeaacb5f5dd7a6acfb5
SHA51207aa7c255f69fe5b349482e59b8e59fca0b34e7055d1d65ce3ca3a65e7fffb4fe04d96ca4c8e5bdfc8fc0487285ba9cb4577ac9a874b845e359c60879e4ce033
-
Filesize
6KB
MD5cb7128f6b0956e682009b5f33dfd085f
SHA19fb85ed1b1eb9bd0893cd5b09e6f56acaae09bb1
SHA25619c7bdb87fb1ae72774adeafeba5aa1d14a6244b73ec868e2579b4c89d3bca35
SHA512502b786edfaf74759df01f0e5776cdc92469d13b9e57c39fa1b742f75abada7c759299a643ede549bd34fb7f9d50e9bd5210c2e6fee2f4d935d283b56993314c
-
Filesize
6KB
MD592228a89000b77c981cede265ffd3723
SHA11faa6c19adf26270f190fc34fe78f52a732923e0
SHA256aa196087a1603bcdb7f79e5da5d26fd9a0f7ad6c012481498ef93fddb8431a53
SHA512ddc78ee6bebafe65a01e1be3bb278cf3447504174f45d9516c4d80058e5e8d873b458302b4a557b1430bead5dc82fe49373c1dfaaf5781dd2cda723ee857d22d
-
Filesize
874B
MD5581de71d9b66e8f656c208071c024ecd
SHA136ae27a93f4f05b61f670808bf8e41f0f181ee85
SHA25671a27f515010547d2c55fa2dcb116db74b97592a8d355025e148ba6455ca48d4
SHA512e9c067d6a58f030bd813fb9e64cb76c0357f82b71a99abb0b8923b5da36a13b6356675b8b96478e7688dec8cf7a7ef0272fbbdb63a0863d51db41cc0b345a8da
-
Filesize
707B
MD58026d051c0a7205940e38415a7c4732d
SHA18c479747aae3cae27d9814009c7d22046d0d4526
SHA25648c48f9afe306e26b7315ae3bc562ef7af7e796240049eea2cb5028e1267c061
SHA51278723e36f97bcad96d9977c3967e08fcc49b4c5328f0bbd7083f19ef6c465f97c8dab3225e4debf5cd42764bde0a9297497ae2009fbf8eccf832a3a4c51ab2be
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD54c8858c52e2b378e53e3e604fa2ffa42
SHA1c0d5f1bb4badd87cc20928e080a74533f484065c
SHA25693d1471af07d0be0e5850b1475c74b18af55d03af176f0ba6fb59a59609f4541
SHA512866a02a91e2f6bceb0ba860671366dc6356761c8189fdf5b88c05e44cf88b0547d86ee2a5eef13715dead8322d8aeaec8721e5851d390ed3c988a7470f364d09